Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.06.2012, 17:55   #1
shomg
 
Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Standard

Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"



Hallo!

Ich bin auf dieses Forum gestoßen, da ich mir gestern einen Trojaner eingefangen habe. Habe bereits viele Foren durchforstet und hoffe, dass ich bei euch Hilfe bekomme.

Folgendes Problem: Gestern öffnete sich die Datei "realtek_AC97" und wollte meine Zustimmung als Admin. Ich habe natürlich nicht zugestimmt. Das Fenster öffnete sich aber direkt nach meinem Schließen erneut und plötzlich ging das Chaos los: Error-Meldungen, Hardware-Fehlermeldungen - ich weiß leider nicht mehr alles auswendig. Ohne mein Zutun startete der PC neu (habe wireless gleich aus gemacht) und direkt nach dem Anmelden öffnete sich "data_recovery", was ich aber sofort stoppte, in der Angst es sei ein Virus. Trotz Windows-Logo war mir das zu unsicher. Mein Desktop wurde schwarz, komplett leer bis auf die Symbole Papierkorb, Internet und Computer - wenn ich auf "Start" klicke ist alles komplett leer, das C-Laufwerk ebenfalls. Es öffneten sich in Sekunden massig Fenster mit ein und derselben Fehlermeldung, ich habe bei allen auf "cancel" geklickt. Dies hat sich dann ca. 3x wiederholt, zwischendurch konnte ich für ein paar Minuten Malwarebytes drüberlaufen lassen, den Trojaner finden und in Quarantäne verschieben - dann war der PC auch schon wieder aus. Habe danach in den abgesicherten Modus gewechselt.

Wie schon erwähnt habe ich bereits Malwarebytes drüberlaufen lassen (kompletter Scan), dabei wurden 3x "trojan.fasagent" und 2x "PUM.Hijack.StartMenu" gefunden. Leider hab ich das Scan-Protokoll nicht gespeichert und die 5 infizierten Dateien bereits aus der Quarantäneliste entfernt. Ich hoffe nur, dass das kein Fehler war und mir trotzdem jemand weiterhelfen kann...

Als nächstes habe ich, wie hier im Forum empfohlen, den ESET Online Scanner verwendet, der weitere 3 Probleme aufgezeigt hat. Da empfohlen wurde bei "refund found threats" keinen Haken zu setzen, habe ich dies auch nicht getan. Das Ergebnis hab ich dann als Bild festgehalten, da ich mir nicht sicher war ob man was mit dieser Logdatei anfangen kann!? (Oder habe ich etwas falsch gemacht?) Ich hänge beides an.

Als absoluter Computerlaie bin ich sehr froh, dass ich mittlerweile weiß, dass die Dateien nicht verloren, sondern nur versteckt sind und ich habe auch schon testweise Ordner wieder sichtbar gemacht. Allerdings muss ich natürlich sichergehen, dass alle Schädlinge von meinem Laptop entfernt sind, erst dann kann ich wieder aufatmen!

Tausend Dank schon mal an denjenigen, der sich die Mühe macht mir zu helfen!!!


Habe mir auch OTL runtergeladen und den Scan gemacht:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.06.2012 17:43:14 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\mc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 35,79% Memory free
6,19 Gb Paging File | 4,02 Gb Available in Paging File | 64,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,67 Gb Total Space | 40,65 Gb Free Space | 18,34% Space Free | Partition Type: NTFS
 
Computer Name: MC-PC | User Name: mc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1761F956-E6BA-4116-9083-488932E63EC5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3B90ECF1-8298-4243-8F0D-E65C071077A2}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{4C3C08B3-CFB1-45F2-A093-7D7373D424F4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{71CBF9FC-BDA1-4CCE-BB11-9091F2B2D87B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7E08DE09-E457-4662-9BD9-4C66D0BC86DD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8689166D-180F-4A30-9DB0-F5DB3AD1E123}" = lport=138 | protocol=17 | dir=in | app=system | 
"{94A4FF1B-372F-45D3-BA79-74B505A224A8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{9BA1E26E-872C-4BB0-A87A-960E4598B8CD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AFBC1C0E-33C5-44E3-8E0B-8AA86CFEF50C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B519BBA9-DECD-4407-93B3-CC05CBBCC02C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B55656A4-931D-4145-9A59-70FA1F89B524}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{BA17942E-12F3-4153-AA77-6FFA36B1B167}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{BFF3B81D-1B08-4449-98A7-46FB6CB441F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CC3FA29B-C405-4B2B-84E0-416802DFCDB5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E456EDE2-CAC1-4340-BC21-8A946E8AA443}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{F37EEAE7-DA8F-497A-9615-6E07ED9F8A41}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02337E85-E1D4-43CF-9E5C-89FAB4690CD7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{027D9138-5BF2-4F01-8854-DB6BCD871E62}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{066C05F2-FC33-4846-A8CD-1405D7D4C26F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{091EF9D1-9FDE-490E-8819-D0C8788E6A96}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A90B39B-C84A-42A3-A8C6-0F6A4694A898}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{0B6E696D-868C-40C0-8671-9A48B5005FF9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0BD4C115-AB9E-4303-8E45-342E64413A1A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C5D2394-8924-41B9-8A6F-B2FFDDABEB15}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0DD0374B-116D-41E6-9D30-F9D7086ECB0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{10F7D976-C490-4008-BBC6-B71F403628AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14B5972A-E04C-4829-A5F5-385930230E09}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{15A5C43C-44FA-4937-83BD-3CBF03EAFCF6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{177BD224-5087-40A2-BDB4-429BB325481B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{1B6F8B83-7AE7-4087-96AF-14478B69CABE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1BD8480D-C502-4D6D-89A3-CE4554411FF8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1C716B9D-F281-4230-956A-B5D06E4357E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{226511F6-6373-495B-9EF3-F0F77CD0EAED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{233BB4FF-F6C4-4F31-B45F-FC3EB3E652A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{26EB29C6-50F4-4069-A11D-8B75DCA19EFD}" = dir=in | app=c:\users\mc\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{27588B78-2646-437F-B532-0FB2B946579B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A11D828-261C-46F8-8C6E-7151C43F7DCD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2B611690-B002-4A69-BF67-51377E114D05}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F11A139-D9FE-42C1-999A-2EF1C5A1EC1A}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{2FF6C347-C8A2-47D6-A09B-34B15D8E703F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{316A59A5-6D94-401C-911B-B23D47538118}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3586879C-194C-4815-ADF7-8072EBB9A5B3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3E8EC0BD-9603-48C5-937B-46999B082943}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3FD19A8D-B230-4E25-B113-84E0312D1FB0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{40DB305C-A405-4DB8-A98F-A481302C1938}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{420818D4-CB76-4B48-ABE7-8489C120A2D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4343A8D9-4855-40FB-948F-B5BE1908D0FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{44014A9B-58BA-4688-A2DB-4ACBA0D3CD97}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{47F05510-F2A8-48D1-9D67-B9807BE62996}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{516F28A1-8366-4F16-A0B4-8877B2C9A0A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{53959474-CD55-45DC-A49E-5B78AD906F28}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{584519E0-A051-417B-8A82-036E2697D00C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5E568CAC-F86D-4957-A036-EBC6151910F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6138917F-67E3-4E70-97ED-D0648BB7492B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{62239022-9CE0-4A48-9C34-B00814DC2C67}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{62990C1F-A6F5-42BF-9380-75482F43BF65}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{648DBB2F-022C-4429-A275-6707904DECBA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{659A58D6-3202-4235-A4F4-A6C8D361C41C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{659D04E6-E717-4582-8E9F-32DC084F0F29}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{65EADE7C-2B1F-4337-A275-5D6FD82296C1}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{67E0EF5B-DEE8-4887-AF64-2A00A62AC380}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6A457E67-F097-4F2B-960B-76D3414DC907}" = protocol=6 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6B24878D-0117-48FB-BF53-5573EC8B0D3F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6F033B96-8FAE-42E3-A952-3A8382847154}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6FE14C12-7F0C-46F6-9BF5-C835D5D6422C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{711B7E29-F8DB-4C4E-ABE2-14DF88EE79D7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7584CF03-1609-4F7A-AD9E-1DFF2DF32129}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{78406A40-2E36-48E3-BEFB-0A320290B66C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7905501E-F55C-423D-9AA4-1E87DA260E2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79360B19-052B-4C74-9833-F27A17C37A49}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{7D023F94-6D92-4831-B4D2-280088840022}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{804E9340-9130-4932-A101-FA1768C363EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{80EEF737-FC11-47ED-A3B7-A047B4E10189}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{8457C3E3-750D-4179-8E8A-6D35F8406270}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{848250FC-AA63-441B-BAD8-F0D3B69B9870}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8627DE6B-85D6-427F-8EEC-E2EF1427544D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BD46282-7AD5-41BB-8748-7AAA25CAC0A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8DFA1374-C80F-4C1B-B656-2BD69C385FEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{955D0650-B496-42DE-8092-26C278663095}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96B41203-0DD2-46A7-8D35-7B8DC214F0D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96D95C90-02F4-4876-9EEB-D51AAAD80C41}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{99FB6BDD-D76F-4DBD-B513-DF49554E247D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B7E82FC-B317-4C93-8D86-6B5C42DC5EFE}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{9C636E5A-B0B3-495B-9CA7-7F046DC5189E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E4F1880-16BA-49B8-81C5-A21D30A48BD9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9F1DC365-1964-4761-83EA-3B2DE5BB9E5E}" = protocol=17 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A26EAE68-5BEA-4EB6-9B98-56D1EA42B0E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A289EE51-4B9D-4816-87AE-B8BB8EA0AA3B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A2D686DC-68D9-4C28-AD68-A56ED38D1440}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACD61E54-53F4-4BB7-94EB-6A7679B0983A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE3FFABA-CFEC-4E1F-AF1C-3E55A7E0D09F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B1E38E6A-3522-4FEC-85FD-3DDBB8C6763C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B323A888-F7DE-4D4E-85BF-2B0D37802F31}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B4DF2CD0-FF57-47DF-B00F-ADD5F361D5EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB754DCE-578B-49E6-B7B4-E4778C6C7310}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BD0EEDB1-736D-4247-9A05-CDBFDA2FA0E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF01FC21-73BE-4DDD-9C6E-BFF210F3EB46}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C02F8D15-A724-460A-83A6-07A5AAE7E70A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C0F7094A-0D9E-419B-B6AD-4551BE9EF3A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C1179CBD-2651-4BC4-A877-4221F87C19D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C684F43A-AE49-4ED9-AB02-D965B05BCAEE}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{DA922811-D85C-4357-A20E-6DEDBD8FD52D}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{DF4B40DA-56F7-4BB2-B10E-0C685257710C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E174DDAC-722E-4462-818C-B3A1B4F052BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E8D9FF68-2043-44AF-82F5-0339F963CA5C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F24DB7B0-9096-4D3F-8ABC-2FA2D5A3E7B4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F32D319C-A4CD-4D4A-8EFF-F6F8ADB995DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F549DF55-78EF-42AB-B50D-6EDBB6FA49F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F70BFBF9-9477-4D3C-9918-C2B5E03C1454}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{F90A2363-7397-41B5-AE49-C248CDB31EE8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FA7716F6-1683-4815-9A59-F05579876F6C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FB93830D-9421-4FFF-B21D-FABE07678843}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FDD2D203-EC31-426E-AA81-702D02B5BE02}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{2DD87E9C-8C9E-4D68-A038-1A50EADA87FB}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe | 
"TCP Query User{54B864DE-BDD9-4DFE-B1B9-F3891E1C920E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{6C3590BF-BD98-4733-95EB-154EE19E4CE3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{708334D8-2489-4840-8032-563D3B800E26}C:\program files\map&guide\map&guide base\bin\mgbase.exe" = protocol=6 | dir=in | app=c:\program files\map&guide\map&guide base\bin\mgbase.exe | 
"TCP Query User{7C2F1A56-E482-491C-8CD6-4A8B34CEC332}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{8296D31C-F463-4929-9DCA-38250D56CFC2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{982143ED-7AE9-46AF-BF8F-8BC81EFAB6C9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{CE018111-BD8C-45D3-9910-58E3AFCAD6B6}C:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{E2C4B350-0596-4137-ACEA-E2440651023E}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"TCP Query User{FFF908E4-1360-47F9-AD64-EB9EF7A9BC6F}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe | 
"UDP Query User{0AEDFDB3-D3F4-4474-BA24-CBD599A59BF8}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"UDP Query User{1FB6F7EB-3B75-4168-AF89-8961100F062E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4F6BCD17-1723-4016-9B90-ECE72BE62CED}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe | 
"UDP Query User{5E609DA9-0F7F-4292-A276-BF7CC5F7FAFD}C:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{6A5E8D14-08E1-4CE2-A476-69E7849F1CD4}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{893A5B32-214C-48CE-9129-398957E61F5A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{A5D27D68-CB22-4F22-9562-6239DC077216}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{CFC74CC0-D0F8-43FB-8387-79DF1BCF2F04}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe | 
"UDP Query User{D4724282-2CE8-41BE-AB52-C216FEC04638}C:\program files\map&guide\map&guide base\bin\mgbase.exe" = protocol=17 | dir=in | app=c:\program files\map&guide\map&guide base\bin\mgbase.exe | 
"UDP Query User{D966CAAB-D641-4607-9904-7DC916ADBCFE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{018F8F57-B46B-B9B9-C452-DE8F5618434F}" = Catalyst Control Center Graphics Full Existing
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07C93E59-2DE3-1565-28A9-8C848B26D0F5}" = CCC Help German
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A6F9244-8C79-1296-3A43-097F67EB666A}" = Catalyst Control Center Localization Dutch
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1790FDA2-938F-C886-8988-1ECB74E45517}" = Catalyst Control Center Localization Norwegian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C815731-19F3-0770-8776-D78D6BEBC291}" = Catalyst Control Center Localization Hungarian
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EC06E70-BE43-DAAA-A217-E5C98869B1F8}" = Catalyst Control Center Localization Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{252E50FD-F27C-C8DD-C9E2-D2845A2DC399}" = ATI Catalyst Install Manager
"{25BA8D5A-228A-7192-6FA1-890D9F1C679F}" = CCC Help Korean
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B311FB9-5B6A-328C-D7AE-2445D639D886}" = CCC Help Norwegian
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D333C7C-102B-F474-9524-72AAA3F292B8}" = Catalyst Control Center Localization Danish
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4415B0E6-B266-49C3-B501-FFEF76C3D71B}" = Google Advertising Cookie Opt-out
"{4529BC6B-16AE-6829-4946-36C33DBF8DD1}" = Catalyst Control Center Localization French
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4EBFAB00-674D-27E3-91B0-3BAA73FC6FA6}" = Bamboo Dock
"{51B833D8-66B0-4E72-92B9-4E4977EF37F2}" = WD Drive Manager (x86)
"{527EB2A4-BF51-B1B6-3F09-2032A861548E}" = Catalyst Control Center Graphics Light
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{55C0F7C1-8B6D-CBBD-2B88-EE7261A87254}" = CCC Help Greek
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = 
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{629FD96D-5877-0832-2D31-0EFE781F870D}" = CCC Help Portuguese
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{652C5DED-9B9F-93D0-5E94-931B8C38EF0E}" = Catalyst Control Center Localization Thai
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6A54CB6A-59D1-6A3A-08F3-E34ECF8905A9}" = Catalyst Control Center Graphics Previews Vista
"{6AA6EEA5-BF09-932B-AC25-0E9CCA4B709A}" = CCC Help Danish
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C4EF0CA-A9DD-96CF-B722-CCDEB589DD26}" = Catalyst Control Center Localization Chinese Traditional
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{711D43D7-24FE-A2B7-CC52-A48BCAAF3926}" = Catalyst Control Center Graphics Previews Common
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73496381-83C9-7BE6-6EB6-4CF97C00E5FD}" = CCC Help Polish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79BBD55C-9FF6-D496-8AE6-E2EC2829F974}" = Catalyst Control Center Localization Czech
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CC28423-465C-F4B9-9379-343DF715BE62}" = CCC Help Swedish
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"{80828DF5-270E-F8E6-6274-55ACA4C7E229}" = Catalyst Control Center Localization Japanese
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84037798-D63A-F5CA-9FB2-829B362BF712}" = CCC Help Finnish
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8470A1D9-536E-C7C1-AE2D-24B739B1665A}" = Catalyst Control Center Localization Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{882683C6-8B60-5CBC-38A8-55ED185FD975}" = CCC Help Turkish
"{8843C5E1-51E5-DFA6-1AD8-757C8DCA7E37}" = CCC Help Russian
"{88C596E4-6882-8E76-EBEF-AB739F5A3B69}" = Catalyst Control Center Localization Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8C467DE1-6E04-0888-B281-172909C96F37}" = Skins
"{8C7FB08D-7A84-22E0-F553-F6B827023E17}" = CCC Help Chinese Traditional
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{925936AC-9C9A-4897-874B-60961AAB6D52}" = Disc2Phone
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93F32124-BB54-C599-CF55-E1E57565BCE3}" = CCC Help Czech
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96C951BB-47C8-8497-78F0-7D8D328B58E3}" = Catalyst Control Center Localization Portuguese
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99D8CD4E-A5D2-A9DF-A152-B28EB5A71F85}" = Catalyst Control Center Localization German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939F952-1C7E-CBF8-EE77-CFBD9C6A4ECC}" = ccc-core-static
"{AA75988E-9EC1-EECE-CE00-D5D935974528}" = CCC Help Dutch
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{ACB5FD4A-6C58-972C-180C-9677C037E71D}" = Catalyst Control Center Localization Chinese Standard
"{ADBDB038-FF77-C672-04A1-7A0E67E8C73C}" = Catalyst Control Center Core Implementation
"{ADECE95F-585D-8B33-BF50-53C2BDA1E241}" = Catalyst Control Center Localization Korean
"{AE0FBCB5-3193-4583-C6CB-AA96F307EA70}" = ccc-utility
"{AFF10119-F154-4888-77F3-B149DE987976}" = Catalyst Control Center Localization Polish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4
"{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C767EE67-9AA4-1CBF-8FD4-87F52CBB041D}" = CCC Help Italian
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8E57F8C-64FE-28D7-0F65-7BE87AF49745}" = Catalyst Control Center Graphics Full New
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C93F4E7C-1B31-449B-A304-EF277CF55E39}" = Catalyst Control Center - Branding
"{CAE07D54-A400-DAF9-912B-306DD941B61C}" = Catalyst Control Center Localization Finnish
"{CB6CF566-E06F-2556-55EF-EE149FC6EE7F}" = CCC Help French
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D355ECA7-DBF5-F22E-4E1A-BF69CFC5CED8}" = CCC Help Japanese
"{D44DF260-2D5A-3277-97D6-C97D1A806CF5}" = CCC Help Thai
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D7019E24-BF07-3690-18C7-3D0DE87D09AB}" = CCC Help Chinese Standard
"{D7FFE7EB-1A15-864C-B335-E768BF623B84}" = Catalyst Control Center Localization Swedish
"{DE1F799A-0A02-FF3B-8786-195E91D0DE94}" = CCC Help Spanish
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E31010F6-DE18-0E9F-E028-FC709306C6F1}" = Catalyst Control Center Localization Turkish
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4100
"{E5BD6683-301D-B224-FB7C-320299CD51F9}" = CCC Help Hungarian
"{E9730C7A-E5DA-8222-45FE-2D71E810BE46}" = Catalyst Control Center Localization Spanish
"{EA39F1F5-D4A1-C02A-0865-7F6A95A33A56}" = CCC Help English
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AuralogComponentsUninstall9.exe" = AuralogComponentsUninstall9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bamboo Dock" = Bamboo Dock 3.3
"Canon MP510 Benutzerregistrierung" = Canon MP510 Benutzerregistrierung
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup" = DivX-Setup
"dt icon module" = 
"DVDx_is1" = DVDx
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla" = FileZilla (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Dub_is1" = Free Audio Dub version 1.7.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.15
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"gtfirstboot Setting Request" = 
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MarketingTools" = VAIO Marketing Tools
"McAfee Security Scan" = McAfee Security Scan Plus
"MFU Module" = 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MPE" = MyPhoneExplorer
"Pamela" = Pamela Basic 4.0
"Pen Tablet Driver" = Bamboo
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Sony Ericsson Update Service
"VAIO Help and Support" = 
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"InstallShield_{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.04.2011 20:34:01 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 20.04.2011 20:51:24 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 20.04.2011 21:00:06 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 20.04.2011 21:00:06 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 20.04.2011 21:12:38 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 20.04.2011 21:12:40 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 20.04.2011 21:13:10 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 20.04.2011 21:13:13 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 21.04.2011 05:53:05 | Computer Name = mc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MemeoBackup.exe, Version 2.0.0.0, Zeitstempel
 0x46b24a7d, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
 Ausnahmecode 0xc0000374, Fehleroffset 0x000b06fc,  Prozess-ID 0x15c8, Anwendungsstartzeit
 01cbffb30aaab34e.
 
