Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner erkannt und z. T. gelöscht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.01.2013, 00:04   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner erkannt und z. T. gelöscht - Standard

GVU-Trojaner erkannt und z. T. gelöscht



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.01.2013, 01:06   #17
wolfk
 
GVU-Trojaner erkannt und z. T. gelöscht - Standard

GVU-Trojaner erkannt und z. T. gelöscht



Hallo Cosinus,

zunächst habe ich

-alle offenen Programme und Browser geschlossen um dann
-die adwcleaner.exe mit einem Doppelklick zu starten.
-Anschließend habe ich den "Löschen"-Knopf betätigt und
die folgenden Fragen mit "OK" beantwortet.
-Der Rechner wurde neu gestartet und es öffnete sich
eine Textdatei, deren Inhalt ich nun poste (anbei).

Danach die Kontrolle mit OTL

-Doppelklick auf die OTL.exe und mittig den Haken bei
scanne alle Benutzer setzen.
-Minimalen Output und Use SafeList wählen.
-Auf Run Scan links oben klicken.
-Wenn der Scan beendet ist, sind die beiden Logfiles,
die erstellt wurden in CODE-Tags in den Thread zu posten.
(Anbei)

Vielen Dank für Hilfen, Hinweise und Vorgehensweisen.

wolfk

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 11/01/2013 um 00:14:37 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Wolfgang - LAPTOP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
Ordner Gelöscht : C:\Programme\Ask.com
Ordner Gelöscht : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\Software\Description
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=100000013&gct=hp --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17]
AdwCleaner[R2].txt - [6172 octets] - [10/01/2013 21:49:37]
AdwCleaner[S2].txt - [6141 octets] - [11/01/2013 00:14:37]

########## EOF - C:\AdwCleaner[S2].txt - [6201 octets] ##########
         
Code:
ATTFilter
OTL logfile created on: 11.01.2013 00:41:23 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,91% Memory free
3,85 Gb Paging File | 2,99 Gb Available in Paging File | 77,63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,70 Gb Free Space | 52,63% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,16 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,84 Gb Free Space | 90,71% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,27 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\Programme\mozilla firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd ()
MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd ()
MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd ()
MOD - C:\Programme\Box Sync\_ssl.pyd ()
MOD - C:\Programme\Box Sync\unicodedata.pyd ()
MOD - C:\Programme\Box Sync\sqlite3.dll ()
MOD - C:\Programme\Box Sync\_hashlib.pyd ()
MOD - C:\Programme\Box Sync\pyexpat.pyd ()
MOD - C:\Programme\Box Sync\win32file.pyd ()
MOD - C:\Programme\Box Sync\pywintypes27.dll ()
MOD - C:\Programme\Box Sync\win32security.pyd ()
MOD - C:\Programme\Box Sync\win32api.pyd ()
MOD - C:\Programme\Box Sync\_elementtree.pyd ()
MOD - C:\Programme\Box Sync\_ctypes.pyd ()
MOD - C:\Programme\Box Sync\_sqlite3.pyd ()
MOD - C:\Programme\Box Sync\_socket.pyd ()
MOD - C:\Programme\Box Sync\_testcapi.pyd ()
MOD - C:\Programme\Box Sync\_win32sysloader.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd ()
MOD - C:\Programme\ubuntuone\dist\sip.pyd ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\hardcopy\HcDllS.dll ()
MOD - C:\Programme\ubuntuone\dist\_ssl.pyd ()
MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd ()
MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd ()
MOD - C:\Programme\ubuntuone\dist\select.pyd ()
MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd ()
MOD - C:\Programme\ubuntuone\dist\_socket.pyd ()
MOD - G:\hardcopy\HcDLL2_36_Win32.dll ()
MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd ()
MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll ()
MOD - C:\Programme\ubuntuone\dist\win32gui.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32api.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32trace.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32security.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32process.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32event.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32file.pyd ()
MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll ()
MOD - G:\hardcopy\hardcopy_04.dll ()
MOD - G:\Programme\Notepad++\plugins\NppFTP.dll ()
MOD - G:\Programme\Notepad++\plugins\NppExport.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll ()
MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins
 
[2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions
[2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com
[2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
[2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml
[2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2013.01.09 21:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011
[2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera
[2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung
[2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather
[2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100
[2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One
[2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One
[2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone
[2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync
[2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache
[2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital
[2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link
[2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1
[2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky
[2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
[2012.12.17 00:56:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2012.12.15 22:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Try2
[2012.12.15 22:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Try2
[2012.12.15 22:15:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\rondomedia
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.11 00:38:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.11 00:17:24 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.11 00:17:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.11 00:17:04 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 21:33:42 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 21:56:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 01:12:59 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini
[2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.23 00:00:41 | 000,003,027 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm
[2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.12.17 00:56:12 | 000,000,603 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012.12.15 22:15:51 | 000,000,926 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Jewel Empire - Hidden Secrets.lnk
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.10 21:33:45 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 20:02:56 | 000,357,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe
[2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.23 00:00:41 | 000,003,027 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm
[2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.12.17 00:56:12 | 000,000,603 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2012.12.15 22:15:51 | 000,000,926 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Jewel Empire - Hidden Secrets.lnk
[2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini
[2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat
[2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf
[2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat
[2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm
[2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 11.01.2013 00:41:23 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,91% Memory free
3,85 Gb Paging File | 2,99 Gb Available in Paging File | 77,63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,70 Gb Free Space | 52,63% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,16 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,84 Gb Free Space | 90,71% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,27 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo)
"C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- ()
"C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exif-Viewer" = Exif-Viewer 2.51 
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"F-Secure Product 444" = F-Secure Internet Security 2009
"GIMP-2_is1" = GIMP 2.8.0
"Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShiftN_is1" = ShiftN 3.6.1
"Software Informer_is1" = Software Informer 1.1
"STRATO HiDrive" = STRATO HiDrive (remove only)
"The GodFather" = The GodFather
"Ubuntu One 4.0.0" = Ubuntu One
"UnderCoverXP_is1" = UnderCoverXP 1.23
"VLC media player" = VLC media player 2.0.4
"WD Link" = WD Link
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TwonkyServer" = Twonky 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.01.2013 14:35:55 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung fsm32.exe, Version 8.10.30091.0, fehlgeschlagenes
 Modul gdiplus.dll, Version 5.2.6002.22791, Fehleradresse 0x000445f4.
 
Error - 10.01.2013 14:35:58 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 1  2013-01-10  19:35:36+02:00  LAPTOP-PC  LAPTOP-PC\Wolfgang  F-Secure
 Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME13\DOKUMENTE 
UND EINSTELLUNGEN\WOLFGANG\ANWENDUNGSDATEN\SOFTWARE INFORMER\CACHE\ICONS\SIC4.TMP.
     
