| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wahrscheinlich E-mail durch Keylogger gehacktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.05.2013, 23:04
| #1 |
| |  Wahrscheinlich E-mail durch Keylogger gehackt HalloTrojaner-Board-Team, Nun ist es so weit, mich haben sie auch erwischt. Ich fang aber mal von vorne an. Also heute Morgen wollte ich mich über meinen Laptop auf mein Email-Konto einloggen nur wurde mir dann gesagt, dass mein Passwort nicht korrekt wäre und kurze Zeit später habe ich dann vom Postmaster eine nette bzw. es waren gleich 12 Emails erhalten von nicht übertragenen Emails, die ich niemals versenden konnte, da ich keinen Zugriff auf besagtes Konto hatte. Als ich über mein Smartphone dieser dubiosen Nachricht nachgehen wollte, konnte ich auch dort nicht mehr auf mein E-Mail-Konto zugreifen, weil ich nicht mehr über das aktuelle Passwort verfügte. Dies alles geschah innerhalb von zwei vielleicht drei Minuten. Danach hab ich mich der Wiederherstellung meines Email-Kontos gewidmet, was einen unerwarteten Zeitaufwand mit sich brachte, da sogar meine Recovery-Email-Adresse geändert wurde. Was das ganze noch interessanter macht ist, dass ich seit ca. 5 Tagen nicht mehr über einen PC oder Laptop auf mein Email-Konto zugegriffen habe, sondern lediglich mich der Email-Funktion meines Smartphones oder meines Tablets bedient habe (beide haben die neuste Version von Android als "Betriebssystem"). Im Anschluss daran habe ich zunächst einen Virenscan durchgeführt und zeitgleich auf die Suche nach kompetenter Hilfe gemacht und bin auf euer Forum gestoßen. Der Virenscan hat einige Zeit beansprucht mit dem Ergebnis, dass nichts gefunden wurde. Danach hab ich mich an euren Leitlinien halten durch die einzelnen Punkte durchgearbeitet, um diesen Threat zu öffnen. Ich bin in der Regel ein überaus vorsichtiger Mensch, was das downloaden und installieren von Programmen aus dem Internet angeht und habe auch seit Tagen, wenn nicht seit Wochen kein neues Programm installiert; Sei es aus dem Internet oder über ein Speichermedium. Daher kann ich mir das Verhalten nicht erklären und das meine Antiviren-Programm (Avista Antivir) meinem Laptop eine weiße Weste bescheinigt macht mich nur argwöhnischer. Daher bitte, bitte hilft mir! Auf dem Laptop befinden sich auch sensible Datein und auch wenn die Daten gesichert sind, wäre es schade den Laptop formatieren zu müssen. Die Logs folgen direkt auf den Text, ich möchte mich nur mal im Voraus für euer bemühen bedanken! LG OTL Code:
ATTFilter OTL logfile created on: 22.05.2013 16:50:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 48,23% Memory free 4,00 Gb Paging File | 2,71 Gb Available in Paging File | 67,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,50 Gb Total Space | 46,23 Gb Free Space | 33,14% Space Free | Partition Type: NTFS Drive D: | 149,04 Gb Total Space | 69,93 Gb Free Space | 46,92% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.22 14:04:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Onur Dogan\Desktop\OTL.exe PRC - [2013.05.09 15:22:23 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.31 23:57:48 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.31 23:57:29 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.31 23:57:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011.06.17 12:04:24 | 000,166,520 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.07.14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe PRC - [2008.02.15 11:56:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2008.02.15 11:56:50 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2007.07.24 19:26:38 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe PRC - [2007.07.24 19:26:38 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2007.07.03 10:31:46 | 001,772,072 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe PRC - [2007.07.03 10:31:46 | 000,739,880 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007.06.26 02:39:42 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.15 12:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe PRC - [2007.06.14 08:40:46 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe PRC - [2007.06.11 18:27:14 | 000,317,560 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2012.11.29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011.08.01 07:34:44 | 000,064,000 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\WDCollections.dll MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2007.07.03 10:07:34 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll ========== Services (SafeList) ========== SRV - [2013.05.17 21:09:57 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.15 22:49:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.31 23:57:48 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.31 23:57:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.05 06:34:38 | 000,533,440 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2013.01.05 05:50:28 | 000,078,664 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2013.01.05 05:17:14 | 000,444,864 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2013.01.05 05:16:24 | 000,390,080 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012.09.23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.26 14:16:14 | 000,092,632 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.13 10:53:48 | 000,939,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2011.08.01 10:11:38 | 001,091,984 | ---- | M] (Western Digital ) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService) SRV - [2011.08.01 10:11:36 | 001,592,208 | ---- | M] (Western Digital ) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService) SRV - [2011.08.01 10:11:32 | 000,263,056 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService) SRV - [2011.06.17 12:04:24 | 000,166,520 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service) SRV - [2011.06.17 12:04:24 | 000,135,288 | ---- | M] (PGP Corporation) [Auto | Stopped] -- C:\Windows\System32\PGPserv.exe -- (PGPserv) SRV - [2010.11.05 04:01:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.12.17 17:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008.05.23 14:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device) SRV - [2008.05.23 14:58:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2008.04.17 10:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.03.17 11:06:04 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2008.03.03 14:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2008.02.15 11:56:56 | 000,147,456 