Error - 23.04.2011 10:36:12 | Computer Name = mc-PC | Source = Application Hang | ID = 1002
Description = Programm realplay.exe, Version 11.0.0.674 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 1790  Anfangszeit: 01cc01c38ab76110  Zeitpunkt der
 Beendigung: 50
 
[ OSession Events ]
Error - 21.06.2009 09:48:11 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.06.2009 09:48:56 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.03.2010 02:23:00 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 251182
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 01.06.2010 11:24:15 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 598
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.03.2009 12:44:06 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 30.03.2009 13:01:44 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 31.03.2009 03:04:46 | Computer Name = mc-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2009 um 09:03:34 unerwartet heruntergefahren.
 
Error - 31.03.2009 03:04:59 | Computer Name = mc-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 31.03.2009 03:05:31 | Computer Name = mc-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.03.2009 03:07:01 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 31.03.2009 07:38:47 | Computer Name = mc-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2009 um 13:36:24 unerwartet heruntergefahren.
 
Error - 31.03.2009 07:39:00 | Computer Name = mc-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 31.03.2009 07:39:50 | Computer Name = mc-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.03.2009 08:18:47 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description = 
 
 
< End of report >
         
--- --- ---



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.06.2012 17:43:14 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\mc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 35,79% Memory free
6,19 Gb Paging File | 4,02 Gb Available in Paging File | 64,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,67 Gb Total Space | 40,65 Gb Free Space | 18,34% Space Free | Partition Type: NTFS
 
Computer Name: MC-PC | User Name: mc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mc\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Bamboo Dock\BambooCore.exe ()
PRC - C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe ()
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\System32\ieconfig_1und1_svc.exe (mquadr.at softwareengineering und consulting gmbh)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Pamela\Pamela.exe (Pamela-Systems)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
PRC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mspaint.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Windows\System32\ieconfig_1und1.dll ()
MOD - C:\Programme\Bamboo Dock\BambooCore.exe ()
MOD - C:\Programme\Tablet\Pen\libxml2.dll ()
MOD - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll ()
MOD - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe ()
MOD - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll ()
MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Programme\Pamela\crashrpt.dll ()
MOD - C:\Programme\Pamela\zlib.dll ()
MOD - C:\Programme\Pamela\lng.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (serviceIEConfig) -- C:\Windows\System32\ieconfig_1und1_svc.exe (mquadr.at softwareengineering und consulting gmbh)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Adobe Version Cue CS4) -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (NSUService) -- C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCFw) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Programme\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Programme\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Programme\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WDBtnMgrSvc.exe) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AutoSyncService) -- C:\Programme\Memeo\AutoSync\MemeoService.exe (Memeo)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (wacomvhid) -- system32\DRIVERS\wacomvhid.sys File not found
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\System32\drivers\s217unic.sys (MCCI)
DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s217mgmt.sys (MCCI Corporation)
DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation)
DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation)
DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation)
DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation)
DRV - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\System32\drivers\s115bus.sys (MCCI Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) -- C:\Windows\System32\drivers\s716unic.sys (MCCI Corporation)
DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation)
DRV - (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) -- C:\Windows\System32\drivers\s716nd5.sys (MCCI Corporation)
DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation)
DRV - (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s716mgmt.sys (MCCI Corporation)
DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation)
DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0}
IE - HKLM\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0}
IE - HKCU\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" = 
IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKCU\..\SearchScopes\{53FC9A4E-9CB0-4B81-9478-6029599E1608}: "URL" = hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.ebaysuche&s_brand=webde&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-5/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{A44D4BF4-79B7-4933-93FC-8C7BC9F378C1}: "URL" = hxxp://go.web.de/suchbox/ie_amazon/?keywords={searchTerms}
IE - HKCU\..\SearchScopes\{D8BEB828-74DA-4CA6-93A8-F7D6F897D385}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.7.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\mc\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.02 19:31:37 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.12 17:12:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.05 13:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.05 13:14:41 | 000,000,000 | ---D | M]
 
[2008.12.17 10:17:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mc\AppData\Roaming\mozilla\Extensions
[2012.06.05 13:09:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions
[2011.12.24 15:41:06 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.24 15:41:17 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.04 17:09:52 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.24 15:39:37 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.12.24 15:41:14 | 000,000,000 | -H-D | M] (WEB.DE Toolbar) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\toolbar@web.de
[2012.06.05 13:09:12 | 000,000,950 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-1.xml
[2011.12.20 20:35:01 | 000,000,950 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-2.xml
[2011.12.20 20:35:51 | 000,000,950 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-3.xml
[2011.12.24 15:41:28 | 000,000,950 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-4.xml
[2012.06.05 12:59:24 | 000,000,950 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-5.xml
[2012.06.05 13:16:36 | 000,000,950 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-6.xml
[2011.12.18 14:29:14 | 000,000,168 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.gif
[2011.12.18 14:29:14 | 000,000,618 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.src
[2010.12.28 01:00:08 | 000,000,944 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.xml
[2012.06.05 13:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.16 11:37:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.10.15 17:40:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.12 17:12:39 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.06.05 13:14:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.18 19:16:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.05 13:14:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.05 13:14:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.05 13:14:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.05 13:14:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.05 13:14:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.05 13:14:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2012.02.10 15:19:52 | 000,441,283 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15169 more lines...
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Programme\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (WEB.DE Browser Configuration) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [pamela.exe] C:\Program Files\Pamela\pamela.exe (Pamela-Systems)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - Startup: C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\mc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 120.105 ([194.94] http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([http] in Vertrauenswürdige Sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.182 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CBD709C-B947-41DA-B806-F629716B6F70}: DhcpNameServer = 80.69.100.182 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989642EC-EEDC-4410-AFA9-1EB2B3B39409}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFFB8361-4CEE-4516-B144-ED21856A9864}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCB0A9D0-05AD-4A90-9C7C-06497781FE78}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\mc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\mc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{227e8917-ddb0-11df-ba6f-e8ec86ab2a75}\Shell - "" = AutoRun
O33 - MountPoints2\{227e8917-ddb0-11df-ba6f-e8ec86ab2a75}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\{49420ade-0c25-11df-a1d8-00214f4ba1fd}\Shell - "" = AutoRun
O33 - MountPoints2\{49420ade-0c25-11df-a1d8-00214f4ba1fd}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{49420ae6-0c25-11df-a1d8-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{49420ae6-0c25-11df-a1d8-001e101f21c1}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c2ec354-0dbb-11df-baba-001e101f3534}\Shell - "" = AutoRun
O33 - MountPoints2\{8c2ec354-0dbb-11df-baba-001e101f3534}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a93c2e66-ecab-11df-bc4c-e69db9e92d93}\Shell - "" = AutoRun
O33 - MountPoints2\{a93c2e66-ecab-11df-bc4c-e69db9e92d93}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{e7db0ace-057d-11de-8f2f-001dba8b5c03}\Shell - "" = AutoRun
O33 - MountPoints2\{e7db0ace-057d-11de-8f2f-001dba8b5c03}\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = wd_windows_tools\WDEULA.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.11 14:28:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe
[2012.06.11 11:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.10 21:46:23 | 000,000,000 | -H-D | C] -- C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.06.10 13:03:41 | 000,000,000 | ---D | C] -- C:\Users\mc\Desktop\technische zeichnungen
[2012.06.05 13:15:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Mozilla
[2012.06.05 13:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[11 C:\Users\mc\Desktop\*.tmp files -> C:\Users\mc\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.11 18:02:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.11 18:02:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.11 17:58:38 | 000,061,620 | ---- | M] () -- C:\Users\mc\Desktop\ESET Online Scanner.jpg
[2012.06.11 17:17:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 17:17:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 16:54:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000UA.job
[2012.06.11 14:28:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe
[2012.06.11 11:17:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.11 00:02:22 | 000,632,502 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.11 00:02:22 | 000,599,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.11 00:02:22 | 000,127,714 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.11 00:02:22 | 000,105,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.10 23:55:03 | 3218,120,704 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.10 23:19:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.10 21:55:44 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-7mVIvHaEUJBdTb
[2012.06.10 21:55:31 | 000,000,256 | -H-- | M] () -- C:\ProgramData\7mVIvHaEUJBdTb
[2012.06.10 21:46:30 | 000,000,128 | -H-- | M] () -- C:\ProgramData\-7mVIvHaEUJBdTbr
[2012.06.10 21:46:24 | 000,000,607 | -H-- | M] () -- C:\Users\mc\Desktop\Data_Recovery.lnk
[2012.06.10 21:45:44 | 000,250,880 | -H-- | M] () -- C:\ProgramData\7mVIvHaEUJBdTb.exe
[2012.06.10 19:54:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000Core.job
[2012.06.10 12:42:22 | 000,046,048 | ---- | M] () -- C:\Users\mc\Desktop\these_funny_animals_968_640_13[1].jpg
[2012.06.10 12:42:19 | 000,038,196 | ---- | M] () -- C:\Users\mc\Desktop\these_funny_animals_966_640_06[1].jpg
[2012.06.09 21:49:37 | 000,038,079 | ---- | M] () -- C:\Users\mc\Desktop\6,h=493_bild.jpg
[2012.06.08 13:21:41 | 000,109,530 | ---- | M] () -- C:\Users\mc\Desktop\MissyFront.pdf
[2012.06.08 13:21:30 | 000,109,342 | ---- | M] () -- C:\Users\mc\Desktop\MissyBack.pdf
[2012.06.08 10:41:36 | 000,514,390 | ---- | M] () -- C:\Users\mc\Desktop\DSC00803.jpg
[2012.06.06 13:58:40 | 000,042,470 | ---- | M] () -- C:\Users\mc\Desktop\9007267975192236_37HAI7WK_c.jpg
[2012.06.04 13:02:33 | 000,008,188 | -H-- | M] () -- C:\Users\mc\AppData\Local\d3d9caps.dat
[2012.06.02 11:41:06 | 000,051,200 | -H-- | M] () -- C:\Users\mc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.16 22:40:51 | 002,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[11 C:\Users\mc\Desktop\*.tmp files -> C:\Users\mc\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.11 17:58:37 | 000,061,620 | ---- | C] () -- C:\Users\mc\Desktop\ESET Online Scanner.jpg
[2012.06.10 23:55:03 | 3218,120,704 | -HS- | C] () -- C:\hiberfil.sys
[2012.06.10 21:46:30 | 000,000,128 | -H-- | C] () -- C:\ProgramData\-7mVIvHaEUJBdTbr
[2012.06.10 21:46:30 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-7mVIvHaEUJBdTb
[2012.06.10 21:46:24 | 000,000,607 | -H-- | C] () -- C:\Users\mc\Desktop\Data_Recovery.lnk
[2012.06.10 21:46:11 | 000,000,256 | -H-- | C] () -- C:\ProgramData\7mVIvHaEUJBdTb
[2012.06.10 21:45:44 | 000,250,880 | -H-- | C] () -- C:\ProgramData\7mVIvHaEUJBdTb.exe
[2012.06.10 12:42:18 | 000,046,048 | ---- | C] () -- C:\Users\mc\Desktop\these_funny_animals_968_640_13[1].jpg
[2012.06.10 12:42:18 | 000,038,196 | ---- | C] () -- C:\Users\mc\Desktop\these_funny_animals_966_640_06[1].jpg
[2012.06.09 21:50:20 | 000,038,079 | ---- | C] () -- C:\Users\mc\Desktop\6,h=493_bild.jpg
[2012.06.08 17:50:28 | 000,514,390 | ---- | C] () -- C:\Users\mc\Desktop\DSC00803.jpg
[2012.06.08 13:21:39 | 000,109,530 | ---- | C] () -- C:\Users\mc\Desktop\MissyFront.pdf
[2012.06.08 13:21:27 | 000,109,342 | ---- | C] () -- C:\Users\mc\Desktop\MissyBack.pdf
[2012.06.06 13:58:51 | 000,042,470 | ---- | C] () -- C:\Users\mc\Desktop\9007267975192236_37HAI7WK_c.jpg
[2012.06.05 13:15:21 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.02.13 17:37:03 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.03.30 02:45:40 | 001,431,120 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1.dll
[2011.03.11 00:00:29 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2010.12.07 14:34:27 | 000,000,379 | ---- | C] () -- C:\Windows\System32\Pen_Tablet.dat
[2010.11.02 22:42:38 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0

< End of report >
         
--- --- ---
Miniaturansicht angehängter Grafiken
Alle Dateien versteckt - Befall mit &quot;trojan.fasagent&quot; und &quot;PUM.Hijack.StartMenu&quot;-eset-online-scanner.jpg  
Angehängte Dateien
Dateityp: txt log.txt (76 Bytes, 200x aufgerufen)

Geändert von shomg (11.06.2012 um 18:20 Uhr)

Alt 12.06.2012, 21:37   #2
shomg
 
Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Unglücklich

Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"



Hallo!

Da ich nicht wusste, dass die Logdateien auch gespeichert bleiben wenn man die infizierten Dateien aus der Quarantäne gelöscht hat, werde ich die nun nachträglich einfügen. Ich musste, wie schon erwähnt, mehrere Durchläufe starten, da der PC zwischendurch abstürzte.

Ich hoffe sehr, dass mir jemand weiterhelfen kann, trotz des Entfernens der Schädlinge hat sich der Zustand meines PCs nicht verbessert und ich bin durch mein Studium auf das tägliche Arbeiten mit Grafikprogrammen angewiesen...



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.10.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
mc :: MC-PC [Administrator]

Schutz: Aktiviert

10.06.2012 21:58:20
mbam-log-2012-06-10 (21-58-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 56658
Laufzeit: 13 Minute(n), 47 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 1
C:\ProgramData\aduvSVmcxm.exe (Trojan.Fasagent) -> 1636 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|aduvSVmcxm.exe (Trojan.Fasagent) -> Daten: C:\ProgramData\aduvSVmcxm.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\aduvSVmcxm.exe (Trojan.Fasagent) -> Löschen bei Neustart.

(Ende)
         

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.10.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
mc :: MC-PC [Administrator]

Schutz: Aktiviert

10.06.2012 22:40:08
mbam-log-2012-06-10 (22-40-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 244065
Laufzeit: 18 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\mc\AppData\Local\Temp\TOqmiIZIvAKfx9.exe.tmp (Trojan.Fasagent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.10.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
mc :: MC-PC [Administrator]

Schutz: Aktiviert

11.06.2012 00:05:21
mbam-log-2012-06-11 (00-05-21).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 491942
Laufzeit: 2 Stunde(n), 49 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________


Alt 14.06.2012, 19:24   #3
shomg
 
Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Standard

Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"



Hallo,

da hier steht, dass man sich nochmal melden soll, wenn nach 3 Tagen keine Antwort gekommen ist, mache ich das hiermit..hoffe nach wie vor, dass mir jemand von euch helfen kann! Danke!
__________________

Alt 14.06.2012, 22:08   #4
kira
/// Helfer-Team
 
Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Standard

Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Zitat:
Falls treten folgende Symptome auf:
Ordner sind leer, unter Startmenü Programme fehlen etc., dieses Tool bietet dir die Lösung:
<Achtung!>: Wenn Dateien etc, die absichtlich von Dir verborgen waren, also unter eigenschaften versteckt eingestellt hast, musst Du wieder auszublenden, nachdem das Tool ausgeführt wird.