 
Error - 10.01.2013 14:37:55 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 2  2013-01-10  19:37:55+02:00  LAPTOP-PC  LAPTOP-PC\Wolfgang  F-Secure
 Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME13\PROGRAMME\SONY\WLANSET\WLANSET.EXE.
     
 
Error - 10.01.2013 14:38:54 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt
 "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows
 Installer kann nicht fortfahren.
 
Error - 10.01.2013 14:38:56 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
 enthalten.
 
Error - 10.01.2013 14:38:57 | Computer Name = LAPTOP-PC | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 10.01.2013 14:52:55 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt
 "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows
 Installer kann nicht fortfahren.
 
Error - 10.01.2013 14:52:58 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
 enthalten.
 
Error - 10.01.2013 14:52:58 | Computer Name = LAPTOP-PC | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 10.01.2013 19:50:27 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 1  2013-01-11  00:50:26+02:00  LAPTOP-PC  LAPTOP-PC\Wolfgang  F-Secure
 Anti-Virus   Malicious code found in file C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe.
    Infection: Trojan.Generic.8544936    Action: The file was quarantined.     
 
[ System Events ]
Error - 10.01.2013 16:54:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 17:25:06 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 17:55:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 18:26:06 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 18:56:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:18:41 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:20:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:21:42 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:23:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:24:42 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >
         
__________________


Alt 11.01.2013, 01:08   #18
wolfk
 
GVU-Trojaner erkannt und z. T. gelöscht - Standard

GVU-Trojaner erkannt und z. T. gelöscht



Hallo Cosinus,

zunächst habe ich

-alle offenen Programme und Browser geschlossen um dann
-die adwcleaner.exe mit einem Doppelklick zu starten.
-Anschließend habe ich den "Löschen"-Knopf betätigt und
die folgenden Fragen mit "OK" beantwortet.
-Der Rechner wurde neu gestartet und es öffnete sich
eine Textdatei, deren Inhalt ich nun poste (anbei).

Danach die Kontrolle mit OTL

-Doppelklick auf die OTL.exe und mittig den Haken bei
scanne alle Benutzer setzen.
-Minimalen Output und Use SafeList wählen.
-Auf Run Scan links oben klicken.
-Wenn der Scan beendet ist, sind die beiden Logfiles,
die erstellt wurden in CODE-Tags in den Thread zu posten.
(Anbei)

Unter Heute 00.50 meldet mein Antivirenprogramm
"Trojan.Generic.8544936" entfernt.

Vielen Dank für Hilfen, Hinweise und Vorgehensweisen.

wolfk

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 11/01/2013 um 00:14:37 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Wolfgang - LAPTOP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
Ordner Gelöscht : C:\Programme\Ask.com
Ordner Gelöscht : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\Software\Description
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=100000013&gct=hp --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17]
AdwCleaner[R2].txt - [6172 octets] - [10/01/2013 21:49:37]
AdwCleaner[S2].txt - [6141 octets] - [11/01/2013 00:14:37]

########## EOF - C:\AdwCleaner[S2].txt - [6201 octets] ##########
         
Code:
ATTFilter
OTL logfile created on: 11.01.2013 00:41:23 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,91% Memory free
3,85 Gb Paging File | 2,99 Gb Available in Paging File | 77,63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,70 Gb Free Space | 52,63% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,16 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,84 Gb Free Space | 90,71% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,27 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\Programme\mozilla firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd ()
MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd ()
MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd ()
MOD - C:\Programme\Box Sync\_ssl.pyd ()
MOD - C:\Programme\Box Sync\unicodedata.pyd ()
MOD - C:\Programme\Box Sync\sqlite3.dll ()
MOD - C:\Programme\Box Sync\_hashlib.pyd ()
MOD - C:\Programme\Box Sync\pyexpat.pyd ()
MOD - C:\Programme\Box Sync\win32file.pyd ()
MOD - C:\Programme\Box Sync\pywintypes27.dll ()
MOD - C:\Programme\Box Sync\win32security.pyd ()
MOD - C:\Programme\Box Sync\win32api.pyd ()
MOD - C:\Programme\Box Sync\_elementtree.pyd ()
MOD - C:\Programme\Box Sync\_ctypes.pyd ()
MOD - C:\Programme\Box Sync\_sqlite3.pyd ()
MOD - C:\Programme\Box Sync\_socket.pyd ()
MOD - C:\Programme\Box Sync\_testcapi.pyd ()
MOD - C:\Programme\Box Sync\_win32sysloader.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd ()
MOD - C:\Programme\ubuntuone\dist\sip.pyd ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\hardcopy\HcDllS.dll ()
MOD - C:\Programme\ubuntuone\dist\_ssl.pyd ()
MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd ()
MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd ()
MOD - C:\Programme\ubuntuone\dist\select.pyd ()
MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd ()
MOD - C:\Programme\ubuntuone\dist\_socket.pyd ()
MOD - G:\hardcopy\HcDLL2_36_Win32.dll ()
MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd ()
MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll ()
MOD - C:\Programme\ubuntuone\dist\win32gui.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32api.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32trace.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32security.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32process.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32event.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32file.pyd ()
MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll ()
MOD - G:\hardcopy\hardcopy_04.dll ()
MOD - G:\Programme\Notepad++\plugins\NppFTP.dll ()
MOD - G:\Programme\Notepad++\plugins\NppExport.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll ()
MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins
 
[2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions
[2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com
[2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
[2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml
[2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2013.01.09 21:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011
[2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera
[2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung
[2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather
[2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100
[2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One
[2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One
[2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone
[2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync
[2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache
[2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital
[2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link
[2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1
[2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky
[2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
[2012.12.17 00:56:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2012.12.15 22:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Try2
[2012.12.15 22:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Try2
[2012.12.15 22:15:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\rondomedia
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.11 00:38:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.11 00:17:24 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.11 00:17:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.11 00:17:04 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 21:33:42 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 21:56:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 01:12:59 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini
[2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.23 00:00:41 | 000,003,027 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm
[2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.12.17 00:56:12 | 000,000,603 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012.12.15 22:15:51 | 000,000,926 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Jewel Empire - Hidden Secrets.lnk
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.10 21:33:45 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 20:02:56 | 000,357,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe
[2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.23 00:00:41 | 000,003,027 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm
[2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.12.17 00:56:12 | 000,000,603 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2012.12.15 22:15:51 | 000,000,926 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Jewel Empire - Hidden Secrets.lnk
[2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini
[2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat
[2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf
[2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat
[2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm
[2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 11.01.2013 00:41:23 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,91% Memory free
3,85 Gb Paging File | 2,99 Gb Available in Paging File | 77,63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,70 Gb Free Space | 52,63% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,16 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,84 Gb Free Space | 90,71% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,27 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo)
"C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- ()
"C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exif-Viewer" = Exif-Viewer 2.51 
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"F-Secure Product 444" = F-Secure Internet Security 2009
"GIMP-2_is1" = GIMP 2.8.0
"Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShiftN_is1" = ShiftN 3.6.1
"Software Informer_is1" = Software Informer 1.1
"STRATO HiDrive" = STRATO HiDrive (remove only)
"The GodFather" = The GodFather
"Ubuntu One 4.0.0" = Ubuntu One
"UnderCoverXP_is1" = UnderCoverXP 1.23
"VLC media player" = VLC media player 2.0.4
"WD Link" = WD Link
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TwonkyServer" = Twonky 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.01.2013 14:35:55 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung fsm32.exe, Version 8.10.30091.0, fehlgeschlagenes
 Modul gdiplus.dll, Version 5.2.6002.22791, Fehleradresse 0x000445f4.
 