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw) SRV - [2008.02.15 11:56:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2008.02.15 11:56:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2008.02.15 11:56:50 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2008.01.19 21:54:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007.07.24 19:26:38 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.06.20 15:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2007.06.20 15:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) SRV - [2007.05.31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON) SRV - [2007.01.10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2006.12.22 08:31:50 | 000,108,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\stwrt.sys -- (STHDA) DRV - [2013.03.31 23:57:52 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.31 23:57:52 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.31 23:57:52 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.01.05 05:46:10 | 000,037,208 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6) DRV - [2013.01.05 05:32:30 | 000,036,184 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6) DRV - [2012.08.27 16:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.06.17 12:04:24 | 000,303,224 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded) DRV - [2011.06.17 12:04:24 | 000,243,832 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk) DRV - [2011.06.17 12:04:24 | 000,040,568 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver) DRV - [2011.06.17 12:04:22 | 000,136,824 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\PGPfsfd.sys -- (pgpfs) DRV - [2011.06.17 12:04:22 | 000,013,944 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\PGPwdefs.sys -- (Pgpwdefs) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.16 00:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2010.01.09 01:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2009.07.24 16:20:28 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb) DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.06.17 18:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2009.06.17 18:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2009.02.13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2008.04.17 10:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.03.29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.09.06 13:47:38 | 000,128,104 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2007.08.03 06:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007.08.01 02:18:30 | 007,115,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.07.13 08:14:36 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.27 19:29:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2007.06.06 02:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.05.30 20:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2007.04.20 02:00:55 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86) DRV - [2007.04.20 02:00:55 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86) DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.06 10:29:32 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{68AFBA5D-509A-4A39-ACEC-7179DA3B04A7}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?orig=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll () IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {BE28C22E-F666-424d-B5FD-125C4AFEE34E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{68AFBA5D-509A-4A39-ACEC-7179DA3B04A7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK_de IE - HKCU\..\SearchScopes\{91675795-1C57-4982-942D-D6AFA2815361}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{ABA0B851-22DF-4C04-9587-B7753DCA2064}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?orig=ds&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: o2cplayer%40eleco.com:2.0.0.65 FF - prefs.js..extensions.enabledAddons: tabscope%40xuldev.org:1.1.9 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.5 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {57AA0512-7BC0-4376-AD93-64EFF6C661F5}:1.1.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.14 20:15:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.17 21:10:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.17 21:09:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.17 21:10:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.17 21:09:49 | 000,000,000 | ---D | M] [2012.09.18 17:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.09.18 17:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.05.16 13:55:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\40h4kned.default\extensions [2013.05.16 13:55:11 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\40h4kned.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.04.06 16:47:08 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\40h4kned.default\extensions\ich@maltegoetz.de [2012.12.07 04:20:07 | 000,000,000 | ---D | M] (O2CPlayer Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\40h4kned.default\extensions\o2cplayer@eleco.com [2013.01.24 15:00:59 | 000,027,545 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\40h4kned.default\extensions\edit-bookmark-plus@kashiif-gmail.com.xpi [2013.04.30 12:41:24 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\40h4kned.default\extensions\personas@christopher.beard.xpi [2013.03.29 17:11:17 | 000,361,682 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\40h4kned.default\extensions\smarterwiki@wikiatic.com.xpi [2013.03.29 16:14:44 | 000,057,713 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\40h4kned.default\extensions\tabscope@xuldev.org.xpi [2012.10.28 19:16:07 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\40h4kned.default\extensions\translator@zoli.bod.xpi [2013.05.14 14:25:30 | 000,350,626 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\40h4kned.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013.05.09 15:23:13 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\40h4kned.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.05.09 15:35:38 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\40h4kned.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.22 00:57:23 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\40h4kned.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013.02.22 20:41:36 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\40h4kned.