Zitat:
Alles wieder sichtbar? Bitte kontrolliere es und berichte mir genau über den Zustand!
2.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

4.
► berichte in welchem Zustand dein System momentan sich befindet? kurz aber genau...

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 14.06.2012, 23:43   #5
shomg
 
Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Standard

Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"



Vielen Dank, dass du dich gemeldet hast!

Ich habe alles nach deinen Anweisungen ausgeführt.

1. Es ist, soweit ich das erkennen kann, alles wieder sichtbar! Bei manchen Programmen wird in der Schnellstartleiste das Icon nicht angezeigt.

2. OTL:
Code:
ATTFilter
OTL logfile created on: 14.06.2012 23:36:51 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\mc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 40,26% Memory free
6,19 Gb Paging File | 4,28 Gb Available in Paging File | 69,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,67 Gb Total Space | 41,88 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
 
Computer Name: MC-PC | User Name: mc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.11 14:28:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe
PRC - [2012.05.08 22:04:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 22:04:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 22:04:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 22:04:38 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.03 22:19:06 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011.11.30 01:06:29 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011.09.28 11:48:17 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe
PRC - [2011.09.08 18:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe
PRC - [2011.09.08 18:48:34 | 003,281,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchUser.exe
PRC - [2011.09.08 18:48:34 | 001,485,176 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TabletUser.exe
PRC - [2011.09.08 18:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe
PRC - [2011.05.25 11:31:23 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.05.23 09:09:30 | 000,431,616 | ---- | M] (Sony Ericsson) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2010.12.13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010.09.22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009.04.12 10:46:22 | 000,662,416 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) -- C:\Windows\System32\ieconfig_1und1_svc.exe
PRC - [2009.04.11 08:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.12.04 12:53:24 | 006,997,504 | ---- | M] (Pamela-Systems) -- C:\Programme\Pamela\Pamela.exe
PRC - [2008.08.06 18:06:44 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008.08.06 18:06:42 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe
PRC - [2008.07.30 16:05:22 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\NSUService.exe
PRC - [2008.07.30 16:05:22 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\LANUtil.exe
PRC - [2008.07.18 13:14:24 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008.07.15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008.07.15 18:04:08 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008.06.20 08:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008.06.11 19:46:10 | 000,866,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2008.05.22 14:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.04.03 20:03:38 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ISB Utility\ISBMgr.exe
PRC - [2008.02.23 02:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe
PRC - [2008.02.23 02:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe
PRC - [2008.02.23 02:38:49 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe
PRC - [2008.01.30 05:52:22 | 000,106,496 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008.01.30 05:50:26 | 000,438,272 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008.01.21 04:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.16 23:27:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll
MOD - [2012.05.16 23:27:46 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
MOD - [2012.05.16 23:27:42 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
MOD - [2012.05.16 23:27:35 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
MOD - [2012.05.16 23:27:33 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
MOD - [2012.05.16 23:25:50 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll
MOD - [2012.05.16 23:25:22 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012.05.16 23:24:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.16 22:54:49 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.16 22:53:40 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
MOD - [2012.05.16 22:52:41 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
MOD - [2012.05.16 22:46:03 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.16 22:44:28 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.12.10 05:00:34 | 001,431,120 | ---- | M] () -- C:\Windows\System32\ieconfig_1und1.dll
MOD - [2011.09.28 11:48:17 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe
MOD - [2011.09.08 18:48:36 | 000,962,936 | ---- | M] () -- C:\Programme\Tablet\Pen\libxml2.dll
MOD - [2010.12.17 11:33:12 | 000,204,800 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll
MOD - [2010.12.13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
MOD - [2010.12.13 10:58:50 | 000,047,616 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll
MOD - [2010.07.28 11:39:19 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2009.12.09 08:54:50 | 000,495,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll
MOD - [2009.03.30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.27 17:39:29 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2008.12.04 12:53:27 | 000,710,656 | ---- | M] () -- C:\Programme\Pamela\crashrpt.dll
MOD - [2008.12.04 12:53:27 | 000,053,760 | ---- | M] () -- C:\Programme\Pamela\zlib.dll
MOD - [2008.12.04 12:53:25 | 000,856,064 | ---- | M] () -- C:\Programme\Pamela\lng.dll
MOD - [2008.08.11 12:52:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2008.08.11 12:51:59 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
MOD - [2008.07.30 02:12:31 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.05 13:14:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 22:04:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 22:04:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.09.08 18:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 18:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009.04.12 10:46:22 | 000,662,416 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) [Auto | Running] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2009.01.14 01:54:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008.08.06 18:06:42 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008.07.30 16:05:22 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008.07.18 13:14:24 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008.07.15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008.06.20 08:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008.06.19 08:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008.06.11 23:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008.06.11 23:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008.05.22 14:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008.05.22 14:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008.05.20 19:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008.05.20 19:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008.05.20 19:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008.05.20 01:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008.05.20 01:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008.05.20 01:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.01.30 05:52:22 | 000,106,496 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.06 18:28:44 | 000,031,768 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Programme\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService)
SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wacomvhid.sys -- (wacomvhid)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.08 22:04:45 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 22:04:45 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.12 12:34:19 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.11.12 12:34:19 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.28 01:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009.07.09 19:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009.06.29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009.04.09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.07.30 02:12:26 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.07.11 16:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008.06.28 02:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.06.28 02:11:39 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.06.21 02:03:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008.05.16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.03.10 13:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008.02.23 02:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.01.25 04:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.11.02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV - [2007.11.02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)
DRV - [2007.11.02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex)
DRV - [2007.11.02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV - [2007.11.02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007.11.02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV - [2007.11.02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007.04.24 12:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.24 12:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007.04.24 12:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007.04.24 12:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007.04.24 12:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007.04.23 16:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.23 16:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007.04.23 16:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007.04.23 16:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007.04.23 16:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.04.04 13:43:38 | 000,098,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716unic.sys -- (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM)
DRV - [2007.04.04 13:43:36 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716obex.sys -- (s716obex)
DRV - [2007.04.04 13:43:36 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716nd5.sys -- (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS)
DRV - [2007.04.04 13:43:34 | 000,108,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mdm.sys -- (s716mdm)
DRV - [2007.04.04 13:43:34 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mgmt.sys -- (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.04 13:43:32 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mdfl.sys -- (s716mdfl)
DRV - [2007.04.04 13:43:20 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716bus.sys -- (s716bus) Sony Ericsson Device 716 driver (WDM)
DRV - [2007.02.16 21:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0}
IE - HKLM\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0}
IE - HKCU\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" = 
IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKCU\..\SearchScopes\{53FC9A4E-9CB0-4B81-9478-6029599E1608}: "URL" = hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.ebaysuche&s_brand=webde&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-5/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{A44D4BF4-79B7-4933-93FC-8C7BC9F378C1}: "URL" = hxxp://go.web.de/suchbox/ie_amazon/?keywords={searchTerms}
IE - HKCU\..\SearchScopes\{D8BEB828-74DA-4CA6-93A8-F7D6F897D385}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.7.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\mc\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.02 19:31:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.12 17:12:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.05 13:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.05 13:14:41 | 000,000,000 | ---D | M]
 
[2008.12.17 10:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mc\AppData\Roaming\mozilla\Extensions
[2012.06.05 13:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions
[2011.12.24 15:41:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.24 15:41:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.04 17:09:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.24 15:39:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.12.24 15:41:14 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\toolbar@web.de
[2012.06.05 13:09:12 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-1.xml
[2011.12.20 20:35:01 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-2.xml
[2011.12.20 20:35:51 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-3.xml
[2011.12.24 15:41:28 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-4.xml
[2012.06.05 12:59:24 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-5.xml
[2012.06.05 13:16:36 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-6.xml
[2011.12.18 14:29:14 | 000,000,168 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.gif
[2011.12.18 14:29:14 | 000,000,618 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.src
[2010.12.28 01:00:08 | 000,000,944 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.xml
[2012.06.05 13:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.16 11:37:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.10.15 17:40:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.12 17:12:39 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.06.05 13:14:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.18 19:16:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.05 13:14:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.05 13:14:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.05 13:14:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.05 13:14:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.05 13:14:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.05 13:14:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2012.02.10 15:19:52 | 000,441,283 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15169 more lines...
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Programme\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (WEB.DE Browser Configuration) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [pamela.exe] C:\Program Files\Pamela\pamela.exe (Pamela-Systems)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\mc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 120.105 ([194.94] http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([http] in Vertrauenswürdige Sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.182 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CBD709C-B947-41DA-B806-F629716B6F70}: DhcpNameServer = 80.69.100.182 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989642EC-EEDC-4410-AFA9-1EB2B3B39409}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFFB8361-4CEE-4516-B144-ED21856A9864}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCB0A9D0-05AD-4A90-9C7C-06497781FE78}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\mc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\mc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{227e8917-ddb0-11df-ba6f-e8ec86ab2a75}\Shell - "" = AutoRun
O33 - MountPoints2\{227e8917-ddb0-11df-ba6f-e8ec86ab2a75}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\{49420ade-0c25-11df-a1d8-00214f4ba1fd}\Shell - "" = AutoRun
O33 - MountPoints2\{49420ade-0c25-11df-a1d8-00214f4ba1fd}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{49420ae6-0c25-11df-a1d8-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{49420ae6-0c25-11df-a1d8-001e101f21c1}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c2ec354-0dbb-11df-baba-001e101f3534}\Shell - "" = AutoRun
O33 - MountPoints2\{8c2ec354-0dbb-11df-baba-001e101f3534}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a93c2e66-ecab-11df-bc4c-e69db9e92d93}\Shell - "" = AutoRun
O33 - MountPoints2\{a93c2e66-ecab-11df-bc4c-e69db9e92d93}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{e7db0ace-057d-11de-8f2f-001dba8b5c03}\Shell - "" = AutoRun
O33 - MountPoints2\{e7db0ace-057d-11de-8f2f-001dba8b5c03}\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = wd_windows_tools\WDEULA.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.14 23:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.06.14 23:14:24 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\mc\Desktop\unhide.exe
[2012.06.14 22:34:43 | 003,862,112 | ---- | C] (Piriform Ltd) -- C:\Users\mc\Desktop\ccsetup319.exe
[2012.06.11 14:28:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe
[2012.06.11 11:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.10 21:46:23 | 000,000,000 | ---D | C] -- C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.06.10 13:03:41 | 000,000,000 | ---D | C] -- C:\Users\mc\Desktop\technische zeichnungen
[2012.06.05 13:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.05 13:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[11 C:\Users\mc\Desktop\*.tmp files -> C:\Users\mc\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.14 23:14:25 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\mc\Desktop\unhide.exe
[2012.06.14 23:02:13 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.14 22:54:09 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000UA.job
[2012.06.14 22:34:45 | 003,862,112 | ---- | M] (Piriform Ltd) -- C:\Users\mc\Desktop\ccsetup319.exe
[2012.06.14 22:08:37 | 000,632,502 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.14 22:08:37 | 000,599,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.14 22:08:37 | 000,127,714 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.14 22:08:37 | 000,105,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.14 22:01:52 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.14 22:01:48 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 22:01:48 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 22:00:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 22:00:50 | 3216,044,032 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.12 23:37:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.11 19:54:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000Core.job
[2012.06.11 17:58:38 | 000,061,620 | ---- | M] () -- C:\Users\mc\Desktop\ESET Online Scanner.jpg
[2012.06.11 14:28:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe
[2012.06.10 21:55:44 | 000,000,000 | ---- | M] () -- C:\ProgramData\-7mVIvHaEUJBdTb
[2012.06.10 21:55:31 | 000,000,256 | ---- | M] () -- C:\ProgramData\7mVIvHaEUJBdTb
[2012.06.10 21:46:30 | 000,000,128 | ---- | M] () -- C:\ProgramData\-7mVIvHaEUJBdTbr
[2012.06.10 12:42:19 | 000,038,196 | ---- | M] () -- C:\Users\mc\Desktop\these_funny_animals_966_640_06[1].jpg
[2012.06.09 21:49:37 | 000,038,079 | ---- | M] () -- C:\Users\mc\Desktop\6,h=493_bild.jpg
[2012.06.08 13:21:41 | 000,109,530 | ---- | M] () -- C:\Users\mc\Desktop\MissyFront.pdf
[2012.06.08 13:21:30 | 000,109,342 | ---- | M] () -- C:\Users\mc\Desktop\MissyBack.pdf
[2012.06.08 10:41:36 | 000,514,390 | ---- | M] () -- C:\Users\mc\Desktop\DSC00803.jpg
[2012.06.06 13:58:40 | 000,042,470 | ---- | M] () -- C:\Users\mc\Desktop\9007267975192236_37HAI7WK_c.jpg
[2012.06.04 13:02:33 | 000,008,188 | ---- | M] () -- C:\Users\mc\AppData\Local\d3d9caps.dat
[2012.06.02 11:41:06 | 000,051,200 | ---- | M] () -- C:\Users\mc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.16 22:40:51 | 002,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[11 C:\Users\mc\Desktop\*.tmp files -> C:\Users\mc\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.11 17:58:37 | 000,061,620 | ---- | C] () -- C:\Users\mc\Desktop\ESET Online Scanner.jpg
[2012.06.10 23:55:03 | 3216,044,032 | -HS- | C] () -- C:\hiberfil.sys
[2012.06.10 21:46:30 | 000,000,128 | ---- | C] () -- C:\ProgramData\-7mVIvHaEUJBdTbr
[2012.06.10 21:46:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\-7mVIvHaEUJBdTb
[2012.06.10 21:46:11 | 000,000,256 | ---- | C] () -- C:\ProgramData\7mVIvHaEUJBdTb
[2012.06.10 12:42:18 | 000,038,196 | ---- | C] () -- C:\Users\mc\Desktop\these_funny_animals_966_640_06[1].jpg
[2012.06.09 21:50:20 | 000,038,079 | ---- | C] () -- C:\Users\mc\Desktop\6,h=493_bild.jpg
[2012.06.08 17:50:28 | 000,514,390 | ---- | C] () -- C:\Users\mc\Desktop\DSC00803.jpg
[2012.06.08 13:21:39 | 000,109,530 | ---- | C] () -- C:\Users\mc\Desktop\MissyFront.pdf
[2012.06.08 13:21:27 | 000,109,342 | ---- | C] () -- C:\Users\mc\Desktop\MissyBack.pdf
[2012.06.06 13:58:51 | 000,042,470 | ---- | C] () -- C:\Users\mc\Desktop\9007267975192236_37HAI7WK_c.jpg
[2012.06.05 13:15:21 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.02.13 17:37:03 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.03.30 02:45:40 | 001,431,120 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1.dll
[2011.03.11 00:00:29 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2010.12.07 14:34:27 | 000,000,379 | ---- | C] () -- C:\Windows\System32\Pen_Tablet.dat
[2010.11.02 22:42:38 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
 
========== LOP Check ==========
 
[2011.10.07 14:00:20 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\1&1 Mail & Media GmbH
[2008.12.26 14:30:59 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\AD ON Multimedia
[2012.05.01 11:53:08 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Applian FLV and Media Player
[2010.01.28 18:04:02 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Bytemobile
[2009.07.26 14:17:55 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Canon
[2009.02.24 02:28:30 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\com.adobe.ExMan
[2010.10.25 16:56:26 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.06.10 21:52:42 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Dropbox
[2011.02.11 18:11:23 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\DVDVideoSoft
[2010.09.22 20:29:29 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.11 00:00:00 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\HaCon
[2010.07.23 13:55:14 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\ICQ
[2011.05.27 12:30:10 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\IrfanView
[2009.02.16 13:14:44 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Leadertech
[2008.12.28 15:32:06 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Mobile Master
[2011.09.12 21:41:35 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\MyPhoneExplorer
[2009.03.20 19:13:16 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Pamela
[2009.07.12 21:52:10 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\ScanSoft
[2010.11.02 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Sony
[2010.03.07 20:45:00 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Teleca
[2010.01.28 18:04:54 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Vodafone
[2010.01.28 21:13:18 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Vodafone Mobile Connect
[2010.10.01 21:43:39 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Wacom
[2010.10.01 21:43:42 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010.10.01 19:41:39 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\WTouch
[2012.06.11 19:54:02 | 000,000,894 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000Core.job
[2012.06.14 22:54:09 | 000,000,916 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000UA.job
[2012.06.12 23:37:33 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 14.06.2012 23:36:51 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\mc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 40,26% Memory free
6,19 Gb Paging File | 4,28 Gb Available in Paging File | 69,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,67 Gb Total Space | 41,88 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
 