Error - 10.01.2013 14:35:58 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 1  2013-01-10  19:35:36+02:00  LAPTOP-PC  LAPTOP-PC\Wolfgang  F-Secure
 Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME13\DOKUMENTE 
UND EINSTELLUNGEN\WOLFGANG\ANWENDUNGSDATEN\SOFTWARE INFORMER\CACHE\ICONS\SIC4.TMP.
     
 
Error - 10.01.2013 14:37:55 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 2  2013-01-10  19:37:55+02:00  LAPTOP-PC  LAPTOP-PC\Wolfgang  F-Secure
 Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME13\PROGRAMME\SONY\WLANSET\WLANSET.EXE.
     
 
Error - 10.01.2013 14:38:54 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt
 "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows
 Installer kann nicht fortfahren.
 
Error - 10.01.2013 14:38:56 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
 enthalten.
 
Error - 10.01.2013 14:38:57 | Computer Name = LAPTOP-PC | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 10.01.2013 14:52:55 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt
 "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows
 Installer kann nicht fortfahren.
 
Error - 10.01.2013 14:52:58 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
 enthalten.
 
Error - 10.01.2013 14:52:58 | Computer Name = LAPTOP-PC | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 10.01.2013 19:50:27 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 1  2013-01-11  00:50:26+02:00  LAPTOP-PC  LAPTOP-PC\Wolfgang  F-Secure
 Anti-Virus   Malicious code found in file C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe.
    Infection: Trojan.Generic.8544936    Action: The file was quarantined.     
 
[ System Events ]
Error - 10.01.2013 16:54:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 17:25:06 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 17:55:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 18:26:06 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 18:56:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:18:41 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:20:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:21:42 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:23:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:24:42 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >
         
__________________

Geändert von wolfk (11.01.2013 um 01:19 Uhr)

Alt 15.01.2013, 15:23   #19
wolfk
 
GVU-Trojaner erkannt und z. T. gelöscht - Standard

GVU-Trojaner erkannt und z. T. gelöscht



Erinnerung an meinen Thread

Hallo Cosinus,

ich hoffe, die Freizeit war angenehm. Nun geht es sicher wie immer mit voller Kraft
weiter.

Gruß

Wolfk

Alt 15.01.2013, 16:44   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner erkannt und z. T. gelöscht - Standard

GVU-Trojaner erkannt und z. T. gelöscht



Hm, da ist immer noch Toolbar-Müll drin
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.01.2013, 18:20   #21
wolfk
 
GVU-Trojaner erkannt und z. T. gelöscht - Standard

GVU-Trojaner erkannt und z. T. gelöscht



Hallo Cosinus,

habe die alte adwcleaner gelöscht und die Datei noch einmal neu heruntergeladen
und auf "Suche" geklickt. Anbei die entstandene Logdatei.

Ich habe per Zufall eine Removal.log-Editor-Datei meines Virenwächters gefunden.
Sie wird ebenfalls gepostet.

Vielen Dank für Deine Bemühungen und einen guten Start in die Woche.

Wolfk

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 15/01/2013 um 17:22:16 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Wolfgang - LAPTOP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\Software\Description

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17]
AdwCleaner[R2].txt - [6172 octets] - [10/01/2013 21:49:37]
AdwCleaner[R3].txt - [759 octets] - [15/01/2013 17:22:16]
AdwCleaner[S2].txt - [6270 octets] - [11/01/2013 00:14:37]

########## EOF - C:\AdwCleaner[R3].txt - [878 octets] ##########
         
Hier die Removal-Log.Editor-Datei

Code:
ATTFilter
23.12.2012 00:00:17 Exploit:W32/CVE-2011-3402.A BEGIN
;
;Log created by USS version 5.1.18250
;
23.12.2012 00:00:17  Exploit:W32/CVE-2011-3402.A file "C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5RLGOV1T\dissolve.culture[1].htm" quarantined success 
23.12.2012 00:00:17  Exploit:W32/CVE-2011-3402.A file "C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5RLGOV1T\dissolve.culture[1].htm" deleted success reboot
23.12.2012 00:00:17  Exploit:W32/CVE-2011-3402.A END

23.12.2012 16:08:52 Trojan.Generic.KD BEGIN
;
;Log created by USS version 5.1.18250
;
23.12.2012 16:08:53  Trojan.Generic.KD process "3172|c:\dokumente und einstellungen\wolfgang\wgsdgsdgdsgsd.dll" terminated success 
23.12.2012 16:08:53  Trojan.Generic.KD process "3908|c:\dokumente und einstellungen\wolfgang\wgsdgsdgdsgsd.dll" terminated success 
23.12.2012 16:08:54  Trojan.Generic.KD file "c:\dokumente und einstellungen\wolfgang\wgsdgsdgdsgsd.dll" quarantined success 
23.12.2012 16:08:54  Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt" quarantined success 
23.12.2012 16:08:54  Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\ControlSet002\Services\winmgmt" quarantined success 
23.12.2012 16:08:54  Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\winmgmt" quarantined success 
23.12.2012 16:08:54  Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1007\Software\Microsoft\Internet Explorer\Main|Search Page" quarantined failed 
23.12.2012 16:08:54  Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Internet Explorer\Main|Search Page" quarantined failed 
23.12.2012 16:08:54  Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|ShowSuperHidden" quarantined failed 
23.12.2012 16:08:55  Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|ShowSuperHidden" restored failed 
23.12.2012 16:08:55  Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt" deleted success 
23.12.2012 16:08:55  Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\ControlSet002\Services\winmgmt" deleted success 
23.12.2012 16:08:55  Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\winmgmt" deleted success 
23.12.2012 16:08:55  Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1007\Software\Microsoft\Internet Explorer\Main|Search Page" deleted failed 
23.12.2012 16:08:55  Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Internet Explorer\Main|Search Page" deleted failed 
23.12.2012 16:08:55  Trojan.Generic.KD file "c:\dokumente und einstellungen\wolfgang\wgsdgsdgdsgsd.dll" deleted success reboot
23.12.2012 16:08:55  Trojan.Generic.KD END