Computer Name: MC-PC | User Name: mc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1761F956-E6BA-4116-9083-488932E63EC5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3B90ECF1-8298-4243-8F0D-E65C071077A2}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{4C3C08B3-CFB1-45F2-A093-7D7373D424F4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{71CBF9FC-BDA1-4CCE-BB11-9091F2B2D87B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7E08DE09-E457-4662-9BD9-4C66D0BC86DD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8689166D-180F-4A30-9DB0-F5DB3AD1E123}" = lport=138 | protocol=17 | dir=in | app=system | 
"{94A4FF1B-372F-45D3-BA79-74B505A224A8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{9BA1E26E-872C-4BB0-A87A-960E4598B8CD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AFBC1C0E-33C5-44E3-8E0B-8AA86CFEF50C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B519BBA9-DECD-4407-93B3-CC05CBBCC02C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B55656A4-931D-4145-9A59-70FA1F89B524}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{BA17942E-12F3-4153-AA77-6FFA36B1B167}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{BFF3B81D-1B08-4449-98A7-46FB6CB441F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CC3FA29B-C405-4B2B-84E0-416802DFCDB5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E456EDE2-CAC1-4340-BC21-8A946E8AA443}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{F37EEAE7-DA8F-497A-9615-6E07ED9F8A41}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02337E85-E1D4-43CF-9E5C-89FAB4690CD7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{027D9138-5BF2-4F01-8854-DB6BCD871E62}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{066C05F2-FC33-4846-A8CD-1405D7D4C26F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{091EF9D1-9FDE-490E-8819-D0C8788E6A96}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A90B39B-C84A-42A3-A8C6-0F6A4694A898}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{0B6E696D-868C-40C0-8671-9A48B5005FF9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0BD4C115-AB9E-4303-8E45-342E64413A1A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C5D2394-8924-41B9-8A6F-B2FFDDABEB15}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0DD0374B-116D-41E6-9D30-F9D7086ECB0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{10F7D976-C490-4008-BBC6-B71F403628AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14B5972A-E04C-4829-A5F5-385930230E09}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{15A5C43C-44FA-4937-83BD-3CBF03EAFCF6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{177BD224-5087-40A2-BDB4-429BB325481B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{1B6F8B83-7AE7-4087-96AF-14478B69CABE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1BD8480D-C502-4D6D-89A3-CE4554411FF8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1C716B9D-F281-4230-956A-B5D06E4357E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{226511F6-6373-495B-9EF3-F0F77CD0EAED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{233BB4FF-F6C4-4F31-B45F-FC3EB3E652A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{26EB29C6-50F4-4069-A11D-8B75DCA19EFD}" = dir=in | app=c:\users\mc\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{27588B78-2646-437F-B532-0FB2B946579B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A11D828-261C-46F8-8C6E-7151C43F7DCD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2B611690-B002-4A69-BF67-51377E114D05}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F11A139-D9FE-42C1-999A-2EF1C5A1EC1A}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{2FF6C347-C8A2-47D6-A09B-34B15D8E703F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{316A59A5-6D94-401C-911B-B23D47538118}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3586879C-194C-4815-ADF7-8072EBB9A5B3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3E8EC0BD-9603-48C5-937B-46999B082943}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3FD19A8D-B230-4E25-B113-84E0312D1FB0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{40DB305C-A405-4DB8-A98F-A481302C1938}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{420818D4-CB76-4B48-ABE7-8489C120A2D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4343A8D9-4855-40FB-948F-B5BE1908D0FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{44014A9B-58BA-4688-A2DB-4ACBA0D3CD97}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{47F05510-F2A8-48D1-9D67-B9807BE62996}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{516F28A1-8366-4F16-A0B4-8877B2C9A0A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{53959474-CD55-45DC-A49E-5B78AD906F28}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{584519E0-A051-417B-8A82-036E2697D00C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5E568CAC-F86D-4957-A036-EBC6151910F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6138917F-67E3-4E70-97ED-D0648BB7492B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{62239022-9CE0-4A48-9C34-B00814DC2C67}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{62990C1F-A6F5-42BF-9380-75482F43BF65}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{648DBB2F-022C-4429-A275-6707904DECBA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{659A58D6-3202-4235-A4F4-A6C8D361C41C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{659D04E6-E717-4582-8E9F-32DC084F0F29}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{65EADE7C-2B1F-4337-A275-5D6FD82296C1}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{67E0EF5B-DEE8-4887-AF64-2A00A62AC380}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6A457E67-F097-4F2B-960B-76D3414DC907}" = protocol=6 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6B24878D-0117-48FB-BF53-5573EC8B0D3F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6F033B96-8FAE-42E3-A952-3A8382847154}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6FE14C12-7F0C-46F6-9BF5-C835D5D6422C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{711B7E29-F8DB-4C4E-ABE2-14DF88EE79D7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7584CF03-1609-4F7A-AD9E-1DFF2DF32129}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{78406A40-2E36-48E3-BEFB-0A320290B66C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7905501E-F55C-423D-9AA4-1E87DA260E2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79360B19-052B-4C74-9833-F27A17C37A49}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{7D023F94-6D92-4831-B4D2-280088840022}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{804E9340-9130-4932-A101-FA1768C363EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{80EEF737-FC11-47ED-A3B7-A047B4E10189}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{8457C3E3-750D-4179-8E8A-6D35F8406270}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{848250FC-AA63-441B-BAD8-F0D3B69B9870}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8627DE6B-85D6-427F-8EEC-E2EF1427544D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BD46282-7AD5-41BB-8748-7AAA25CAC0A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8DFA1374-C80F-4C1B-B656-2BD69C385FEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{955D0650-B496-42DE-8092-26C278663095}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96B41203-0DD2-46A7-8D35-7B8DC214F0D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96D95C90-02F4-4876-9EEB-D51AAAD80C41}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{99FB6BDD-D76F-4DBD-B513-DF49554E247D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B7E82FC-B317-4C93-8D86-6B5C42DC5EFE}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{9C636E5A-B0B3-495B-9CA7-7F046DC5189E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E4F1880-16BA-49B8-81C5-A21D30A48BD9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9F1DC365-1964-4761-83EA-3B2DE5BB9E5E}" = protocol=17 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A26EAE68-5BEA-4EB6-9B98-56D1EA42B0E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A289EE51-4B9D-4816-87AE-B8BB8EA0AA3B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A2D686DC-68D9-4C28-AD68-A56ED38D1440}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACD61E54-53F4-4BB7-94EB-6A7679B0983A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE3FFABA-CFEC-4E1F-AF1C-3E55A7E0D09F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B1E38E6A-3522-4FEC-85FD-3DDBB8C6763C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B323A888-F7DE-4D4E-85BF-2B0D37802F31}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B4DF2CD0-FF57-47DF-B00F-ADD5F361D5EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB754DCE-578B-49E6-B7B4-E4778C6C7310}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BD0EEDB1-736D-4247-9A05-CDBFDA2FA0E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF01FC21-73BE-4DDD-9C6E-BFF210F3EB46}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C02F8D15-A724-460A-83A6-07A5AAE7E70A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C0F7094A-0D9E-419B-B6AD-4551BE9EF3A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C1179CBD-2651-4BC4-A877-4221F87C19D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C684F43A-AE49-4ED9-AB02-D965B05BCAEE}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{DA922811-D85C-4357-A20E-6DEDBD8FD52D}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{DF4B40DA-56F7-4BB2-B10E-0C685257710C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E174DDAC-722E-4462-818C-B3A1B4F052BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E8D9FF68-2043-44AF-82F5-0339F963CA5C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F24DB7B0-9096-4D3F-8ABC-2FA2D5A3E7B4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F32D319C-A4CD-4D4A-8EFF-F6F8ADB995DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F549DF55-78EF-42AB-B50D-6EDBB6FA49F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F70BFBF9-9477-4D3C-9918-C2B5E03C1454}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{F90A2363-7397-41B5-AE49-C248CDB31EE8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FA7716F6-1683-4815-9A59-F05579876F6C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FB93830D-9421-4FFF-B21D-FABE07678843}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FDD2D203-EC31-426E-AA81-702D02B5BE02}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{2DD87E9C-8C9E-4D68-A038-1A50EADA87FB}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe | 
"TCP Query User{54B864DE-BDD9-4DFE-B1B9-F3891E1C920E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{6C3590BF-BD98-4733-95EB-154EE19E4CE3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{708334D8-2489-4840-8032-563D3B800E26}C:\program files\map&guide\map&guide base\bin\mgbase.exe" = protocol=6 | dir=in | app=c:\program files\map&guide\map&guide base\bin\mgbase.exe | 
"TCP Query User{7C2F1A56-E482-491C-8CD6-4A8B34CEC332}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{8296D31C-F463-4929-9DCA-38250D56CFC2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{982143ED-7AE9-46AF-BF8F-8BC81EFAB6C9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{CE018111-BD8C-45D3-9910-58E3AFCAD6B6}C:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{E2C4B350-0596-4137-ACEA-E2440651023E}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"TCP Query User{FFF908E4-1360-47F9-AD64-EB9EF7A9BC6F}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe | 
"UDP Query User{0AEDFDB3-D3F4-4474-BA24-CBD599A59BF8}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"UDP Query User{1FB6F7EB-3B75-4168-AF89-8961100F062E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4F6BCD17-1723-4016-9B90-ECE72BE62CED}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe | 
"UDP Query User{5E609DA9-0F7F-4292-A276-BF7CC5F7FAFD}C:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{6A5E8D14-08E1-4CE2-A476-69E7849F1CD4}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{893A5B32-214C-48CE-9129-398957E61F5A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{A5D27D68-CB22-4F22-9562-6239DC077216}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{CFC74CC0-D0F8-43FB-8387-79DF1BCF2F04}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe | 
"UDP Query User{D4724282-2CE8-41BE-AB52-C216FEC04638}C:\program files\map&guide\map&guide base\bin\mgbase.exe" = protocol=17 | dir=in | app=c:\program files\map&guide\map&guide base\bin\mgbase.exe | 
"UDP Query User{D966CAAB-D641-4607-9904-7DC916ADBCFE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{018F8F57-B46B-B9B9-C452-DE8F5618434F}" = Catalyst Control Center Graphics Full Existing
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07C93E59-2DE3-1565-28A9-8C848B26D0F5}" = CCC Help German
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A6F9244-8C79-1296-3A43-097F67EB666A}" = Catalyst Control Center Localization Dutch
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1790FDA2-938F-C886-8988-1ECB74E45517}" = Catalyst Control Center Localization Norwegian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C815731-19F3-0770-8776-D78D6BEBC291}" = Catalyst Control Center Localization Hungarian
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EC06E70-BE43-DAAA-A217-E5C98869B1F8}" = Catalyst Control Center Localization Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{252E50FD-F27C-C8DD-C9E2-D2845A2DC399}" = ATI Catalyst Install Manager
"{25BA8D5A-228A-7192-6FA1-890D9F1C679F}" = CCC Help Korean
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B311FB9-5B6A-328C-D7AE-2445D639D886}" = CCC Help Norwegian
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D333C7C-102B-F474-9524-72AAA3F292B8}" = Catalyst Control Center Localization Danish
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4415B0E6-B266-49C3-B501-FFEF76C3D71B}" = Google Advertising Cookie Opt-out
"{4529BC6B-16AE-6829-4946-36C33DBF8DD1}" = Catalyst Control Center Localization French
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4EBFAB00-674D-27E3-91B0-3BAA73FC6FA6}" = Bamboo Dock
"{51B833D8-66B0-4E72-92B9-4E4977EF37F2}" = WD Drive Manager (x86)
"{527EB2A4-BF51-B1B6-3F09-2032A861548E}" = Catalyst Control Center Graphics Light
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{55C0F7C1-8B6D-CBBD-2B88-EE7261A87254}" = CCC Help Greek
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = 
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{629FD96D-5877-0832-2D31-0EFE781F870D}" = CCC Help Portuguese
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{652C5DED-9B9F-93D0-5E94-931B8C38EF0E}" = Catalyst Control Center Localization Thai
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6A54CB6A-59D1-6A3A-08F3-E34ECF8905A9}" = Catalyst Control Center Graphics Previews Vista
"{6AA6EEA5-BF09-932B-AC25-0E9CCA4B709A}" = CCC Help Danish
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C4EF0CA-A9DD-96CF-B722-CCDEB589DD26}" = Catalyst Control Center Localization Chinese Traditional
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{711D43D7-24FE-A2B7-CC52-A48BCAAF3926}" = Catalyst Control Center Graphics Previews Common
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73496381-83C9-7BE6-6EB6-4CF97C00E5FD}" = CCC Help Polish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79BBD55C-9FF6-D496-8AE6-E2EC2829F974}" = Catalyst Control Center Localization Czech
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CC28423-465C-F4B9-9379-343DF715BE62}" = CCC Help Swedish
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"{80828DF5-270E-F8E6-6274-55ACA4C7E229}" = Catalyst Control Center Localization Japanese
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84037798-D63A-F5CA-9FB2-829B362BF712}" = CCC Help Finnish
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8470A1D9-536E-C7C1-AE2D-24B739B1665A}" = Catalyst Control Center Localization Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{882683C6-8B60-5CBC-38A8-55ED185FD975}" = CCC Help Turkish
"{8843C5E1-51E5-DFA6-1AD8-757C8DCA7E37}" = CCC Help Russian
"{88C596E4-6882-8E76-EBEF-AB739F5A3B69}" = Catalyst Control Center Localization Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8C467DE1-6E04-0888-B281-172909C96F37}" = Skins
"{8C7FB08D-7A84-22E0-F553-F6B827023E17}" = CCC Help Chinese Traditional
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{925936AC-9C9A-4897-874B-60961AAB6D52}" = Disc2Phone
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93F32124-BB54-C599-CF55-E1E57565BCE3}" = CCC Help Czech
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96C951BB-47C8-8497-78F0-7D8D328B58E3}" = Catalyst Control Center Localization Portuguese
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99D8CD4E-A5D2-A9DF-A152-B28EB5A71F85}" = Catalyst Control Center Localization German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939F952-1C7E-CBF8-EE77-CFBD9C6A4ECC}" = ccc-core-static
"{AA75988E-9EC1-EECE-CE00-D5D935974528}" = CCC Help Dutch
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{ACB5FD4A-6C58-972C-180C-9677C037E71D}" = Catalyst Control Center Localization Chinese Standard
"{ADBDB038-FF77-C672-04A1-7A0E67E8C73C}" = Catalyst Control Center Core Implementation
"{ADECE95F-585D-8B33-BF50-53C2BDA1E241}" = Catalyst Control Center Localization Korean
"{AE0FBCB5-3193-4583-C6CB-AA96F307EA70}" = ccc-utility
"{AFF10119-F154-4888-77F3-B149DE987976}" = Catalyst Control Center Localization Polish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4
"{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C767EE67-9AA4-1CBF-8FD4-87F52CBB041D}" = CCC Help Italian
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8E57F8C-64FE-28D7-0F65-7BE87AF49745}" = Catalyst Control Center Graphics Full New
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C93F4E7C-1B31-449B-A304-EF277CF55E39}" = Catalyst Control Center - Branding
"{CAE07D54-A400-DAF9-912B-306DD941B61C}" = Catalyst Control Center Localization Finnish
"{CB6CF566-E06F-2556-55EF-EE149FC6EE7F}" = CCC Help French
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D355ECA7-DBF5-F22E-4E1A-BF69CFC5CED8}" = CCC Help Japanese
"{D44DF260-2D5A-3277-97D6-C97D1A806CF5}" = CCC Help Thai
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D7019E24-BF07-3690-18C7-3D0DE87D09AB}" = CCC Help Chinese Standard
"{D7FFE7EB-1A15-864C-B335-E768BF623B84}" = Catalyst Control Center Localization Swedish
"{DE1F799A-0A02-FF3B-8786-195E91D0DE94}" = CCC Help Spanish
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E31010F6-DE18-0E9F-E028-FC709306C6F1}" = Catalyst Control Center Localization Turkish
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4100
"{E5BD6683-301D-B224-FB7C-320299CD51F9}" = CCC Help Hungarian
"{E9730C7A-E5DA-8222-45FE-2D71E810BE46}" = Catalyst Control Center Localization Spanish
"{EA39F1F5-D4A1-C02A-0865-7F6A95A33A56}" = CCC Help English
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AuralogComponentsUninstall9.exe" = AuralogComponentsUninstall9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bamboo Dock" = Bamboo Dock 3.3
"Canon MP510 Benutzerregistrierung" = Canon MP510 Benutzerregistrierung
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup" = DivX-Setup
"dt icon module" = 
"DVDx_is1" = DVDx
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla" = FileZilla (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Dub_is1" = Free Audio Dub version 1.7.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.15
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"gtfirstboot Setting Request" = 
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MarketingTools" = VAIO Marketing Tools
"MFU Module" = 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MPE" = MyPhoneExplorer
"Pamela" = Pamela Basic 4.0
"Pen Tablet Driver" = Bamboo
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Sony Ericsson Update Service
"VAIO Help and Support" = 
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"InstallShield_{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.04.2011 20:26:44 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 20.04.2011 20:34:01 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 20.04.2011 20:51:24 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 20.04.2011 21:00:06 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 20.04.2011 21:00:06 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 20.04.2011 21:12:38 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 20.04.2011 21:12:40 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 20.04.2011 21:13:10 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 20.04.2011 21:13:13 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 21.04.2011 05:53:05 | Computer Name = mc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MemeoBackup.exe, Version 2.0.0.0, Zeitstempel
 0x46b24a7d, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
 Ausnahmecode 0xc0000374, Fehleroffset 0x000b06fc,  Prozess-ID 0x15c8, Anwendungsstartzeit
 01cbffb30aaab34e.
 
[ OSession Events ]
Error - 21.06.2009 09:48:11 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.06.2009 09:48:56 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.03.2010 02:23:00 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 251182
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 01.06.2010 11:24:15 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 598
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.03.2009 12:44:06 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 30.03.2009 13:01:44 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 31.03.2009 03:04:46 | Computer Name = mc-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2009 um 09:03:34 unerwartet heruntergefahren.
 
Error - 31.03.2009 03:04:59 | Computer Name = mc-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 31.03.2009 03:05:31 | Computer Name = mc-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.03.2009 03:07:01 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 31.03.2009 07:38:47 | Computer Name = mc-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2009 um 13:36:24 unerwartet heruntergefahren.
 
Error - 31.03.2009 07:39:00 | Computer Name = mc-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 31.03.2009 07:39:50 | Computer Name = mc-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.03.2009 08:18:47 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description = 
 
 
< End of report >
         

3. CCleaner:
Code:
ATTFilter
Acrobat.com	Adobe Systems Incorporated	25.02.2009	1,70MB	1.2.443
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	01.12.2008	14,0MB	
Adobe AIR	Adobe Systems Inc.	09.02.2011		2.5.1.17730
Adobe Creative Suite 4 Design Standard	Adobe Systems Incorporated	25.02.2009		4.0
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	29.11.2011		11.1.102.55
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	29.11.2011	2,95MB	11.1.102.55
Adobe InDesign CS2 Trial	Adobe Systems Incorporated	12.01.2009	190,5MB	004.000.000
Adobe Media Player	Adobe Systems Incorporated	13.01.2009	2,95MB	1.1
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	09.11.2009	6,36MB	11.5.2.602
Alps Pointing-device for VAIO		10.08.2008	2,83MB	
Applian FLV and Media Player 3.1.1.12	Applian Technologies	30.04.2012	56,9MB	3.1.1.12
ArcSoft WebCam Companion 2	ArcSoft	01.12.2008	22,6MB	
ATI Catalyst Install Manager	ATI Technologies, Inc.	25.08.2008	13,7MB	3.0.682.0
AuralogComponentsUninstall9	Auralog	19.11.2011	0,18MB	
Avanquest update	Avanquest Software	27.12.2008	2,33MB	1.18
Avira Free Antivirus	Avira	07.05.2012	74,9MB	12.0.0.1125
Bamboo	Wacom Technology Corp.	28.11.2011	53,6MB	5.2.5-5
Bamboo Dock 3.3	Wacom Co., Ltd.	30.09.2010	14,6MB	3.3
Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter	Sony Corporation	25.08.2008	56,8MB	2.5
Browser Address Error Redirector		01.12.2008		
Canon MP Navigator 3.0		11.07.2009	17,7MB	
Canon MP510		11.07.2009		
Canon MP510 Benutzerregistrierung		11.07.2009	0,50MB	
Canon Utilities Easy-PhotoPrint		11.07.2009	30,0MB	
Catalyst Control Center - Branding	ATI	25.08.2008	0,42MB	1.00.0000
CCleaner	Piriform	22.05.2012	4,71MB	3.19
Click to Disc	Sony Corporation	25.08.2008	68,1MB	1.2.00.06190
Click to Disc Editor	Sony Corporation	25.08.2008	185,6MB	1.2.00
Compatibility Pack für 2007 Office System	Microsoft Corporation	12.05.2012		12.0.6612.1000
Disc2Phone		26.12.2008	7,70MB	1.5.185
DivX Converter	DivX, Inc.	01.12.2008	45,1MB	6.5
DivX-Setup	DivX, LLC	11.12.2011	3,57MB	2.6.0.34
Dolby Control Center	Dolby	10.08.2008	47,0MB	1.2.0702
Dropbox	Dropbox, Inc.	11.03.2012	24,2MB	1.2.52
DVDx	labDV®	04.12.2008	10,0MB	2.5.1
ESET Online Scanner v3		10.06.2012	129,4MB	
Facebook Video Calling 1.2.0.159	Skype Limited	20.03.2012	4,77MB	1.2.159
FileZilla (remove only)		04.12.2008	12,5MB	
FLV Player 2.0 (build 25)	Martijn de Visser	08.07.2009	1,95MB	2.0 (build 25)
Free Audio CD Burner version 1.4	DVDVideoSoft Limited.	21.09.2010	3,14MB	
Free Audio Dub version 1.7.7	DVDVideoSoft Limited.	06.12.2010	3,07MB	
Free Video to MP3 Converter version 4.2.15	DVDVideoSoft Limited.	10.02.2011	3,29MB	
Free YouTube Download 2.9	DVDVideoSoft Limited.	30.10.2010	3,27MB	
Free YouTube to MP3 Converter version 3.8	DVDVideoSoft Limited.	21.09.2010	2,36MB	
Google Advertising Cookie Opt-out	Google Inc	29.05.2012	0,28MB	1.0.0.2
Google Chrome	Google Inc.	26.05.2011	166,6MB	19.0.1084.56
Google Desktop	Google	02.08.2010	6,65MB	5.9.1005.12335
Google Toolbar for Internet Explorer	Google Inc.	18.03.2012	10,6MB	7.3.2710.138
HDAUDIO SoftV92 Data Fax Modem with SmartCP		10.08.2008	1,02MB	
ICQ6.5	ICQ	15.07.2009	47,5MB	6.5
Intel(R) PROSet/Wireless WiFi-Software	Intel(R) Corporation	25.08.2008	78,3MB	12.00.0004
IrfanView (remove only)	Irfan Skiljan	26.05.2011	1,77MB	4.28
Java(TM) 6 Update 26	Oracle	17.06.2011	97,1MB	6.0.260
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	15.04.2012	11,5MB	1.61.0.1400
Media Go	Sony	01.11.2010	106,6MB	1.5.312
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	21.10.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	28.07.2009	27,8MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	26.06.2010	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	26.06.2010	24,5MB	4.0.30319
Microsoft Office Enterprise 2007	Microsoft Corporation	24.03.2012	633MB	12.0.6612.1000
Microsoft Office File Validation Add-In	Microsoft Corporation	03.12.2011	7,95MB	14.0.5130.5003
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	12.05.2012		12.0.6612.1000
Microsoft Silverlight	Microsoft Corporation	19.05.2012		5.1.10411.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	28.07.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	28.07.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	16.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	29.06.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	01.11.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,58MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	18.02.2012	16,5MB	10.0.40219
Microsoft Works	Microsoft Corporation	14.04.2012		9.7.0621
Mozilla Firefox 12.0 (x86 de)	Mozilla	04.06.2012	43,4MB	12.0
Mozilla Maintenance Service	Mozilla	04.06.2012	0,21MB	12.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	02.12.2008	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	29.11.2009	1,34MB	4.20.9876.0
Music Transfer	Sony Corporation	25.08.2008	40,7MB	1.2.00.17290
MyPhoneExplorer	F.J. Wechselberger	18.03.2012	8,91MB	1.8.2
OpenMG Secure Module 5.1.00	Sony Corporation	25.08.2008		5.1.00.05200
Pamela Basic 4.0		03.12.2008	16,1MB	4.0
Picasa 3	Google, Inc.	13.07.2011	96,4MB	3.8
PlayStation(R)Network Downloader	Sony Computer Entertainment Inc.	01.11.2010	0,65MB	2.03.00126
PlayStation(R)Store	Sony Computer Entertainment Inc.	01.11.2010	3,64MB	3.2.11.09227
QuickTime	Apple Inc.	10.04.2009	74,4MB	7.60.92.0
RealPlayer	RealNetworks	01.12.2011	117,9MB	
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	10.08.2008	26,2MB	6.0.1.5653
Roxio Easy Media Creator 10 LJ	Roxio	01.12.2008	5,25MB	10.1
ScanSoft OmniPage SE 4.0	Nuance Communications, Inc.	11.07.2009	153,0MB	15.00.0020
Setting Utility Series	Sony Corporation	10.08.2008	11,4MB	4.1.00.07300
Skype Click to Call	Skype Technologies S.A.	14.10.2011	5,72MB	5.6.8442
Skype™ 5.8	Skype Technologies S.A.	11.02.2012	19,1MB	5.8.154
SonicStage Mastering Studio Audio Filter	Sony Corporation	25.08.2008	12,7MB	2.5
SonicStage Mastering Studio Plugins	Sony Corporation	25.08.2008	30,2MB	2.5
Sony Ericsson Media Manager 1.1	Sony Ericsson	27.12.2008	62,5MB	1.1.550
Sony Ericsson PC Companion	Sony Ericsson	17.06.2011	65,8MB	2.01.192
Sony Ericsson PC Suite		25.12.2008	41,9MB	2.10.46
Sony Ericsson PC Suite 4.010.00	Sony Ericsson	27.12.2008	40,8MB	4.010.00
Sony Ericsson Update Service	Sony Ericsson Mobile Communications AB	17.06.2011	227MB	2.11.6.12
Sony Picture Utility	Sony Corporation	25.08.2008	229MB	3.2.02.06170
Sony Video Shared Library	Sony Corporation	25.08.2008	4,06MB	3.4.00
Uninstall 1.0.0.1		10.02.2011	16,2MB	
Unterstützung für VAIO-Präsentation	Sony Corporation	25.08.2008	3,55MB	1.0.00.04240
VAIO Content Folder Setting	Sony Corporation	25.08.2008	6,77MB	2.0.00.17290
VAIO Content Metadata Intelligent Analyzing Manager	Sony Corporation	25.08.2008	20,2MB	3.2.00.06115
VAIO Content Metadata Manager Setting	Sony Corporation	25.08.2008	3,15MB	3.2.00.06062
VAIO Content Metadata XML Interface Library	Sony Corporation	25.08.2008	2,57MB	3.2.00.06112
VAIO Control Center	Sony Corporation	10.08.2008	4,65MB	3.1.00.07110
VAIO Data Restore Tool	Sony Corporation	25.08.2008	6,50MB	1.0.04.01170
VAIO DVD Menu Data Basic	Sony Corporation	25.08.2008	543MB	1.0.00.08130
VAIO Edit Components 6.4	Sony Corporation	25.08.2008	34,2MB	6.4
VAIO Energie Verwaltung	Sony Corporation	10.08.2008	6,46MB	3.1.00.08060
VAIO Entertainment Platform	Sony Corporation	25.08.2008	4,66MB	3.2.00.06200
VAIO Event Service	Sony Corporation	10.08.2008	6,18MB	4.1.00.07150
VAIO Launcher	Sony Corporation	25.08.2008	7,50MB	2.1.00.06130
VAIO Marketing Tools	Sony Corporation	01.12.2008	0,53MB	
VAIO Media plus	Sony Corporation	25.08.2008	61,8MB	1.1.00.05240
VAIO Movie Story	Sony Corporation	25.08.2008	57,3MB	1.3.00.06240
VAIO Movie Story Template Data	Sony Corporation	25.08.2008	399MB	1.3.00.06120
VAIO MusicBox	Sony Corporation	25.08.2008	64,5MB	2.1.00.06110
VAIO MusicBox Sample Music	Sony Corporation	25.08.2008	90,2MB	1.1.00.14140
VAIO Original Function Setting	Sony Corporation	25.08.2008	5,30MB	1.4.00.04230
VAIO Smart Network	Sony Corporation	25.08.2008	24,5MB	2.1.00.07300
VAIO Update 4	Sony Corporation	25.08.2008	2,45MB	4.0.0.06110
VAIO Wallpaper Contents	Sony Corporation	10.08.2008	118,6MB	1.2.00.05200
WD Anywhere Backup	Ihr Firmenname	03.12.2008	15,5MB	2.50.2012
WD Diagnostics	Western Digital Technologies	03.12.2008	0,81MB	1.09.0002
WD Drive Manager (x86)	Western Digital	03.12.2008	3,50MB	2.62
WEB.DE Internet Explorer Addon	1&1 Mail & Media GmbH	21.06.2011	0,49MB	1.0.1.0
WEB.DE Softwareaktualisierung	1&1 Mail & Media GmbH	02.08.2011	1,53MB	2.0.1.9
WEB.DE Toolbar für Internet Explorer	1&1 Mail & Media GmbH	12.12.2011	2,52MB	1.7.0.0
WEB.DE Toolbar für Mozilla Firefox	1&1 Mail & Media GmbH	12.12.2011	2,52MB	1.6.4.0
WebTablet FB Plugin	Wacom Technology Corp.	28.11.2011		2.0.0.1
WebTablet IE Plugin	Wacom Technology Corp.	28.11.2011		1.1.0.12
WebTablet Netscape Plugin	Wacom Technology Corp.	28.11.2011	0,75MB	1.1.0.10
WIDCOMM Bluetooth Software 6.2.0.4100	Broadcom Corporation	10.08.2008	75,1MB	6.2.0.4100
WinDVD BD for VAIO	InterVideo Inc.	25.08.2008	102,7MB	8.0-B9.516
WinHTTrack Website Copier 3.43-4	HTTrack	25.04.2009	11,4MB	3.43.4
         
4. - Mein Laptop ist extrem langsam was Aktionen außerhalb des Internets betreffen.

- Auf meinem Desktop sind Word-, Excel- und .tmp-Dateien aufgetaucht, die entweder aus anderen Ordnern stammen, oder mir völlig unbekannt sind (.tmp-Dateien). Die Beschriftungen sind verfremdet, habe ein Bild angehängt. Was soll ich nun tun?

- Keine Suche über die Startleiste möglich.

- Start- und Taskleiste hängen sich ständig auf: "Windows Explorer reagiert nicht mehr." - es muss alles geschlossen werden.

- Die Datei "data_recovery" wurde heute nach dem 4. Scan als Virus von Avira erkannt und in Quarantäne verschoben.


Sind die Infos ausreichend?

Danke und LG!

Miniaturansicht angehängter Grafiken
Alle Dateien versteckt - Befall mit &quot;trojan.fasagent&quot; und &quot;PUM.Hijack.StartMenu&quot;-desktop.jpg  

Alt 15.06.2012, 07:56   #6
kira
/// Helfer-Team
 
Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Standard

Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"



es gibt 2 Möglichkeiten:
1. Fesplatte formatieren Windows neu einrichten, dann ist alles sauber und läuft perfekt
2. Mußt Du herumbasteln solange, bis Du sorglos wieder am Pc arbeiten kannst (Einstellungen, Symbole etc)
Ich kann Dir helfen die Malware zu entfernen, aber alle Einstellungen, die durch Malware verändert worden sind mußt Du manuell versuchen wieder auf die Reihe kriegen!
Manche Fehler lässt sich allerdings nicht mehr beheben bzw reparieren
wie man schön sagt:
Auf einem abgestorbenen Apfelbaum werden im Nachhinein keine gesunden Äpfel mehr wachsen!

1.
Benötigst diese Müllsammlung hier??:
Zitat:
WEB.DE Internet Explorer Addon 1&1 Mail & Media GmbH 21.06.2011 0,49MB 1.0.1.0
WEB.DE Softwareaktualisierung 1&1 Mail & Media GmbH 02.08.2011 1,53MB 2.0.1.9
WEB.DE Toolbar für Internet Explorer 1&1 Mail & Media GmbH 12.12.2011 2,52MB 1.7.0.0
WEB.DE Toolbar für Mozilla Firefox 1&1 Mail & Media GmbH 12.12.2011 2,52MB 1.6.4.0
Anwendungen nur beim Hersteller downloaden!

2.
die Trusted-Zone Einträge (015) sind von dir also absichtlich zur vertrauenswürdigen Zone zugefügt?
Code:
ATTFilter
O15 - HKLM\..Trusted Domains: 120.105 ([194.94] http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([http] in Vertrauenswürdige Sites)
         
3.
Windows Defender:
Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
Windows Defender komplett deaktivieren

Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder
Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe)

Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen.
Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen.
Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen.

Start => services.msc ins Suchfeld eingeben.
Es öffnet sich das Fenster der Dienste
Doppelklick auf den Dienst "Windows Defender"
Starttyp auf "Manuell" umstellen.
Dienststatus beenden, falls der Dienst noch gestartet ist.
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

4.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKLM\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0}
IE - HKLM\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" = http://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0}
IE - HKCU\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" = 
IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = http://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKCU\..\SearchScopes\{53FC9A4E-9CB0-4B81-9478-6029599E1608}: "URL" = http://wa.ui-portal.de/webde/webde/s?produkte.browser.link.ebaysuche&s_brand=webde&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-5/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{A44D4BF4-79B7-4933-93FC-8C7BC9F378C1}: "URL" = http://go.web.de/suchbox/ie_amazon/?keywords={searchTerms}
IE - HKCU\..\SearchScopes\{D8BEB828-74DA-4CA6-93A8-F7D6F897D385}: "URL" = http://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = http://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.2
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.7.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q="
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2011.12.24 15:41:14 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\toolbar@web.de
[2011.12.20 20:35:01 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-2.xml
[2011.12.20 20:35:51 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-3.xml
[2011.12.24 15:41:28 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-4.xml
[2012.06.05 12:59:24 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-5.xml
[2012.06.05 13:16:36 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-6.xml
[2010.12.28 01:00:08 | 000,000,944 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.xml
[2009.07.16 11:37:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.06.05 13:14:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.05 13:14:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.05 13:14:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.05 13:14:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.05 13:14:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Programme\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (WEB.DE Browser Configuration) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll ()
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{227e8917-ddb0-11df-ba6f-e8ec86ab2a75}\Shell - "" = AutoRun
O33 - MountPoints2\{227e8917-ddb0-11df-ba6f-e8ec86ab2a75}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\{49420ade-0c25-11df-a1d8-00214f4ba1fd}\Shell - "" = AutoRun
O33 - MountPoints2\{49420ade-0c25-11df-a1d8-00214f4ba1fd}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{49420ae6-0c25-11df-a1d8-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{49420ae6-0c25-11df-a1d8-001e101f21c1}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c2ec354-0dbb-11df-baba-001e101f3534}\Shell - "" = AutoRun
O33 - MountPoints2\{8c2ec354-0dbb-11df-baba-001e101f3534}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a93c2e66-ecab-11df-bc4c-e69db9e92d93}\Shell - "" = AutoRun
O33 - MountPoints2\{a93c2e66-ecab-11df-bc4c-e69db9e92d93}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{e7db0ace-057d-11de-8f2f-001dba8b5c03}\Shell - "" = AutoRun
O33 - MountPoints2\{e7db0ace-057d-11de-8f2f-001dba8b5c03}\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = wd_windows_tools\WDEULA.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe
[2012.06.14 23:02:13 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.14 22:54:09 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000UA.job
[2012.06.14 22:01:52 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.11 19:54:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000Core.job
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0

:Files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
C:\ProgramData\-7mVIvHaEUJBdTb
C:\ProgramData\7mVIvHaEUJBdTb
C:\ProgramData\-7mVIvHaEUJBdTbr
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

5.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

6.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

7.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

8.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

9.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

10.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

11.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________
--> Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"

Alt 16.06.2012, 14:43   #7
shomg
 
Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Standard

Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"



Also ich möchte mich gerne für den 2. Punkt entscheiden und alles tun, was mich vor einer Neuformatierung bewahrt!

Es hat leider etwas gedauert alle Punkte abzuarbeiten, hier die Ergebnisse:

1. Die Toolbars habe ich bei web.de direkt runtergeladen und web.de ist anscheinend von 1&1. Die Toolbar benötige ich, mit dem Rest weiß ich nichts anzufangen...

2. Nein, ich weiß nicht einmal was eine vertrauenswürdige Zone ist?! Wie bekomm ich die Dateien da wieder heraus?

3. Den Windows-Defender habe ich deaktiviert.

4. Alles mit OTL gefixt.

5. Java aktualisiert.

7. System mit CCleaner gereinigt.

8.
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/15/2012 at 10:44 PM

Application Version : 5.1.1002

Core Rules Database Version : 8743
Trace Rules Database Version: 6555

Scan type       : Complete Scan
Total Scan Time : 02:47:10

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 1025
Memory threats detected   : 0
Registry items scanned    : 37926
Registry threats detected : 0
File items scanned        : 69869
File threats detected     : 1

Adware.Tracking Cookie
	C:\USERS\MC\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZHW2OHP3.txt [ Cookie:mc@ad.zanox.com/ ]
         
10. Mit Eset gescannt, es wurden keine infizierten Datein gefunden.

11.