23.12.2012 16:08:55 Trojan.Generic.KD.815879 BEGIN
;
;Log created by USS version 5.1.18250
;
23.12.2012 16:08:55  Trojan.Generic.KD.815879 file "C:\DOKUMENTE UND EINSTELLUNGEN\WOLFGANG\WGSDGSDGDSGSD.DLL" quarantined success 
23.12.2012 16:08:55  Trojan.Generic.KD.815879 file "C:\DOKUMENTE UND EINSTELLUNGEN\WOLFGANG\WGSDGSDGDSGSD.DLL" deleted failed reboot
23.12.2012 16:08:55  Trojan.Generic.KD.815879 END

03.01.2013 01:17:55 Trojan.Generic.KD.815879 BEGIN
;
;Log created by USS version 5.1.18250
;
03.01.2013 01:17:55  Trojan.Generic.KD.815879 file "C:\System Volume Information\_restore{2C76FB69-9053-4B39-942F-CBA82E44F704}\RP102\A0020447.dll.vir" quarantined success 
03.01.2013 01:17:55  Trojan.Generic.KD.815879 file "C:\System Volume Information\_restore{2C76FB69-9053-4B39-942F-CBA82E44F704}\RP102\A0020447.dll.vir" deleted success 
03.01.2013 01:17:55  Trojan.Generic.KD.815879 END

11.01.2013 00:50:26 Trojan.Generic.8544936 BEGIN
;
;Log created by USS version 5.1.18250
;
11.01.2013 00:50:26  Trojan.Generic.8544936 file "C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe" quarantined success 
11.01.2013 00:50:26  Trojan.Generic.8544936 file "C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe" deleted success 
11.01.2013 00:50:26  Trojan.Generic.8544936 END

11.01.2013 04:39:14 Trojan.Generic.8544936 BEGIN
;
;Log created by USS version 5.1.18250
;
11.01.2013 04:39:14  Trojan.Generic.8544936 file "C:\System Volume Information\_restore{2C76FB69-9053-4B39-942F-CBA82E44F704}\RP109\A0024070.exe" quarantined success 
11.01.2013 04:39:14  Trojan.Generic.8544936 file "C:\System Volume Information\_restore{2C76FB69-9053-4B39-942F-CBA82E44F704}\RP109\A0024070.exe" deleted success 
11.01.2013 04:39:14  Trojan.Generic.8544936 END

12.01.2013 17:14:56 Trojan.Script.480412 BEGIN
;
;Log created by USS version 5.1.18250
;
12.01.2013 17:15:24  Trojan.Script.480412 file "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js" quarantined success 
12.01.2013 17:15:24  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1007\Software\Microsoft\Internet Explorer\Main|Search Page" quarantined failed 
12.01.2013 17:15:24  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Internet Explorer\Main|Search Page" quarantined failed 
12.01.2013 17:15:25  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Hidden" quarantined success 
12.01.2013 17:15:25  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|ShowSuperHidden" quarantined failed 
12.01.2013 17:15:25  Trojan.Script.480412 registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path|Debugger" quarantined success 
12.01.2013 17:15:26  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Hidden" restored success 
12.01.2013 17:15:26  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|ShowSuperHidden" restored failed 
12.01.2013 17:15:26  Trojan.Script.480412 registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path|Debugger" restored success 
12.01.2013 17:15:26  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1007\Software\Microsoft\Internet Explorer\Main|Search Page" deleted failed 
12.01.2013 17:15:26  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Internet Explorer\Main|Search Page" deleted failed 
12.01.2013 17:15:26  Trojan.Script.480412 file "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js" deleted success 
12.01.2013 17:15:26  Trojan.Script.480412 END
         

Alt 16.01.2013, 12:18   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner erkannt und z. T. gelöscht - Standard

GVU-Trojaner erkannt und z. T. gelöscht



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.01.2013, 13:47   #23
wolfk
 
GVU-Trojaner erkannt und z. T. gelöscht - Standard

GVU-Trojaner erkannt und z. T. gelöscht



Hallo Cosinus,

zuerst habe ich alle offenen Programme und Browser geschlossen und
dann mit einem Doppelklick die adwcleaner.exe gestartet.
Nach einem Klick auf "Löschen" und Bestätigung jeweils mit "OK"
startete der Rechner neu und es öffnete sich die beigefügte
Textdatei.

Danach war eine Kontrolle mit OTL durchzuführen mittels
Doppelklick auf die OTL.exe. Vorab war ein Haken bei
"Scanne alle Benutzer" zu setzen, minimaler Output und
unter Extra Registry "Use Safelist" zu wählen. Der Scan
wurde durch Klick auf Run gestartet. Die nach Beendigung
des Scans erstellten 2 Logfiles sind in CODE-Tags in den
Thread zu posten.

Vielen Dank für Deine Bemühungen

wolfk

Logdatei AdwCleaner[Sx].txt

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 16/01/2013 um 13:05:39 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Wolfgang - LAPTOP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\Description

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17]
AdwCleaner[R2].txt - [6172 octets] - [10/01/2013 21:49:37]
AdwCleaner[R3].txt - [946 octets] - [15/01/2013 17:22:16]
AdwCleaner[S2].txt - [6270 octets] - [11/01/2013 00:14:37]
AdwCleaner[S3].txt - [880 octets] - [16/01/2013 13:05:39]

########## EOF - C:\AdwCleaner[S3].txt - [939 octets] ##########
         
2 Logfiles OTL.exe

Code:
ATTFilter
OTL logfile created on: 16.01.2013 13:31:37 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,19% Memory free
3,85 Gb Paging File | 2,96 Gb Available in Paging File | 76,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,39 Gb Free Space | 51,99% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\Programme\mozilla firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd ()
MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd ()
MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd ()
MOD - C:\Programme\Box Sync\_ssl.pyd ()
MOD - C:\Programme\Box Sync\unicodedata.pyd ()
MOD - C:\Programme\Box Sync\sqlite3.dll ()
MOD - C:\Programme\Box Sync\_hashlib.pyd ()
MOD - C:\Programme\Box Sync\pyexpat.pyd ()
MOD - C:\Programme\Box Sync\win32file.pyd ()
MOD - C:\Programme\Box Sync\pywintypes27.dll ()
MOD - C:\Programme\Box Sync\win32security.pyd ()
MOD - C:\Programme\Box Sync\win32api.pyd ()
MOD - C:\Programme\Box Sync\_elementtree.pyd ()
MOD - C:\Programme\Box Sync\_ctypes.pyd ()
MOD - C:\Programme\Box Sync\_sqlite3.pyd ()
MOD - C:\Programme\Box Sync\_socket.pyd ()
MOD - C:\Programme\Box Sync\_testcapi.pyd ()
MOD - C:\Programme\Box Sync\_win32sysloader.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd ()
MOD - C:\Programme\ubuntuone\dist\sip.pyd ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\hardcopy\HcDllS.dll ()
MOD - C:\Programme\ubuntuone\dist\_ssl.pyd ()
MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd ()
MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd ()
MOD - C:\Programme\ubuntuone\dist\select.pyd ()
MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd ()
MOD - C:\Programme\ubuntuone\dist\_socket.pyd ()
MOD - G:\hardcopy\HcDLL2_36_Win32.dll ()
MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd ()
MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll ()
MOD - C:\Programme\ubuntuone\dist\win32gui.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32api.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32trace.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32security.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32process.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32event.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32file.pyd ()
MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll ()
MOD - G:\hardcopy\hardcopy_04.dll ()
MOD - G:\Programme\Notepad++\plugins\NppFTP.dll ()
MOD - G:\Programme\Notepad++\plugins\NppExport.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll ()
MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins
 