Code:
ATTFilter
OTL Extras logfile created on: 16.06.2012 13:53:38 - Run 3
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\mc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 33,78% Memory free
6,19 Gb Paging File | 3,58 Gb Available in Paging File | 57,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,67 Gb Total Space | 44,05 Gb Free Space | 19,87% Space Free | Partition Type: NTFS
Drive G: | 1,97 Gb Total Space | 0,66 Gb Free Space | 33,42% Space Free | Partition Type: FAT32
Drive H: | 1,95 Gb Total Space | 1,41 Gb Free Space | 72,07% Space Free | Partition Type: FAT
Drive I: | 7,47 Gb Total Space | 0,53 Gb Free Space | 7,08% Space Free | Partition Type: FAT32
 
Computer Name: MC-PC | User Name: mc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1761F956-E6BA-4116-9083-488932E63EC5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3B90ECF1-8298-4243-8F0D-E65C071077A2}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{4C3C08B3-CFB1-45F2-A093-7D7373D424F4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{71CBF9FC-BDA1-4CCE-BB11-9091F2B2D87B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7E08DE09-E457-4662-9BD9-4C66D0BC86DD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8689166D-180F-4A30-9DB0-F5DB3AD1E123}" = lport=138 | protocol=17 | dir=in | app=system | 
"{94A4FF1B-372F-45D3-BA79-74B505A224A8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{9BA1E26E-872C-4BB0-A87A-960E4598B8CD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AFBC1C0E-33C5-44E3-8E0B-8AA86CFEF50C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B519BBA9-DECD-4407-93B3-CC05CBBCC02C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B55656A4-931D-4145-9A59-70FA1F89B524}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{BA17942E-12F3-4153-AA77-6FFA36B1B167}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{BFF3B81D-1B08-4449-98A7-46FB6CB441F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CC3FA29B-C405-4B2B-84E0-416802DFCDB5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E456EDE2-CAC1-4340-BC21-8A946E8AA443}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{F37EEAE7-DA8F-497A-9615-6E07ED9F8A41}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066C05F2-FC33-4846-A8CD-1405D7D4C26F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{091EF9D1-9FDE-490E-8819-D0C8788E6A96}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A90B39B-C84A-42A3-A8C6-0F6A4694A898}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{0B6E696D-868C-40C0-8671-9A48B5005FF9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0BD4C115-AB9E-4303-8E45-342E64413A1A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C5D2394-8924-41B9-8A6F-B2FFDDABEB15}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0DD0374B-116D-41E6-9D30-F9D7086ECB0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{10F7D976-C490-4008-BBC6-B71F403628AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{177BD224-5087-40A2-BDB4-429BB325481B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{1B6F8B83-7AE7-4087-96AF-14478B69CABE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1BD8480D-C502-4D6D-89A3-CE4554411FF8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1C716B9D-F281-4230-956A-B5D06E4357E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{226511F6-6373-495B-9EF3-F0F77CD0EAED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{233BB4FF-F6C4-4F31-B45F-FC3EB3E652A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{26EB29C6-50F4-4069-A11D-8B75DCA19EFD}" = dir=in | app=c:\users\mc\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{27588B78-2646-437F-B532-0FB2B946579B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A11D828-261C-46F8-8C6E-7151C43F7DCD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2B611690-B002-4A69-BF67-51377E114D05}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F11A139-D9FE-42C1-999A-2EF1C5A1EC1A}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{2FF6C347-C8A2-47D6-A09B-34B15D8E703F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{316A59A5-6D94-401C-911B-B23D47538118}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3E8EC0BD-9603-48C5-937B-46999B082943}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3FD19A8D-B230-4E25-B113-84E0312D1FB0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{40DB305C-A405-4DB8-A98F-A481302C1938}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{420818D4-CB76-4B48-ABE7-8489C120A2D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4343A8D9-4855-40FB-948F-B5BE1908D0FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{44014A9B-58BA-4688-A2DB-4ACBA0D3CD97}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{47F05510-F2A8-48D1-9D67-B9807BE62996}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{516F28A1-8366-4F16-A0B4-8877B2C9A0A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{53959474-CD55-45DC-A49E-5B78AD906F28}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{584519E0-A051-417B-8A82-036E2697D00C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5E568CAC-F86D-4957-A036-EBC6151910F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6138917F-67E3-4E70-97ED-D0648BB7492B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{62239022-9CE0-4A48-9C34-B00814DC2C67}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{62990C1F-A6F5-42BF-9380-75482F43BF65}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{648DBB2F-022C-4429-A275-6707904DECBA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{659A58D6-3202-4235-A4F4-A6C8D361C41C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{659D04E6-E717-4582-8E9F-32DC084F0F29}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{65EADE7C-2B1F-4337-A275-5D6FD82296C1}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{67E0EF5B-DEE8-4887-AF64-2A00A62AC380}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6A457E67-F097-4F2B-960B-76D3414DC907}" = protocol=6 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6B24878D-0117-48FB-BF53-5573EC8B0D3F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6F033B96-8FAE-42E3-A952-3A8382847154}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6FE14C12-7F0C-46F6-9BF5-C835D5D6422C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{711B7E29-F8DB-4C4E-ABE2-14DF88EE79D7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7584CF03-1609-4F7A-AD9E-1DFF2DF32129}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{78406A40-2E36-48E3-BEFB-0A320290B66C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7905501E-F55C-423D-9AA4-1E87DA260E2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79360B19-052B-4C74-9833-F27A17C37A49}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{7D023F94-6D92-4831-B4D2-280088840022}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{804E9340-9130-4932-A101-FA1768C363EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{80EEF737-FC11-47ED-A3B7-A047B4E10189}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{8457C3E3-750D-4179-8E8A-6D35F8406270}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{848250FC-AA63-441B-BAD8-F0D3B69B9870}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8627DE6B-85D6-427F-8EEC-E2EF1427544D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BD46282-7AD5-41BB-8748-7AAA25CAC0A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8DFA1374-C80F-4C1B-B656-2BD69C385FEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{955D0650-B496-42DE-8092-26C278663095}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96B41203-0DD2-46A7-8D35-7B8DC214F0D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96D95C90-02F4-4876-9EEB-D51AAAD80C41}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{99FB6BDD-D76F-4DBD-B513-DF49554E247D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9C636E5A-B0B3-495B-9CA7-7F046DC5189E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E4F1880-16BA-49B8-81C5-A21D30A48BD9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9F1DC365-1964-4761-83EA-3B2DE5BB9E5E}" = protocol=17 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A26EAE68-5BEA-4EB6-9B98-56D1EA42B0E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A289EE51-4B9D-4816-87AE-B8BB8EA0AA3B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A2D686DC-68D9-4C28-AD68-A56ED38D1440}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACD61E54-53F4-4BB7-94EB-6A7679B0983A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE3FFABA-CFEC-4E1F-AF1C-3E55A7E0D09F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B1E38E6A-3522-4FEC-85FD-3DDBB8C6763C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B323A888-F7DE-4D4E-85BF-2B0D37802F31}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B4DF2CD0-FF57-47DF-B00F-ADD5F361D5EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB754DCE-578B-49E6-B7B4-E4778C6C7310}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BD0EEDB1-736D-4247-9A05-CDBFDA2FA0E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF01FC21-73BE-4DDD-9C6E-BFF210F3EB46}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C02F8D15-A724-460A-83A6-07A5AAE7E70A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C0F7094A-0D9E-419B-B6AD-4551BE9EF3A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C1179CBD-2651-4BC4-A877-4221F87C19D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C684F43A-AE49-4ED9-AB02-D965B05BCAEE}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{DF4B40DA-56F7-4BB2-B10E-0C685257710C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E174DDAC-722E-4462-818C-B3A1B4F052BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E8D9FF68-2043-44AF-82F5-0339F963CA5C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F24DB7B0-9096-4D3F-8ABC-2FA2D5A3E7B4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F32D319C-A4CD-4D4A-8EFF-F6F8ADB995DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F549DF55-78EF-42AB-B50D-6EDBB6FA49F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F70BFBF9-9477-4D3C-9918-C2B5E03C1454}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{F90A2363-7397-41B5-AE49-C248CDB31EE8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FA7716F6-1683-4815-9A59-F05579876F6C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FB93830D-9421-4FFF-B21D-FABE07678843}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FDD2D203-EC31-426E-AA81-702D02B5BE02}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{2DD87E9C-8C9E-4D68-A038-1A50EADA87FB}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe | 
"TCP Query User{7C2F1A56-E482-491C-8CD6-4A8B34CEC332}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{8296D31C-F463-4929-9DCA-38250D56CFC2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{982143ED-7AE9-46AF-BF8F-8BC81EFAB6C9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{CE018111-BD8C-45D3-9910-58E3AFCAD6B6}C:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{E2C4B350-0596-4137-ACEA-E2440651023E}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"TCP Query User{FFF908E4-1360-47F9-AD64-EB9EF7A9BC6F}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe | 
"UDP Query User{0AEDFDB3-D3F4-4474-BA24-CBD599A59BF8}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"UDP Query User{1FB6F7EB-3B75-4168-AF89-8961100F062E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4F6BCD17-1723-4016-9B90-ECE72BE62CED}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe | 
"UDP Query User{5E609DA9-0F7F-4292-A276-BF7CC5F7FAFD}C:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{893A5B32-214C-48CE-9129-398957E61F5A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{CFC74CC0-D0F8-43FB-8387-79DF1BCF2F04}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe | 
"UDP Query User{D966CAAB-D641-4607-9904-7DC916ADBCFE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{018F8F57-B46B-B9B9-C452-DE8F5618434F}" = Catalyst Control Center Graphics Full Existing
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07C93E59-2DE3-1565-28A9-8C848B26D0F5}" = CCC Help German
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A6F9244-8C79-1296-3A43-097F67EB666A}" = Catalyst Control Center Localization Dutch
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1790FDA2-938F-C886-8988-1ECB74E45517}" = Catalyst Control Center Localization Norwegian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C815731-19F3-0770-8776-D78D6BEBC291}" = Catalyst Control Center Localization Hungarian
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EC06E70-BE43-DAAA-A217-E5C98869B1F8}" = Catalyst Control Center Localization Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{252E50FD-F27C-C8DD-C9E2-D2845A2DC399}" = ATI Catalyst Install Manager
"{25BA8D5A-228A-7192-6FA1-890D9F1C679F}" = CCC Help Korean
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B311FB9-5B6A-328C-D7AE-2445D639D886}" = CCC Help Norwegian
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D333C7C-102B-F474-9524-72AAA3F292B8}" = Catalyst Control Center Localization Danish
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4415B0E6-B266-49C3-B501-FFEF76C3D71B}" = Google Advertising Cookie Opt-out
"{4529BC6B-16AE-6829-4946-36C33DBF8DD1}" = Catalyst Control Center Localization French
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4EBFAB00-674D-27E3-91B0-3BAA73FC6FA6}" = Bamboo Dock
"{51B833D8-66B0-4E72-92B9-4E4977EF37F2}" = WD Drive Manager (x86)
"{527EB2A4-BF51-B1B6-3F09-2032A861548E}" = Catalyst Control Center Graphics Light
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{55C0F7C1-8B6D-CBBD-2B88-EE7261A87254}" = CCC Help Greek
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = 
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{629FD96D-5877-0832-2D31-0EFE781F870D}" = CCC Help Portuguese
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{652C5DED-9B9F-93D0-5E94-931B8C38EF0E}" = Catalyst Control Center Localization Thai
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6A54CB6A-59D1-6A3A-08F3-E34ECF8905A9}" = Catalyst Control Center Graphics Previews Vista
"{6AA6EEA5-BF09-932B-AC25-0E9CCA4B709A}" = CCC Help Danish
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C4EF0CA-A9DD-96CF-B722-CCDEB589DD26}" = Catalyst Control Center Localization Chinese Traditional
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{711D43D7-24FE-A2B7-CC52-A48BCAAF3926}" = Catalyst Control Center Graphics Previews Common
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73496381-83C9-7BE6-6EB6-4CF97C00E5FD}" = CCC Help Polish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79BBD55C-9FF6-D496-8AE6-E2EC2829F974}" = Catalyst Control Center Localization Czech
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CC28423-465C-F4B9-9379-343DF715BE62}" = CCC Help Swedish
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"{80828DF5-270E-F8E6-6274-55ACA4C7E229}" = Catalyst Control Center Localization Japanese
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84037798-D63A-F5CA-9FB2-829B362BF712}" = CCC Help Finnish
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8470A1D9-536E-C7C1-AE2D-24B739B1665A}" = Catalyst Control Center Localization Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{882683C6-8B60-5CBC-38A8-55ED185FD975}" = CCC Help Turkish
"{8843C5E1-51E5-DFA6-1AD8-757C8DCA7E37}" = CCC Help Russian
"{88C596E4-6882-8E76-EBEF-AB739F5A3B69}" = Catalyst Control Center Localization Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8C467DE1-6E04-0888-B281-172909C96F37}" = Skins
"{8C7FB08D-7A84-22E0-F553-F6B827023E17}" = CCC Help Chinese Traditional
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{925936AC-9C9A-4897-874B-60961AAB6D52}" = Disc2Phone
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93F32124-BB54-C599-CF55-E1E57565BCE3}" = CCC Help Czech
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96C951BB-47C8-8497-78F0-7D8D328B58E3}" = Catalyst Control Center Localization Portuguese
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99D8CD4E-A5D2-A9DF-A152-B28EB5A71F85}" = Catalyst Control Center Localization German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939F952-1C7E-CBF8-EE77-CFBD9C6A4ECC}" = ccc-core-static
"{AA75988E-9EC1-EECE-CE00-D5D935974528}" = CCC Help Dutch
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{ACB5FD4A-6C58-972C-180C-9677C037E71D}" = Catalyst Control Center Localization Chinese Standard
"{ADBDB038-FF77-C672-04A1-7A0E67E8C73C}" = Catalyst Control Center Core Implementation
"{ADECE95F-585D-8B33-BF50-53C2BDA1E241}" = Catalyst Control Center Localization Korean
"{AE0FBCB5-3193-4583-C6CB-AA96F307EA70}" = ccc-utility
"{AFF10119-F154-4888-77F3-B149DE987976}" = Catalyst Control Center Localization Polish
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4
"{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C767EE67-9AA4-1CBF-8FD4-87F52CBB041D}" = CCC Help Italian
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8E57F8C-64FE-28D7-0F65-7BE87AF49745}" = Catalyst Control Center Graphics Full New
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C93F4E7C-1B31-449B-A304-EF277CF55E39}" = Catalyst Control Center - Branding
"{CAE07D54-A400-DAF9-912B-306DD941B61C}" = Catalyst Control Center Localization Finnish
"{CB6CF566-E06F-2556-55EF-EE149FC6EE7F}" = CCC Help French
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D355ECA7-DBF5-F22E-4E1A-BF69CFC5CED8}" = CCC Help Japanese
"{D44DF260-2D5A-3277-97D6-C97D1A806CF5}" = CCC Help Thai
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D7019E24-BF07-3690-18C7-3D0DE87D09AB}" = CCC Help Chinese Standard
"{D7FFE7EB-1A15-864C-B335-E768BF623B84}" = Catalyst Control Center Localization Swedish
"{DE1F799A-0A02-FF3B-8786-195E91D0DE94}" = CCC Help Spanish
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E31010F6-DE18-0E9F-E028-FC709306C6F1}" = Catalyst Control Center Localization Turkish
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4100
"{E5BD6683-301D-B224-FB7C-320299CD51F9}" = CCC Help Hungarian
"{E9730C7A-E5DA-8222-45FE-2D71E810BE46}" = Catalyst Control Center Localization Spanish
"{EA39F1F5-D4A1-C02A-0865-7F6A95A33A56}" = CCC Help English
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AuralogComponentsUninstall9.exe" = AuralogComponentsUninstall9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bamboo Dock" = Bamboo Dock 3.3
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup" = DivX-Setup
"dt icon module" = 
"DVDx_is1" = DVDx
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla" = FileZilla (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Dub_is1" = Free Audio Dub version 1.7.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.15
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"gtfirstboot Setting Request" = 
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MarketingTools" = VAIO Marketing Tools
"MFU Module" = 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Pamela" = Pamela Basic 4.0
"Pen Tablet Driver" = Bamboo
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Sony Ericsson Update Service
"VAIO Help and Support" = 
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"InstallShield_{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.04.2011 06:23:01 | Computer Name = mc-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 07.04.2011 05:40:57 | Computer Name = mc-PC | Source = Avira AntiVir | ID = 4112
Description = 
 
Error - 07.04.2011 14:21:00 | Computer Name = mc-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.04.2011 14:21:28 | Computer Name = mc-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 13.04.2011 04:28:09 | Computer Name = mc-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19019 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: b28  Anfangszeit: 01cbf5511a55f54a  Zeitpunkt
 der Beendigung: 0
 
Error - 13.04.2011 04:40:30 | Computer Name = mc-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.04.2011 04:40:36 | Computer Name = mc-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 20.04.2011 18:43:29 | Computer Name = mc-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.04.2011 18:43:43 | Computer Name = mc-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 20.04.2011 19:14:51 | Computer Name = mc-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 21.06.2009 09:48:11 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.06.2009 09:48:56 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.03.2010 02:23:00 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 251182
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 01.06.2010 11:24:15 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 598
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.03.2009 12:44:06 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 30.03.2009 13:01:44 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 31.03.2009 03:04:46 | Computer Name = mc-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2009 um 09:03:34 unerwartet heruntergefahren.
 
Error - 31.03.2009 03:04:59 | Computer Name = mc-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 31.03.2009 03:05:31 | Computer Name = mc-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.03.2009 03:07:01 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 31.03.2009 07:38:47 | Computer Name = mc-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2009 um 13:36:24 unerwartet heruntergefahren.
 
Error - 31.03.2009 07:39:00 | Computer Name = mc-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 31.03.2009 07:39:50 | Computer Name = mc-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.03.2009 08:18:47 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description = 
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 16.06.2012 13:53:38 - Run 3
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\mc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 33,78% Memory free
6,19 Gb Paging File | 3,58 Gb Available in Paging File | 57,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,67 Gb Total Space | 44,05 Gb Free Space | 19,87% Space Free | Partition Type: NTFS
Drive G: | 1,97 Gb Total Space | 0,66 Gb Free Space | 33,42% Space Free | Partition Type: FAT32
Drive H: | 1,95 Gb Total Space | 1,41 Gb Free Space | 72,07% Space Free | Partition Type: FAT
Drive I: | 7,47 Gb Total Space | 0,53 Gb Free Space | 7,08% Space Free | Partition Type: FAT32
 
Computer Name: MC-PC | User Name: mc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.11 18:26:06 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.06.11 14:28:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\mc\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 22:04:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 22:04:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 22:04:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 22:04:38 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.03 22:19:06 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011.09.28 11:48:17 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe
PRC - [2011.09.08 18:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe
PRC - [2011.09.08 18:48:34 | 003,281,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchUser.exe
PRC - [2011.09.08 18:48:34 | 001,485,176 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TabletUser.exe
PRC - [2011.09.08 18:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.05.25 11:31:23 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.05.23 09:09:30 | 000,431,616 | ---- | M] (Sony Ericsson) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2010.12.13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010.09.22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009.04.12 10:46:22 | 000,662,416 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) -- C:\Windows\System32\ieconfig_1und1_svc.exe
PRC - [2009.04.11 08:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.12.04 12:53:24 | 006,997,504 | ---- | M] (Pamela-Systems) -- C:\Programme\Pamela\Pamela.exe
PRC - [2008.08.06 18:06:44 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008.08.06 18:06:42 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe
PRC - [2008.07.30 16:05:22 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\NSUService.exe
PRC - [2008.07.30 16:05:22 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\LANUtil.exe
PRC - [2008.07.18 13:14:24 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008.07.15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008.07.15 18:04:08 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008.06.20 08:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008.06.19 08:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008.06.11 19:46:10 | 000,866,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2008.05.22 14:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.04.03 20:03:38 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ISB Utility\ISBMgr.exe
PRC - [2008.02.23 02:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe
PRC - [2008.02.23 02:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe
PRC - [2008.02.23 02:38:49 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe
PRC - [2008.01.30 05:52:22 | 000,106,496 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008.01.30 05:50:26 | 000,438,272 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008.01.21 04:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 22:52:17 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.06.15 22:52:15 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.06.15 19:19:25 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.06.15 19:19:25 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.05.16 23:27:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll
MOD - [2012.05.16 23:27:46 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
MOD - [2012.05.16 23:27:42 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
MOD - [2012.05.16 23:27:35 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
MOD - [2012.05.16 23:27:33 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
MOD - [2012.05.16 23:25:50 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll
MOD - [2012.05.16 23:24:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.16 22:54:49 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.16 22:53:40 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
MOD - [2012.05.16 22:52:41 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
MOD - [2012.05.16 22:46:03 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.16 22:44:28 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.09.28 11:48:17 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe
MOD - [2011.09.08 18:48:36 | 000,962,936 | ---- | M] () -- C:\Programme\Tablet\Pen\libxml2.dll
MOD - [2010.12.17 11:33:12 | 000,204,800 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll
MOD - [2010.12.13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
MOD - [2010.12.13 10:58:50 | 000,047,616 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll
MOD - [2010.07.28 11:39:19 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2009.12.09 08:54:50 | 000,495,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.27 17:39:29 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2008.12.04 12:53:27 | 000,710,656 | ---- | M] () -- C:\Programme\Pamela\crashrpt.dll
MOD - [2008.12.04 12:53:27 | 000,053,760 | ---- | M] () -- C:\Programme\Pamela\zlib.dll
MOD - [2008.12.04 12:53:25 | 000,856,064 | ---- | M] () -- C:\Programme\Pamela\lng.dll
MOD - [2008.12.04 12:53:25 | 000,643,072 | ---- | M] () -- C:\Programme\Pamela\Plugin\Sound\ACMMP3SoundPlugin.dll
MOD - [2008.08.11 12:52:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2008.08.11 12:51:59 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
MOD - [2008.07.30 02:12:31 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.05 13:14:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 22:04:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 22:04:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.09.08 18:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 18:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009.04.12 10:46:22 | 000,662,416 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) [Auto | Running] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2009.01.14 01:54:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008.08.06 18:06:42 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008.07.30 16:05:22 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008.07.18 13:14:24 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008.07.15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008.06.20 08:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008.06.19 08:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008.06.11 23:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008.06.11 23:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008.05.22 14:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008.05.22 14:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008.05.20 19:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008.05.20 19:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008.05.20 19:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008.05.20 01:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008.05.20 01:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008.05.20 01:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.01.30 05:52:22 | 000,106,496 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.06 18:28:44 | 000,031,768 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Programme\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService)
SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wacomvhid.sys -- (wacomvhid)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.08 22:04:45 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 22:04:45 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.11.12 12:34:19 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.11.12 12:34:19 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.28 01:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009.07.09 19:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009.06.29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009.04.09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.07.30 02:12:26 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.07.11 16:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008.06.28 02:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.06.28 02:11:39 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.06.21 02:03:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008.05.16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.03.10 13:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008.02.23 02:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.01.25 04:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.11.02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV - [2007.11.02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)
DRV - [2007.11.02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex)
DRV - [2007.11.02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV - [2007.11.02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007.11.02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV - [2007.11.02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007.04.24 12:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.24 12:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007.04.24 12:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007.04.24 12:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007.04.24 12:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007.04.23 16:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.23 16:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007.04.23 16:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007.04.23 16:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007.04.23 16:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.04.04 13:43:38 | 000,098,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716unic.sys -- (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM)
DRV - [2007.04.04 13:43:36 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716obex.sys -- (s716obex)
DRV - [2007.04.04 13:43:36 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716nd5.sys -- (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS)
DRV - [2007.04.04 13:43:34 | 000,108,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mdm.sys -- (s716mdm)
DRV - [2007.04.04 13:43:34 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mgmt.sys -- (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.04 13:43:32 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mdfl.sys -- (s716mdfl)
DRV - [2007.04.04 13:43:20 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716bus.sys -- (s716bus) Sony Ericsson Device 716 driver (WDM)
DRV - [2007.02.16 21:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 2B 58 3C 15 4B CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKCU\..\SearchScopes,DefaultScope = {C69BCB98-A432-446B-B386-801C024A295A}
IE - HKCU\..\SearchScopes\{C69BCB98-A432-446B-B386-801C024A295A}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{C79D9791-75BC-488F-AE8D-90B5250E3A68}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{DE168992-EA82-4A01-9158-63DE74B6CFFC}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: 
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\mc\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.02 19:31:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.12 17:12:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.05 13:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.15 18:46:48 | 000,000,000 | ---D | M]
 
[2008.12.17 10:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mc\AppData\Roaming\mozilla\Extensions
[2012.06.05 13:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions
[2011.12.24 15:41:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.24 15:41:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.04 17:09:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.24 15:39:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.06.05 13:09:12 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-1.xml
[2011.12.18 14:29:14 | 000,000,168 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.gif
[2011.12.18 14:29:14 | 000,000,618 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.src
[2012.06.15 18:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.15 17:40:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.15 18:47:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011.12.12 17:12:39 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\USERS\MC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UUHCHZQ9.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE
[2012.06.05 13:14:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.05 13:14:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2012.02.10 15:19:52 | 000,441,283 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15169 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [pamela.exe] C:\Program Files\Pamela\pamela.exe (Pamela-Systems)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\mc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 120.105 ([194.94] http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([http] in Vertrauenswürdige Sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.182 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CBD709C-B947-41DA-B806-F629716B6F70}: DhcpNameServer = 80.69.100.182 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989642EC-EEDC-4410-AFA9-1EB2B3B39409}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFFB8361-4CEE-4516-B144-ED21856A9864}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCB0A9D0-05AD-4A90-9C7C-06497781FE78}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\mc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\mc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.15 19:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2012.06.15 19:39:29 | 000,000,000 | ---D | C] -- C:\Users\mc\AppData\Roaming\1&1 Mail & Media GmbH
[2012.06.15 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\mc\AppData\Local\Deployment
[2012.06.15 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\mc\AppData\Local\Apps
[2012.06.15 19:18:52 | 000,000,000 | ---D | C] -- C:\Users\mc\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.15 19:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.15 19:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.15 19:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.15 18:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.06.15 18:46:48 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.06.15 18:46:47 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.06.15 18:46:47 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.06.15 18:46:47 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.06.15 14:36:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.15 00:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.15 00:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.06.14 23:14:24 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\mc\Desktop\unhide.exe
[2012.06.14 22:34:43 | 003,862,112 | ---- | C] (Piriform Ltd) -- C:\Users\mc\Desktop\ccsetup319.exe
[2012.06.11 14:28:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe
[2012.06.11 11:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.10 21:46:23 | 000,000,000 | ---D | C] -- C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.06.10 13:03:41 | 000,000,000 | ---D | C] -- C:\Users\mc\Desktop\technische zeichnungen
[2012.06.05 13:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.05 13:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.16 13:32:56 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.16 13:32:56 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.16 09:32:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.15 23:16:46 | 000,632,502 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.15 23:16:46 | 000,599,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.15 23:16:46 | 000,127,714 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.15 23:16:46 | 000,105,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.15 22:56:27 | 000,000,983 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.15 22:49:16 | 3218,120,704 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.15 22:48:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.15 19:18:44 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.15 19:02:41 | 000,346,354 | ---- | M] () -- C:\Users\mc\Documents\cc_20120615_190133.reg
[2012.06.15 18:46:15 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.06.15 18:46:15 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.06.15 18:46:15 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.06.15 18:46:14 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.06.15 18:46:13 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.06.15 00:21:34 | 000,039,675 | ---- | M] () -- C:\Users\mc\Desktop\desktop.jpg
[2012.06.14 23:14:25 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\mc\Desktop\unhide.exe
[2012.06.14 22:34:45 | 003,862,112 | ---- | M] (Piriform Ltd) -- C:\Users\mc\Desktop\ccsetup319.exe
[2012.06.11 14:28:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe
[2012.06.09 21:49:37 | 000,038,079 | ---- | M] () -- C:\Users\mc\Desktop\6,h=493_bild.jpg
[2012.06.06 13:58:40 | 000,042,470 | ---- | M] () -- C:\Users\mc\Desktop\9007267975192236_37HAI7WK_c.jpg
[2012.06.04 13:02:33 | 000,008,188 | ---- | M] () -- C:\Users\mc\AppData\Local\d3d9caps.dat
[2012.06.02 11:41:06 | 000,051,200 | ---- | M] () -- C:\Users\mc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.06.15 19:18:44 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.15 19:01:41 | 000,346,354 | ---- | C] () -- C:\Users\mc\Documents\cc_20120615_190133.reg
[2012.06.15 00:21:33 | 000,039,675 | ---- | C] () -- C:\Users\mc\Desktop\desktop.jpg
[2012.06.10 23:55:03 | 3218,120,704 | -HS- | C] () -- C:\hiberfil.sys
[2012.06.09 21:50:20 | 000,038,079 | ---- | C] () -- C:\Users\mc\Desktop\6,h=493_bild.jpg
[2012.06.06 13:58:51 | 000,042,470 | ---- | C] () -- C:\Users\mc\Desktop\9007267975192236_37HAI7WK_c.jpg
[2012.06.05 13:15:21 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.02.13 17:37:03 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.03.11 00:00:29 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2010.12.07 14:34:27 | 000,000,379 | ---- | C] () -- C:\Windows\System32\Pen_Tablet.dat
[2010.11.02 22:42:38 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
 
========== LOP Check ==========
 
[2012.06.15 19:39:29 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\1&1 Mail & Media GmbH
[2008.12.26 14:30:59 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\AD ON Multimedia
[2012.05.01 11:53:08 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Applian FLV and Media Player
[2010.01.28 18:04:02 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Bytemobile
[2009.07.26 14:17:55 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Canon
[2009.02.24 02:28:30 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\com.adobe.ExMan
[2010.10.25 16:56:26 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.06.15 22:56:37 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Dropbox
[2011.02.11 18:11:23 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\DVDVideoSoft
[2010.09.22 20:29:29 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.11 00:00:00 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\HaCon
[2010.07.23 13:55:14 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\ICQ
[2011.05.27 12:30:10 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\IrfanView
[2009.02.16 13:14:44 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Leadertech
[2008.12.28 15:32:06 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Mobile Master
[2011.09.12 21:41:35 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\MyPhoneExplorer
[2009.03.20 19:13:16 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Pamela
[2009.07.12 21:52:10 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\ScanSoft
[2010.11.02 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Sony
[2010.03.07 20:45:00 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Teleca
[2010.01.28 18:04:54 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Vodafone
[2010.01.28 21:13:18 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Vodafone Mobile Connect
[2010.10.01 21:43:39 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Wacom
[2010.10.01 21:43:42 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010.10.01 19:41:39 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\WTouch
[2012.06.15 22:48:19 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
12. - Start- und Taskleiste hängen sich nicht mehr auf
- Suche über die Startleiste ist wieder möglich
- Verschwundene Icons sind nach wie vor verschwunden (aber damit kannich leben)
- PC reagiert immer noch langsam, aber es hängt sich zum Glück nichts mehr auf

Eine Frage: Ich habe mir eine neue externe Festplatte gekauft, um die Daten von meinem PC nach der "Reinigung" dort zu sichern. Wann wird dies möglich sein bzw. würdest du mir dazu oder davon abraten?

Habe heute zusätzlich noch Avira laufen lassen, da es als einziges Programm den data_recovery-Virus entdeckt hatte. Folgendes Ergebnis sieht eigentlich gut aus..?!

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 16. Juni 2012  16:49

Es wird nach 3840974 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : MC-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE     : 12.3.0.15     466896 Bytes  08.05.2012 20:04:38
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 20:04:38
LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 20:04:43
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 20:04:45
AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 20:04:03
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:31:49
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 15:52:04
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 15:52:50
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 17:00:19
VBASE005.VDF   : 7.11.29.136  2166272 Bytes  10.05.2012 20:03:50
VBASE006.VDF   : 7.11.29.137     2048 Bytes  10.05.2012 20:03:50
VBASE007.VDF   : 7.11.29.138     2048 Bytes  10.05.2012 20:03:50
VBASE008.VDF   : 7.11.29.139     2048 Bytes  10.05.2012 20:03:50
VBASE009.VDF   : 7.11.29.140     2048 Bytes  10.05.2012 20:03:50
VBASE010.VDF   : 7.11.29.141     2048 Bytes  10.05.2012 20:03:50
VBASE011.VDF   : 7.11.29.142     2048 Bytes  10.05.2012 20:03:50
VBASE012.VDF   : 7.11.29.143     2048 Bytes  10.05.2012 20:03:50
VBASE013.VDF   : 7.11.29.144     2048 Bytes  10.05.2012 20:03:50
VBASE014.VDF   : 7.11.30.3     198144 Bytes  14.05.2012 20:04:05
VBASE015.VDF   : 7.11.30.69    186368 Bytes  17.05.2012 20:04:10
VBASE016.VDF   : 7.11.30.143   223744 Bytes  21.05.2012 10:33:47
VBASE017.VDF   : 7.11.30.207   287744 Bytes  23.05.2012 20:01:12
VBASE018.VDF   : 7.11.31.57    188416 Bytes  28.05.2012 20:01:15
VBASE019.VDF   : 7.11.31.111   214528 Bytes  30.05.2012 20:26:12
VBASE020.VDF   : 7.11.31.151   116736 Bytes  31.05.2012 20:25:56
VBASE021.VDF   : 7.11.31.205   134144 Bytes  03.06.2012 11:01:56
VBASE022.VDF   : 7.11.32.9     169472 Bytes  05.06.2012 11:02:01
VBASE023.VDF   : 7.11.32.85    155648 Bytes  08.06.2012 13:23:37
VBASE024.VDF   : 7.11.32.133   127488 Bytes  11.06.2012 20:08:58
VBASE025.VDF   : 7.11.32.171   182784 Bytes  12.06.2012 20:08:59
VBASE026.VDF   : 7.11.32.251   119296 Bytes  14.06.2012 20:06:36
VBASE027.VDF   : 7.11.32.252     2048 Bytes  14.06.2012 20:06:36
VBASE028.VDF   : 7.11.32.253     2048 Bytes  14.06.2012 20:06:36
VBASE029.VDF   : 7.11.32.254     2048 Bytes  14.06.2012 20:06:36
VBASE030.VDF   : 7.11.32.255     2048 Bytes  14.06.2012 20:06:36
VBASE031.VDF   : 7.11.33.28     55296 Bytes  15.06.2012 20:06:36
Engineversion  : 8.2.10.92 
AEVDF.DLL      : 8.1.2.8       106867 Bytes  02.06.2012 07:17:50
AESCRIPT.DLL   : 8.1.4.26      450939 Bytes  14.06.2012 20:18:23
AESCN.DLL      : 8.1.8.2       131444 Bytes  13.02.2012 15:53:21
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 20:18:31
AERDL.DLL      : 8.1.9.15      639348 Bytes  14.12.2011 23:31:02
AEPACK.DLL     : 8.2.16.18     807287 Bytes  14.06.2012 20:18:19
AEOFFICE.DLL   : 8.1.2.36      201082 Bytes  14.06.2012 20:18:07
AEHEUR.DLL     : 8.1.4.46     4923767 Bytes  14.06.2012 20:18:04
AEHELP.DLL     : 8.1.21.0      254326 Bytes  10.05.2012 20:03:52
AEGEN.DLL      : 8.1.5.30      422261 Bytes  14.06.2012 20:16:08
AEEXP.DLL      : 8.1.0.52       82293 Bytes  14.06.2012 20:18:32
AEEMU.DLL      : 8.1.3.0       393589 Bytes  14.12.2011 23:30:58
AECORE.DLL     : 8.1.25.10     201080 Bytes  31.05.2012 20:25:58
AEBB.DLL       : 8.1.1.0        53618 Bytes  14.12.2011 23:30:58
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 20:04:35
AVPREF.DLL     : 12.3.0.15      51920 Bytes  08.05.2012 20:04:38
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 20:04:45
AVARKT.DLL     : 12.3.0.15     211408 Bytes  08.05.2012 20:04:37
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 20:04:37
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 20:04:44
AVSMTP.DLL     : 12.3.0.15      63440 Bytes  08.05.2012 20:04:38
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 20:04:43
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 20:04:36
RCTEXT.DLL     : 12.3.0.15      98512 Bytes  08.05.2012 20:04:36

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 16. Juni 2012  16:49

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'taskeng.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcbuilder.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'InputPersonalization.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanionInfo.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUPERAntiSpyware.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleDesktop.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanion.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pamela.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'LANUtil.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'BambooCore.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDBtnMgrUI.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleDesktop.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'SPMgr.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'VAIOUpdt.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '138' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TabletUser.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TouchUser.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSW.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDBtnMgrSvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzCdbSvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCFw.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SPMService.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'ieconfig_1und1_svc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'NSUService.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE.EXE' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TouchService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkAudioService.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3749' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Program Files\ICQ6.5\ConfigFiles\TopSearches.7z
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Program Files\ICQ6.5\ConfigFiles\TopSearchesDe.7z
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Users\mc\Documents\ADBEIDSNCS4_LS4.7z
  [WARNUNG]   Dieses Archiv wird nicht unterstützt
C:\Users\mc\Documents\indes\ADBEIDSNCS4_LS4.7z
  [WARNUNG]   Dieses Archiv wird nicht unterstützt
C:\Users\mc\Downloads\avira_free_antivirus_de.exe
  [WARNUNG]   Die Datei ist kennwortgeschützt


Ende des Suchlaufs: Samstag, 16. Juni 2012  21:39
Benötigte Zeit:  4:50:14 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  35544 Verzeichnisse wurden überprüft
 939495 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 939495 Dateien ohne Befall
   6573 Archive wurden durchsucht
      5 Warnungen
      0 Hinweise
 1079043 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
Habe heute zusätzlich noch Avira laufen lassen, da es als einziges Programm den data_recovery-Virus entdeckt hatte. Folgendes Ergebnis sieht eigentlich gut aus..?!