[2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions
[2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com
[2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
[2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml
[2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2013.01.09 21:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011
[2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera
[2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung
[2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather
[2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100
[2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One
[2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One
[2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone
[2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync
[2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache
[2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital
[2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link
[2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1
[2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky
[2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.16 13:38:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.16 13:08:00 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.16 13:07:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.16 13:07:37 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.15 17:20:34 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 21:56:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 01:14:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini
[2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm
[2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.15 17:20:35 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm
[2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini
[2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat
[2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf
[2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat
[2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm
[2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 16.01.2013 13:31:37 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,19% Memory free
3,85 Gb Paging File | 2,96 Gb Available in Paging File | 76,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,39 Gb Free Space | 51,99% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo)
"C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- ()
"C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exif-Viewer" = Exif-Viewer 2.51 
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"F-Secure Product 444" = F-Secure Internet Security 2009
"GIMP-2_is1" = GIMP 2.8.0
"Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShiftN_is1" = ShiftN 3.6.1
"Software Informer_is1" = Software Informer 1.1
"STRATO HiDrive" = STRATO HiDrive (remove only)
"The GodFather" = The GodFather
"Ubuntu One 4.0.0" = Ubuntu One
"UnderCoverXP_is1" = UnderCoverXP 1.23
"VLC media player" = VLC media player 2.0.4
"WD Link" = WD Link
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TwonkyServer" = Twonky 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2012 16:55:28 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:22:07 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:27:20 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 23.07.2012 14:08:02 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 31.07.2012 16:08:18 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
[ System Events ]
Error - 16.01.2013 07:57:17 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 07:58:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:00:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:01:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:03:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:09:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:10:32 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:12:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:13:32 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:15:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >
         

Alt 16.01.2013, 13:51   #24
wolfk
 
GVU-Trojaner erkannt und z. T. gelöscht - Standard

GVU-Trojaner erkannt und z. T. gelöscht



Hallo Cosinus,

zuerst habe ich alle offenen Programme und Browser geschlossen und
dann mit einem Doppelklick die adwcleaner.exe gestartet.
Nach einem Klick auf "Löschen" und Bestätigung jeweils mit "OK"
startete der Rechner neu und es öffnete sich die beigefügte
Textdatei.

Danach war eine Kontrolle mit OTL durchzuführen mittels
Doppelklick auf die OTL.exe. Vorab war ein Haken bei
"Scanne alle Benutzer" zu setzen, minimaler Output und
unter Extra Registry "Use Safelist" zu wählen. Der Scan
wurde durch Klick auf Run gestartet. Die nach Beendigung
des Scans erstellten 2 Logfiles sind in CODE-Tags in den
Thread zu posten.

Vielen Dank für Deine Bemühungen

wolfk

Logdatei AdwCleaner[Sx].txt

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 16/01/2013 um 13:05:39 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Wolfgang - LAPTOP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\Description

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17]
AdwCleaner[R2].txt - [6172 octets] - [10/01/2013 21:49:37]
AdwCleaner[R3].txt - [946 octets] - [15/01/2013 17:22:16]
AdwCleaner[S2].txt - [6270 octets] - [11/01/2013 00:14:37]
AdwCleaner[S3].txt - [880 octets] - [16/01/2013 13:05:39]

########## EOF - C:\AdwCleaner[S3].txt - [939 octets] ##########
         
2 Logfiles OTL.exe

Code:
ATTFilter
OTL logfile created on: 16.01.2013 13:31:37 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,19% Memory free
3,85 Gb Paging File | 2,96 Gb Available in Paging File | 76,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,39 Gb Free Space | 51,99% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\Programme\mozilla firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd ()
MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd ()
MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd ()
MOD - C:\Programme\Box Sync\_ssl.pyd ()
MOD - C:\Programme\Box Sync\unicodedata.pyd ()
MOD - C:\Programme\Box Sync\sqlite3.dll ()
MOD - C:\Programme\Box Sync\_hashlib.pyd ()
MOD - C:\Programme\Box Sync\pyexpat.pyd ()
MOD - C:\Programme\Box Sync\win32file.pyd ()
MOD - C:\Programme\Box Sync\pywintypes27.dll ()
MOD - C:\Programme\Box Sync\win32security.pyd ()
MOD - C:\Programme\Box Sync\win32api.pyd ()
MOD - C:\Programme\Box Sync\_elementtree.pyd ()
MOD - C:\Programme\Box Sync\_ctypes.pyd ()
MOD - C:\Programme\Box Sync\_sqlite3.pyd ()
MOD - C:\Programme\Box Sync\_socket.pyd ()
MOD - C:\Programme\Box Sync\_testcapi.pyd ()
MOD - C:\Programme\Box Sync\_win32sysloader.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd ()
MOD - C:\Programme\ubuntuone\dist\sip.pyd ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\hardcopy\HcDllS.dll ()
MOD - C:\Programme\ubuntuone\dist\_ssl.pyd ()
MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd ()
MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd ()
MOD - C:\Programme\ubuntuone\dist\select.pyd ()
MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd ()
MOD - C:\Programme\ubuntuone\dist\_socket.pyd ()
MOD - G:\hardcopy\HcDLL2_36_Win32.dll ()
MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd ()
MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll ()
MOD - C:\Programme\ubuntuone\dist\win32gui.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32api.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32trace.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32security.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32process.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32event.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32file.pyd ()
MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll ()
MOD - G:\hardcopy\hardcopy_04.dll ()
MOD - G:\Programme\Notepad++\plugins\NppFTP.dll ()
MOD - G:\Programme\Notepad++\plugins\NppExport.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll ()
MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins
 
[2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions
[2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com
[2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
[2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml
[2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2013.01.09 21:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011
[2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera
[2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung
[2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather
[2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100
[2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One
[2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One
[2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone
[2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync
[2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache
[2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital
[2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link
[2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1
[2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky
[2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.16 13:38:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.16 13:08:00 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.16 13:07:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.16 13:07:37 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.15 17:20:34 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 21:56:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 01:14:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini
[2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm
[2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.15 17:20:35 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm
[2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini
[2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat
[2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf
[2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat
[2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm
[2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 16.01.2013 13:31:37 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,19% Memory free
3,85 Gb Paging File | 2,96 Gb Available in Paging File | 76,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,39 Gb Free Space | 51,99% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo)
"C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- ()
"C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exif-Viewer" = Exif-Viewer 2.51 
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"F-Secure Product 444" = F-Secure Internet Security 2009
"GIMP-2_is1" = GIMP 2.8.0
"Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShiftN_is1" = ShiftN 3.6.1
"Software Informer_is1" = Software Informer 1.1
"STRATO HiDrive" = STRATO HiDrive (remove only)
"The GodFather" = The GodFather
"Ubuntu One 4.0.0" = Ubuntu One
"UnderCoverXP_is1" = UnderCoverXP 1.23
"VLC media player" = VLC media player 2.0.4
"WD Link" = WD Link
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TwonkyServer" = Twonky 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2012 16:55:28 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:22:07 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:27:20 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 23.07.2012 14:08:02 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 31.07.2012 16:08:18 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
[ System Events ]
Error - 16.01.2013 07:57:17 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 07:58:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:00:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:01:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:03:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:09:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:10:32 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:12:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:13:32 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:15:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >
         

Alt 16.01.2013, 15:52   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner erkannt und z. T. gelöscht - Standard

GVU-Trojaner erkannt und z. T. gelöscht



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
MOD - C:\Programme\vShare\vshare_toolbar.dll ()
MOD - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
SRV - (Winmgmt) -- C:\Users\User\wgsdgsdgdsgsd.exe File not found
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com.anonymize-me.de/?anonymto=687474703A2F2F7673686172652E746F6F6C626172686F6D652E636F6D2F7365617263682E617370783F713D7B7365617263685465726D737D26737263683D647370&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E73656172636871752E636F6D2F7765623F7372633D6965622673797374656D69643D34303626713D7B7365617263685465726D737D&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{8C3FFAEA-8D30-45DC-8130-ACCC3EAFE8C5}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{A41F9BD5-8099-4C95-A6BD-5F29BC9EDE9E}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{BBC2C47B-A90A-49A1-B872-03D9EF581AAA}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{C241842D-C18B-4927-962C-6E030D14110B}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{D1969390-1B2E-4274-8C03-3CA34A894085}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{F0A98150-2135-4DCF-AEA5-9C15D5E26FD6}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
FF - prefs.js..extensions.enabledAddons: software%40loadtubes.com:1.01
[2012.05.03 19:12:04 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wpp3pji7.default\extensions\software@loadtubes.com
[2012.02.15 15:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\User\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\User\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1003\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1003\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C64BF02A
:Files
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Programme\Windows iLivid Toolbar
C:\ProgramData\dsgsdgdsgdsgw.js
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.01.2013, 17:37   #26
wolfk
 
GVU-Trojaner erkannt und z. T. gelöscht - Standard

GVU-Trojaner erkannt und z. T. gelöscht



Hallo Cosinus,

habe die OTL.exe gestartet und den Inhalt aus der Codebox
in OTL in die Benutzerdefinierte Scans/Fixes Textbox kopiert.
Benutzernamen waren nicht zu ändern. Der Fix Button wurde
angeklickt, nach dem alle Programme und Fenster geschlossen
waren.

Nach erfolgtem Neustart befand sich das folgende Log auf dem
Desktop (anbei).

Vielen Dank für Deine enorm umfangreiche Arbeit.

wolfk

Code:
ATTFilter
All processes killed
========== OTL ==========
Error: Unable to stop service Winmgmt!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt deleted successfully.
File  C:\Users\User\wgsdgsdgdsgsd.exe File not found not found.
Error: No service named SDWSCService was found to stop!
Service\Driver key SDWSCService not found.
File  C:\Program Files\Spybot File not found not found.
Error: No service named SDUpdateService was found to stop!
Service\Driver key SDUpdateService not found.
File  C:\Program Files\Spybot File not found not found.
Error: No service named SDScannerService was found to stop!
Service\Driver key SDScannerService not found.
File  C:\Program Files\Spybot File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8C3FFAEA-8D30-45DC-8130-ACCC3EAFE8C5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C3FFAEA-8D30-45DC-8130-ACCC3EAFE8C5}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A41F9BD5-8099-4C95-A6BD-5F29BC9EDE9E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A41F9BD5-8099-4C95-A6BD-5F29BC9EDE9E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BBC2C47B-A90A-49A1-B872-03D9EF581AAA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC2C47B-A90A-49A1-B872-03D9EF581AAA}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C241842D-C18B-4927-962C-6E030D14110B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C241842D-C18B-4927-962C-6E030D14110B}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D1969390-1B2E-4274-8C03-3CA34A894085}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1969390-1B2E-4274-8C03-3CA34A894085}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F0A98150-2135-4DCF-AEA5-9C15D5E26FD6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0A98150-2135-4DCF-AEA5-9C15D5E26FD6}\ not found.
Prefs.js: software%40loadtubes.com:1.01 removed from extensions.enabledAddons
Folder C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wpp3pji7.default\extensions\software@loadtubes.com\ not found.
File C:\Program Files\mozilla firefox\plugins\npmieze.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found.
File C:\Users\User\AppData\Roaming\loadtbs\toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ not found.
File C:\Programme\vShare.tv plugin\BarLcher.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found.
File C:\Users\User\AppData\Roaming\loadtbs\toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ not found.
File C:\Programme\vShare.tv plugin\BarLcher.dll not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon\ not found.
Unable to delete ADS C:\ProgramData\TEMP:C64BF02A .
========== FILES ==========
File\Folder C:\ProgramData\dsgsdgdsgdsgw.pad not found.
File\Folder C:\Programme\Windows iLivid Toolbar not found.
File\Folder C:\ProgramData\dsgsdgdsgdsgw.js not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Wolfgang\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Wolfgang\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 302 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56806 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 492 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Petra
->Temp folder emptied: 1569483009 bytes
->Temporary Internet Files folder emptied: 851111 bytes
->FireFox cache emptied: 447710438 bytes
->Flash cache emptied: 3624 bytes
 
User: Wolfgang
->Temp folder emptied: 5181326 bytes
->Temporary Internet Files folder emptied: 909314 bytes
->FireFox cache emptied: 140551316 bytes
->Flash cache emptied: 188341 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3914951 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.068,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 01162013_172201

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 17.01.2013, 09:33   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner erkannt und z. T. gelöscht - Standard

GVU-Trojaner erkannt und z. T. gelöscht



Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.01.2013, 14:00   #28
wolfk
 
GVU-Trojaner erkannt und z. T. gelöscht - Standard

GVU-Trojaner erkannt und z. T. gelöscht



Hallo Cosinus,

hier nun die Kontrolle mit OTL:

Gestartet wurde mit Doppelklick auf die OTL.exe., vorab war mittig
der Haken bei "Scanne alle Benutzer" zu setzen. Ferner war minimaler
Output und unter "Extra Registry" "Use SafeList" zu wählen. Das
Programm startete, in dem links oben auf "Run Scan" geklickt wurde.