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 16. Juni 2012  16:49

Es wird nach 3840974 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : MC-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE     : 12.3.0.15     466896 Bytes  08.05.2012 20:04:38
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 20:04:38
LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 20:04:43
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 20:04:45
AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 20:04:03
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:31:49
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 15:52:04
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 15:52:50
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 17:00:19
VBASE005.VDF   : 7.11.29.136  2166272 Bytes  10.05.2012 20:03:50
VBASE006.VDF   : 7.11.29.137     2048 Bytes  10.05.2012 20:03:50
VBASE007.VDF   : 7.11.29.138     2048 Bytes  10.05.2012 20:03:50
VBASE008.VDF   : 7.11.29.139     2048 Bytes  10.05.2012 20:03:50
VBASE009.VDF   : 7.11.29.140     2048 Bytes  10.05.2012 20:03:50
VBASE010.VDF   : 7.11.29.141     2048 Bytes  10.05.2012 20:03:50
VBASE011.VDF   : 7.11.29.142     2048 Bytes  10.05.2012 20:03:50
VBASE012.VDF   : 7.11.29.143     2048 Bytes  10.05.2012 20:03:50
VBASE013.VDF   : 7.11.29.144     2048 Bytes  10.05.2012 20:03:50
VBASE014.VDF   : 7.11.30.3     198144 Bytes  14.05.2012 20:04:05
VBASE015.VDF   : 7.11.30.69    186368 Bytes  17.05.2012 20:04:10
VBASE016.VDF   : 7.11.30.143   223744 Bytes  21.05.2012 10:33:47
VBASE017.VDF   : 7.11.30.207   287744 Bytes  23.05.2012 20:01:12
VBASE018.VDF   : 7.11.31.57    188416 Bytes  28.05.2012 20:01:15
VBASE019.VDF   : 7.11.31.111   214528 Bytes  30.05.2012 20:26:12
VBASE020.VDF   : 7.11.31.151   116736 Bytes  31.05.2012 20:25:56
VBASE021.VDF   : 7.11.31.205   134144 Bytes  03.06.2012 11:01:56
VBASE022.VDF   : 7.11.32.9     169472 Bytes  05.06.2012 11:02:01
VBASE023.VDF   : 7.11.32.85    155648 Bytes  08.06.2012 13:23:37
VBASE024.VDF   : 7.11.32.133   127488 Bytes  11.06.2012 20:08:58
VBASE025.VDF   : 7.11.32.171   182784 Bytes  12.06.2012 20:08:59
VBASE026.VDF   : 7.11.32.251   119296 Bytes  14.06.2012 20:06:36
VBASE027.VDF   : 7.11.32.252     2048 Bytes  14.06.2012 20:06:36
VBASE028.VDF   : 7.11.32.253     2048 Bytes  14.06.2012 20:06:36
VBASE029.VDF   : 7.11.32.254     2048 Bytes  14.06.2012 20:06:36
VBASE030.VDF   : 7.11.32.255     2048 Bytes  14.06.2012 20:06:36
VBASE031.VDF   : 7.11.33.28     55296 Bytes  15.06.2012 20:06:36
Engineversion  : 8.2.10.92 
AEVDF.DLL      : 8.1.2.8       106867 Bytes  02.06.2012 07:17:50
AESCRIPT.DLL   : 8.1.4.26      450939 Bytes  14.06.2012 20:18:23
AESCN.DLL      : 8.1.8.2       131444 Bytes  13.02.2012 15:53:21
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 20:18:31
AERDL.DLL      : 8.1.9.15      639348 Bytes  14.12.2011 23:31:02
AEPACK.DLL     : 8.2.16.18     807287 Bytes  14.06.2012 20:18:19
AEOFFICE.DLL   : 8.1.2.36      201082 Bytes  14.06.2012 20:18:07
AEHEUR.DLL     : 8.1.4.46     4923767 Bytes  14.06.2012 20:18:04
AEHELP.DLL     : 8.1.21.0      254326 Bytes  10.05.2012 20:03:52
AEGEN.DLL      : 8.1.5.30      422261 Bytes  14.06.2012 20:16:08
AEEXP.DLL      : 8.1.0.52       82293 Bytes  14.06.2012 20:18:32
AEEMU.DLL      : 8.1.3.0       393589 Bytes  14.12.2011 23:30:58
AECORE.DLL     : 8.1.25.10     201080 Bytes  31.05.2012 20:25:58
AEBB.DLL       : 8.1.1.0        53618 Bytes  14.12.2011 23:30:58
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 20:04:35
AVPREF.DLL     : 12.3.0.15      51920 Bytes  08.05.2012 20:04:38
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 20:04:45
AVARKT.DLL     : 12.3.0.15     211408 Bytes  08.05.2012 20:04:37
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 20:04:37
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 20:04:44
AVSMTP.DLL     : 12.3.0.15      63440 Bytes  08.05.2012 20:04:38
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 20:04:43
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 20:04:36
RCTEXT.DLL     : 12.3.0.15      98512 Bytes  08.05.2012 20:04:36

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 16. Juni 2012  16:49

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'taskeng.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcbuilder.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'InputPersonalization.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanionInfo.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUPERAntiSpyware.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleDesktop.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanion.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pamela.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'LANUtil.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'BambooCore.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDBtnMgrUI.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleDesktop.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'SPMgr.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'VAIOUpdt.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '138' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TabletUser.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TouchUser.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSW.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDBtnMgrSvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzCdbSvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCFw.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SPMService.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'ieconfig_1und1_svc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'NSUService.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE.EXE' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TouchService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkAudioService.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3749' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Program Files\ICQ6.5\ConfigFiles\TopSearches.7z
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Program Files\ICQ6.5\ConfigFiles\TopSearchesDe.7z
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Users\mc\Documents\ADBEIDSNCS4_LS4.7z
  [WARNUNG]   Dieses Archiv wird nicht unterstützt
C:\Users\mc\Documents\indes\ADBEIDSNCS4_LS4.7z
  [WARNUNG]   Dieses Archiv wird nicht unterstützt
C:\Users\mc\Downloads\avira_free_antivirus_de.exe
  [WARNUNG]   Die Datei ist kennwortgeschützt


Ende des Suchlaufs: Samstag, 16. Juni 2012  21:39
Benötigte Zeit:  4:50:14 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  35544 Verzeichnisse wurden überprüft
 939495 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 939495 Dateien ohne Befall
   6573 Archive wurden durchsucht
      5 Warnungen
      0 Hinweise
 1079043 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         

Geändert von shomg (16.06.2012 um 14:50 Uhr)

Alt 16.06.2012, 21:35   #8
shomg
 
Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Standard

Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"



Sorry, unabsichtliches 3-fach-Posting, mein Internet hat gesponnen, mein Post kann gelöscht werden.

Geändert von shomg (16.06.2012 um 22:27 Uhr)

Alt 17.06.2012, 06:10   #9
kira
/// Helfer-Team
 
Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Standard

Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"



Zitat:
Zitat von shomg Beitrag anzeigen
- Verschwundene Icons sind nach wie vor verschwunden (aber damit kannich leben)
Mit Rechts-Klick auf den Desktop wähle -> Neu -> Verknüpfung ... Wähle die gewünschte Programm-Verknüpfung aus

1.
SUPERAntiSpyware und Malwarebytes kannst deinstallieren

2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTLPE
  • Starte die OTLPE
  • Kopiere folgendes Skript (unverändert inkl. :OTL):
Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.web.de/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {C69BCB98-A432-446B-B386-801C024A295A}
IE - HKCU\..\SearchScopes\{C69BCB98-A432-446B-B386-801C024A295A}: "URL" = http://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{C79D9791-75BC-488F-AE8D-90B5250E3A68}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{DE168992-EA82-4A01-9158-63DE74B6CFFC}: "URL" =ttsu={searchTerms}

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Run Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

3.
Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter
Zitat:
Keine offenen Fenster, solang bis HijackThis läuft!!-> HijackThis starten-> "Do a system scan and save a logfile" klicken (kurz warten) -> das erhaltene Logfile "markieren" -> "kopieren"-> hier in deinem Thread (rechte Maustaste) "einfügen" (musst du im Forum eingeloggt sein!)
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Geändert von kira (17.06.2012 um 06:15 Uhr)

Alt 17.06.2012, 09:25   #10
shomg
 
Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Standard

Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"



Guten Morgen!

Auf dem Desktop ist alles wieder vorhanden, es handelt sich, wie oben beschrieben, um ein paar Icons, die in der Schnellstartleiste nicht mit ihrem richtigen Logo angezeigt werden. Ich sehe stattdessen ein weißes Fenster.

1. Habe SUPERAntiSpyware deinstalliert, Malwarebytes würde ich gerne behalten.

2. Mit OTL gefixt

Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C69BCB98-A432-446B-B386-801C024A295A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C69BCB98-A432-446B-B386-801C024A295A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C79D9791-75BC-488F-AE8D-90B5250E3A68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C79D9791-75BC-488F-AE8D-90B5250E3A68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DE168992-EA82-4A01-9158-63DE74B6CFFC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE168992-EA82-4A01-9158-63DE74B6CFFC}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\mc\Desktop\cmd.bat deleted successfully.
C:\Users\mc\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: mc
->Temp folder emptied: 28314562 bytes
->Temporary Internet Files folder emptied: 37164663 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1084 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24339994 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 86,00 mb
 
 
OTL by OldTimer - Version 3.2.48.0 log created on 06172012_095440

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
3. Hijackthis
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:37, on 17.06.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Pamela\Pamela.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\mc\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: WEB.DE Toolbar BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: WEB.DE Toolbar - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [pamela.exe] "C:\Program Files\Pamela\pamela.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = mc\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Free YouTube Download - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: hxxp://194.94.120.105 (HKLM)
O15 - Trusted IP range: hxxp://194.94.120.105
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - hxxp://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: webde - {8FAF0273-9CA8-4EFC-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: IEConfig 1und1/WEB.DE/GMX Edition (serviceIEConfig) - Unknown owner - C:\Windows\System32\ieconfig_1und1_svc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 17034 bytes
         
Wie sieht es momentan aus, meinst du wir bekommen das wieder hin?

Alt 17.06.2012, 19:20   #11
kira
/// Helfer-Team
 
Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Standard

Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"



1.
kannst deinstallieren:
Malwarebytes' Anti-Malware

2.
Empfehlungen/Vorschläge:

Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben
Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.- Bei allem Häkchen weg was nicht starten soll.
Die Programme bleiben dabei erhalten, falls man braucht, kann jederzeit manuell gestartet werden!

Code:
ATTFilter
Du solltest nie deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound
         
Es ist immer Benutzerspezifisch (ein allgemein gültiges Rezept gibt es nicht), Tipps kann ich Dir geben

► Vista u. Win7: "Start -> Alle Programme-> Zubehör-> Ausführen" .. und gibst Du "msconfig" (ohne "") ein ->OK -> Systemstart-> Häckhen weg
An deiner Stelle würde ich aus dem Autostart folgende Programme rausnehmen:
(Autostart-Einträge, die Du nicht findest, einfach mit HijackThis fixen:
Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:
ATTFilter
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [pamela.exe] "C:\Program Files\Pamela\pamela.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
         
Achtung!:
Für die aufgelisteten Programme gelten zusätzlich, dass man nach Aktualisierung (AfterUpdate) erneut unter Start und Dienste nachkontrollieren ggf erneut deaktivieren muss!

3.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...(Wista und WIN 7)

► eine bemerkbare Besserung eingetreten?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 18.06.2012, 11:42   #12
shomg
 
Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Standard

Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"



Ich habe einige Programme, die du mir empfohlen hast, manuell aus dem Autostart genommen.

Bevor ich allerdings mit HijackThis etwas fixe, möchte ich gerne wissen was ich von dieser Meldung halten soll, die erscheint wenn ich auf "Scan" klicke und die ich angehängt habe. Kann ich die ignorieren oder was ist zu tun?

Desweiteren kommt eine "catalyst control centre"-Fehlermeldung, wenn ich den PC neu gestartet habe...habe ich ebenfalls angehängt.

Miniaturansicht angehängter Grafiken
Alle Dateien versteckt - Befall mit &quot;trojan.fasagent&quot; und &quot;PUM.Hijack.StartMenu&quot;-hijackthis.jpg   Alle Dateien versteckt - Befall mit &quot;trojan.fasagent&quot; und &quot;PUM.Hijack.StartMenu&quot;-catalyst-control-centre.jpg  

Alt 21.06.2012, 22:26   #13
shomg
 
Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Standard

Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"



Hallo Kira,

würde mich freuen wenn du dich [oder auch jemand anderes falls du noch länger verhindert bist] dazu nochmal äußern könntest, damit die Sache (hoffentlich) abgeschlossen werden kann.

Vielen Dank und LG

Alt 29.06.2012, 04:46   #14
kira
/// Helfer-Team
 
Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Standard

Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"



sorry, wegen Urlaub konnte ich nicht früher antworten

Zitat:
Zitat von shomg Beitrag anzeigen
Bevor ich allerdings mit HijackThis etwas fixe, möchte ich gerne wissen was ich von dieser Meldung halten soll, die erscheint wenn ich auf "Scan" klicke und die ich angehängt habe.
bei Vista und Win7:
Rechtsklick auf HijackThis-> "als Administrator ausführen" auswählen
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 29.06.2012, 10:37   #15
shomg
 
Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Standard

Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"



Das habe ich mir fast gedacht!

Die Funktion "als Administrator ausführen" ist bei mir leider nicht möglich?! Siehe Anhang.
Miniaturansicht angehängter Grafiken
Alle Dateien versteckt - Befall mit &quot;trojan.fasagent&quot; und &quot;PUM.Hijack.StartMenu&quot;-admin.jpg  

Antwort

Themen zu Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"
adblock, alternate, avira, benutzerregistrierung, bho, bonjour, browser, computer, desktop, excel, flash player, google, home, hängen, iexplore.exe, install.exe, intranet, limited.com/facebook, logfile, microsoft office word, mp3, myphoneexplorer, nicht sicher, ntdll.dll, office 2007, picasa, problem, programm, realtek, scan, searchscopes, security, security scan, sekunden, server, software, tablet, trojaner, vista



Ähnliche Themen: Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. "Fehler: Server nicht gefunden" immer noch nach "WAJAM.A.1"-Befall
    Plagegeister aller Art und deren Bekämpfung - 05.11.2014 (15)
  3. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  4. Virus "versteckt" Ordner und Dateien auf USB-Stick!
    Plagegeister aller Art und deren Bekämpfung - 13.11.2013 (7)
  5. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  6. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  7. "Nur" PUM.Hijack.Startmenu aber Rechner sobald IE gestartet wird extrem langsam
    Log-Analyse und Auswertung - 02.10.2012 (1)
  8. "Licensevalidator.exe" u.A.: ESET meldet "Win32/Kryptik.ADPW trojan" sowie "Win32/Gataka.A trojan"
    Log-Analyse und Auswertung - 12.04.2012 (21)
  9. Malwarereinigung: "TR/Kazy.25747.40", "Trojan.Downloader..." und "Backdoor: Win32Cycbot.B"
    Log-Analyse und Auswertung - 09.06.2011 (1)
  10. "Festplatte beschädigt"-Meldungen, schwarzer Desktop, alle Dateien versteckt
    Log-Analyse und Auswertung - 01.06.2011 (12)
  11. Virus hat meine Dateien Versteckt. "das angegebene Modul wurde nicht gefunden"
    Log-Analyse und Auswertung - 19.05.2011 (16)
  12. MS Removal Tool / Virus - meine Dateien sind "versteckt" !
    Log-Analyse und Auswertung - 16.04.2011 (8)
  13. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  14. AVG findet "Trojan horse Generic15.EAM", Antimalware "Trojan.Agent" + "Rootkit.Agent"
    Plagegeister aller Art und deren Bekämpfung - 03.11.2009 (13)
  15. "TR/Dropper.Gen" wütet im "Eigene Dateien"-Ordner, Hijackthis bitte auswerten!
    Log-Analyse und Auswertung - 10.09.2009 (9)
  16. Kann nichts mehr runterladen, auch nicht "HiJack This"! ("Your Computer is infected")
    Plagegeister aller Art und deren Bekämpfung - 21.10.2008 (9)
  17. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)

Zum Thema Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" - Hallo! Ich bin auf dieses Forum gestoßen, da ich mir gestern einen Trojaner eingefangen habe. Habe bereits viele Foren durchforstet und hoffe, dass ich bei euch Hilfe bekomme. Folgendes Problem: - Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"...
Archiv
Du betrachtest: Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.