Die nach Programmbeendigung erstellten 2 Logfiles sind in CODE-TAGS
in den Thread zu posten (anbei).

Vielen Dank für Deine Bemühungen.

wolfk

Code:
ATTFilter
OTL logfile created on: 17.01.2013 13:49:18 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,08% Memory free
3,85 Gb Paging File | 2,93 Gb Available in Paging File | 76,24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 27,39 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,82 Gb Free Space | 90,68% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\Programme\mozilla firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd ()
MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd ()
MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd ()
MOD - C:\Programme\Box Sync\_ssl.pyd ()
MOD - C:\Programme\Box Sync\unicodedata.pyd ()
MOD - C:\Programme\Box Sync\sqlite3.dll ()
MOD - C:\Programme\Box Sync\_hashlib.pyd ()
MOD - C:\Programme\Box Sync\pyexpat.pyd ()
MOD - C:\Programme\Box Sync\win32file.pyd ()
MOD - C:\Programme\Box Sync\pywintypes27.dll ()
MOD - C:\Programme\Box Sync\win32security.pyd ()
MOD - C:\Programme\Box Sync\win32api.pyd ()
MOD - C:\Programme\Box Sync\_elementtree.pyd ()
MOD - C:\Programme\Box Sync\_ctypes.pyd ()
MOD - C:\Programme\Box Sync\_sqlite3.pyd ()
MOD - C:\Programme\Box Sync\_socket.pyd ()
MOD - C:\Programme\Box Sync\_testcapi.pyd ()
MOD - C:\Programme\Box Sync\_win32sysloader.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd ()
MOD - C:\Programme\ubuntuone\dist\sip.pyd ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\hardcopy\HcDllS.dll ()
MOD - C:\Programme\ubuntuone\dist\_ssl.pyd ()
MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd ()
MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd ()
MOD - C:\Programme\ubuntuone\dist\select.pyd ()
MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd ()
MOD - C:\Programme\ubuntuone\dist\_socket.pyd ()
MOD - G:\hardcopy\HcDLL2_36_Win32.dll ()
MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd ()
MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll ()
MOD - C:\Programme\ubuntuone\dist\win32gui.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32api.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32trace.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32security.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32process.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32event.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32file.pyd ()
MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll ()
MOD - G:\hardcopy\hardcopy_04.dll ()
MOD - G:\Programme\Notepad++\plugins\NppFTP.dll ()
MOD - G:\Programme\Notepad++\plugins\NppExport.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll ()
MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins
 
[2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions
[2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com
[2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
[2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml
[2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2013.01.16 17:25:42 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.16 17:22:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011
[2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera
[2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung
[2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather
[2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100
[2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One
[2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One
[2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone
[2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync
[2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache
[2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital
[2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link
[2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1
[2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky
[2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.17 13:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.17 13:29:59 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.17 13:29:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.17 13:29:34 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.16 17:25:42 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013.01.15 17:20:34 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 01:14:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini
[2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm
[2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.15 17:20:35 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm
[2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini
[2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat
[2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf
[2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat
[2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm
[2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 17.01.2013 13:49:18 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,08% Memory free
3,85 Gb Paging File | 2,93 Gb Available in Paging File | 76,24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 27,39 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,82 Gb Free Space | 90,68% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo)
"C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- ()
"C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exif-Viewer" = Exif-Viewer 2.51 
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"F-Secure Product 444" = F-Secure Internet Security 2009
"GIMP-2_is1" = GIMP 2.8.0
"Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShiftN_is1" = ShiftN 3.6.1
"Software Informer_is1" = Software Informer 1.1
"STRATO HiDrive" = STRATO HiDrive (remove only)
"The GodFather" = The GodFather
"Ubuntu One 4.0.0" = Ubuntu One
"UnderCoverXP_is1" = UnderCoverXP 1.23
"VLC media player" = VLC media player 2.0.4
"WD Link" = WD Link
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TwonkyServer" = Twonky 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2012 16:55:28 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:22:07 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:27:20 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 23.07.2012 14:08:02 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 31.07.2012 16:08:18 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 07.08.2012 15:58:13 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 07.08.2012 16:03:45 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 07.08.2012 16:09:08 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 16.01.2013 16:08:24 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 16:38:55 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 17:09:25 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 17:38:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 18:03:42 | Computer Name = LAPTOP-PC | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597)
 
Error - 17.01.2013 08:31:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:32:43 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:34:13 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:35:43 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:37:13 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >
         

Alt 17.01.2013, 14:02   #29
wolfk
 
GVU-Trojaner erkannt und z. T. gelöscht - Standard

GVU-Trojaner erkannt und z. T. gelöscht



Hallo Cosinus,

hier nun die Kontrolle mit OTL:

Gestartet wurde mit Doppelklick auf die OTL.exe., vorab war mittig
der Haken bei "Scanne alle Benutzer" zu setzen. Ferner war minimaler
Output und unter "Extra Registry" "Use SafeList" zu wählen. Das
Programm startete, in dem links oben auf "Run Scan" geklickt wurde.

Die nach Programmbeendigung erstellten 2 Logfiles sind in CODE-TAGS
in den Thread zu posten (anbei).

Vielen Dank für Deine Bemühungen.

wolfk

Code:
ATTFilter
OTL logfile created on: 17.01.2013 13:49:18 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,08% Memory free
3,85 Gb Paging File | 2,93 Gb Available in Paging File | 76,24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 27,39 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,82 Gb Free Space | 90,68% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\Programme\mozilla firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd ()
MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd ()
MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd ()
MOD - C:\Programme\Box Sync\_ssl.pyd ()
MOD - C:\Programme\Box Sync\unicodedata.pyd ()
MOD - C:\Programme\Box Sync\sqlite3.dll ()
MOD - C:\Programme\Box Sync\_hashlib.pyd ()
MOD - C:\Programme\Box Sync\pyexpat.pyd ()
MOD - C:\Programme\Box Sync\win32file.pyd ()
MOD - C:\Programme\Box Sync\pywintypes27.dll ()
MOD - C:\Programme\Box Sync\win32security.pyd ()
MOD - C:\Programme\Box Sync\win32api.pyd ()
MOD - C:\Programme\Box Sync\_elementtree.pyd ()
MOD - C:\Programme\Box Sync\_ctypes.pyd ()
MOD - C:\Programme\Box Sync\_sqlite3.pyd ()
MOD - C:\Programme\Box Sync\_socket.pyd ()
MOD - C:\Programme\Box Sync\_testcapi.pyd ()
MOD - C:\Programme\Box Sync\_win32sysloader.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd ()
MOD - C:\Programme\ubuntuone\dist\sip.pyd ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\hardcopy\HcDllS.dll ()
MOD - C:\Programme\ubuntuone\dist\_ssl.pyd ()
MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd ()
MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd ()
MOD - C:\Programme\ubuntuone\dist\select.pyd ()
MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd ()
MOD - C:\Programme\ubuntuone\dist\_socket.pyd ()
MOD - G:\hardcopy\HcDLL2_36_Win32.dll ()
MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd ()
MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll ()
MOD - C:\Programme\ubuntuone\dist\win32gui.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32api.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32trace.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32security.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32process.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32event.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32file.pyd ()
MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll ()
MOD - G:\hardcopy\hardcopy_04.dll ()
MOD - G:\Programme\Notepad++\plugins\NppFTP.dll ()
MOD - G:\Programme\Notepad++\plugins\NppExport.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll ()
MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins
 
[2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions
[2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com
[2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
[2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml
[2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2013.01.16 17:25:42 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.16 17:22:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011
[2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera
[2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung
[2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather
[2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100
[2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One
[2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One
[2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone
[2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync
[2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache
[2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital
[2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link
[2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1
[2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky
[2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.17 13:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.17 13:29:59 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.17 13:29:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.17 13:29:34 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.16 17:25:42 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013.01.15 17:20:34 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 01:14:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini
[2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm
[2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.15 17:20:35 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm
[2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini
[2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat
[2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf
[2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat
[2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm
[2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 17.01.2013 13:49:18 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,08% Memory free
3,85 Gb Paging File | 2,93 Gb Available in Paging File | 76,24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 27,39 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,82 Gb Free Space | 90,68% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo)
"C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- ()
"C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exif-Viewer" = Exif-Viewer 2.51 
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"F-Secure Product 444" = F-Secure Internet Security 2009
"GIMP-2_is1" = GIMP 2.8.0
"Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShiftN_is1" = ShiftN 3.6.1
"Software Informer_is1" = Software Informer 1.1
"STRATO HiDrive" = STRATO HiDrive (remove only)
"The GodFather" = The GodFather
"Ubuntu One 4.0.0" = Ubuntu One
"UnderCoverXP_is1" = UnderCoverXP 1.23
"VLC media player" = VLC media player 2.0.4
"WD Link" = WD Link
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TwonkyServer" = Twonky 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2012 16:55:28 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:22:07 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:27:20 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 23.07.2012 14:08:02 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 31.07.2012 16:08:18 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 07.08.2012 15:58:13 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 07.08.2012 16:03:45 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 07.08.2012 16:09:08 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 16.01.2013 16:08:24 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 16:38:55 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 17:09:25 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 17:38:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 18:03:42 | Computer Name = LAPTOP-PC | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597)
 
Error - 17.01.2013 08:31:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:32:43 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:34:13 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:35:43 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:37:13 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >
         

Alt 17.01.2013, 16:09   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner erkannt und z. T. gelöscht - Standard

GVU-Trojaner erkannt und z. T. gelöscht



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q="
FF - user.js - File not found
[2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com
[2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
:Files
C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
C:\1.htm
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu GVU-Trojaner erkannt und z. T. gelöscht
abgesicherten, andere, eset, exploit.drop.gsa, gelöscht, gesperrt, gleichzeitig, gvu trojaner entfernen windows xp, gvu-trojaner mit webcam und ip-adresse, kurze, modul, nachricht, problem, programme, pup.wirelessnetworktool, sache, scanner, trojan.fakems, trojan.ransom.sugen, virenscan, virenscanner, wahrscheinlich, wgsdgsdgdsgsd.exe



Ähnliche Themen: GVU-Trojaner erkannt und z. T. gelöscht


  1. Windows7 Vieren scanner hat win64/Adpeak erkannt aber nicht komplett gelöscht!
    Plagegeister aller Art und deren Bekämpfung - 05.12.2014 (13)
  2. OTL.exe wird bei mir als Trojaner erkannt!
    Plagegeister aller Art und deren Bekämpfung - 19.08.2011 (1)
  3. explorer.exe als trojaner erkannt!
    Plagegeister aller Art und deren Bekämpfung - 17.09.2010 (14)
  4. Trojaner PROCESSWATCH.EXE von McAffe erkannt, gelöscht, existiert aber immer noch
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (3)
  5. Trojaner erkannt und in Quarantäne
    Log-Analyse und Auswertung - 09.06.2009 (4)
  6. Trojaner Erkannt
    Log-Analyse und Auswertung - 24.11.2008 (17)
  7. svchost.exe als trojaner erkannt
    Mülltonne - 02.11.2008 (0)
  8. Trojaner mit AntiVir erkannt
    Mülltonne - 01.11.2008 (0)
  9. Trojaner von Avira erkannt
    Mülltonne - 19.08.2008 (0)
  10. Trojaner erkannt, Dateien gelöscht und im Backup gesichert, trotzdem Frage
    Plagegeister aller Art und deren Bekämpfung - 30.01.2008 (0)
  11. Trojan.Dropper erkannt & gelöscht - System trotzdem langsam
    Log-Analyse und Auswertung - 10.02.2007 (4)
  12. Trojaner erkannt und gelöscht, tauchen jedoch wieder auf
    Log-Analyse und Auswertung - 06.10.2006 (41)
  13. Trojaner - wrd nicht erkannt
    Plagegeister aller Art und deren Bekämpfung - 04.08.2006 (2)
  14. Mein Trojaner wird erkannt !!!!!
    Mülltonne - 22.03.2006 (2)
  15. Trojaner mit antivir erkannt was nun????
    Plagegeister aller Art und deren Bekämpfung - 02.01.2006 (2)
  16. Datei gelöscht, Papierkorb geleert und sollte nicht gelöscht werden.
    Alles rund um Windows - 17.05.2005 (2)
  17. Antivir hat Trojaner erkannt
    Plagegeister aller Art und deren Bekämpfung - 21.01.2005 (18)

Zum Thema GVU-Trojaner erkannt und z. T. gelöscht - adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Schließe alle offenen Programme und Browser. Starte die adwcleaner.exe mit einem Doppelklick. Klicke auf Löschen . Bestätige jeweils mit Ok . Dein Rechner - GVU-Trojaner erkannt und z. T. gelöscht...
Archiv
Du betrachtest: GVU-Trojaner erkannt und z. T. gelöscht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.