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2009.11.20 13:36:25 | 000,002,171 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\40h4kned.default\searchplugins\bing.xml [2010.06.15 00:31:50 | 000,000,943 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\40h4kned.default\searchplugins\conduit.xml [2013.05.17 21:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013.05.17 21:09:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.05.17 21:09:47 | 000,000,000 | ---D | M] (Family Toolbar) -- C:\Program Files\mozilla firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} [2013.05.17 21:09:47 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\mozilla firefox\extensions\afurladvisor@anchorfree.com [2013.05.17 21:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions [2013.05.17 21:09:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe () O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PGPlsp.dll (PGP Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\PGPlsp.dll (PGP Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.10.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{089BB120-765F-4498-8063-A96A5B125BAD}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4860A84F-ECF0-4CB5-99C6-F11FB0DA2D01}: Domain = uni-muenchen.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75FD3CFB-4D51-4A6E-9905-E91193F4F432}: DhcpNameServer = 8.8.8.8 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1c4d0f80-5483-11e0-bfe8-001bfb8b3b1c}\Shell - "" = AutoRun O33 - MountPoints2\{1c4d0f80-5483-11e0-bfe8-001bfb8b3b1c}\Shell\AutoRun\command - "" = H:\browsercall.exe PRE_USB-Stick_080607.ppt O33 - MountPoints2\{37a7f133-8f40-11df-9160-001bfb8b3b1c}\Shell - "" = AutoRun O33 - MountPoints2\{37a7f133-8f40-11df-9160-001bfb8b3b1c}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{454304c6-fa13-11de-b1ae-001bfb8b3b1c}\Shell - "" = AutoRun O33 - MountPoints2\{454304c6-fa13-11de-b1ae-001bfb8b3b1c}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk:c) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.22 14:04:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.22 13:26:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.05.22 13:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.22 13:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.22 13:25:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.22 13:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.17 21:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.09 15:23:47 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.22 16:49:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.22 16:22:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.22 14:07:12 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.05.22 14:05:26 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.05.22 14:05:17 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.05.22 14:04:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.22 13:25:46 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.22 13:00:34 | 000,253,610 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2013.05.22 12:55:51 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 12:55:51 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 12:47:22 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.22 12:47:21 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.05.22 12:47:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.22 12:47:08 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys [2013.05.21 15:17:47 | 000,253,610 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2013.05.16 22:40:03 | 000,444,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.16 13:54:46 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.16 13:54:46 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.16 13:54:46 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.16 13:54:46 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.09 15:22:37 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.08 14:39:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidEqd_01005.Wdf [2013.05.08 14:39:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LEqdUsb_01005.Wdf [2013.04.26 15:31:46 | 000,018,537 | ---- | M] () -- C:\Users\***\Documents\Bestaetigung_Bildupload.aspx [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.22 14:07:12 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.05.22 14:05:25 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.05.22 14:05:16 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.05.22 13:25:46 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.08 14:39:48 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidEqd_01005.Wdf [2013.05.08 14:39:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LEqdUsb_01005.Wdf [2013.04.26 15:31:45 | 000,018,537 | ---- | C] () -- C:\Users\***\Documents\Bestaetigung_Bildupload.aspx [2013.03.10 20:13:44 | 000,000,000 | ---- | C] () -- C:\Users\***\NCBI.INI [2013.03.10 20:12:02 | 000,000,295 | ---- | C] () -- C:\Users\***\SEQUIN.INI [2012.12.22 14:56:01 | 000,000,106 | ---- | C] () -- C:\Users\***\.Xauthority [2012.08.16 18:10:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2011.11.16 01:29:45 | 000,007,609 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.09.12 02:20:57 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2011.06.17 12:04:24 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig [2011.05.31 21:39:15 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2011.04.26 16:24:02 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.08.14 13:52:08 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.14 15:05:31 | 000,000,281 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2009.12.13 21:18:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.13 18:48:53 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2009.07.14 01:11:12 | 000,000,087 | R-S- | C] () -- C:\Users\***\AppData\Roaming\usernt.dat [2009.03.26 23:57:57 | 006,971,034 | ---- | C] () -- C:\Users\***\Charlies Engel.psd [2008.01.23 16:38:51 | 000,029,239 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2007.12.30 21:28:10 | 000,253,610 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2007.12.30 21:28:10 | 000,253,610 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.12.12 02:39:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5600-6600 Series [2009.12.12 02:40:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Advanced Chemistry Development [2009.12.12 02:40:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASCON Installer [2009.12.12 02:40:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASCON Programme [2010.05.09 17:07:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blackberry Desktop [2012.08.22 14:05:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre [2009.12.12 03:55:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint [2010.05.10 17:02:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Composer [2013.05.22 12:48:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.03.17 20:54:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.03.17 20:54:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2013.05.10 00:59:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2010.04.12 00:00:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FUJIFILM [2009.11.01 16:33:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2009.12.12 02:40:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo [2009.12.13 21:19:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.12.12 02:40:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexmark Productivity Studio [2012.11.22 01:53:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusE [2010.04.12 01:56:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyHeritage [2008.04.25 18:27:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.09.21 13:48:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PGP Corporation [2010.08.14 13:51:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion [2009.12.12 02:40:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steganos [2009.12.12 02:40:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teleca [2009.12.13 18:49:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2012.09.18 17:05:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2013.05.11 00:26:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2009.12.12 02:40:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone [2010.01.05 20:21:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Western Digital [2010.07.14 15:06:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Western DigitalTemp ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\musik2.jpg:Roxio EMC Stream < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.05.2013 16:50:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 48,23% Memory free
4,00 Gb Paging File | 2,71 Gb Available in Paging File | 67,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,50 Gb Total Space | 46,23 Gb Free Space | 33,14% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 69,93 Gb Free Space | 46,92% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035695F1-9743-413B-9036-F6ECE587A89D}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{1884480E-9936-4F67-93D1-5EE29A88806C}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{237E34AC-DFD7-4831-AA8E-C6197FD62C49}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{294BB26A-950F-48B1-B8DB-561CB4AB71D8}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{32824C87-22CF-47D6-BC2F-9B893D5F585C}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{35889330-69A8-4C5A-807B-85E8F9D77A3F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3B82FD21-576F-4039-838D-7ADF0A685AF0}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{6A6B577E-1BED-4A0B-B15C-797A088CC97B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{74588AD4-5AC3-4FD8-BD89-A3B1E7764F26}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{89F8AE04-F47D-4AC9-9075-81B541C8BFA8}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{BA361F9D-3BAA-4BBD-A215-4C81334F45D7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C89CE761-D706-473B-9D0C-79A2AC9E446F}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{FB537991-4DE4-414C-81B1-39497446360F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F1EC82-2394-4FBE-A8E9-144FDDCEB38C}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{08F2406A-F896-4857-85CE-69E737BA9C28}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe |
"{1AE5A3AA-B6C0-4511-B2B7-34ECB8D64BB0}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{239253F5-4B13-4F13-BABC-C3B7CD80AF8A}" = protocol=6 | dir=in | app=d:\spiele\lost(r) via domus\lost via domus\detection\launcher.exe |
"{2466B3AA-BEE5-4795-85D2-EF170C88592A}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{29E12ACF-85A7-49BA-AD95-A5EBC2EAD3A9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{318DC3D8-C085-4C4D-9DC8-C500B2BDBBFA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{33534328-FC38-4208-9EB2-EC37CC80185E}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{40215A05-4B38-4229-8F49-99A242567521}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4053B4BF-9FEA-4621-BE2E-CCA5AE81FFED}" = protocol=17 | dir=in | app=d:\spiele\lost(r) via domus\lost via domus\yeti_final_win32.exe |
"{4F36D0C5-ABAC-41BF-8BA5-10E821C922A1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5127EEC1-E7EB-40A9-82BF-A7563EBC01B2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5E6F4EAD-E598-4152-BEA7-32A6610A9E3E}" = protocol=6 | dir=in | app=d:\spiele\lost(r) via domus\lost via domus\yeti_final_win32.exe |
"{6844E314-6B58-4154-B507-1CCDD6514D73}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{6B4CE230-AA47-4CA2-A888-5A70C25560C6}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{6EECB3D6-7625-4A75-951D-912F26CB2BF3}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{70F7B028-F437-4415-B75C-9206DF891C2E}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe |
"{87F99ACD-4289-4911-AE17-714610ADFF6D}" = protocol=17 | dir=in | app=d:\spiele\lost(r) via domus\lost via domus\gu.exe |
"{8D9C7DE8-B539-4E8C-8EF2-F78860908339}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8DB4437D-78CB-41AE-84D6-4C1678A699A1}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{A969766F-73C4-4320-844C-F9BD0808C419}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A997E723-3346-4D5F-B9DA-967327E0A1F0}" = protocol=17 | dir=in | app=c:\users\onur dogan\appdata\roaming\dropbox\bin\dropbox.exe |
"{AB6A5648-541A-4F5A-A699-85744DEDD1BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0B29B35-0DF9-408B-B855-AC16D349493D}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{B167A211-A2EB-4A36-A58A-BF1135363628}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{BA03F827-D13F-4F7C-B261-1D96AE9140A0}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{C583AD6B-49C4-4CC5-B5F9-D7E767B3723C}" = protocol=6 | dir=in | app=d:\spiele\lost(r) via domus\lost via domus\gu.exe |
"{C65F5863-BC9E-4264-8729-8428AEECB639}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C70CC3E4-3475-4CF5-B846-6D4DD8A4A6CE}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{C8F59B1C-FF4F-4807-A572-E908243E6694}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D0A870F1-DCAB-46F4-8193-8764EF602C74}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{D626F93C-E2D7-44F6-9FB1-40763C526CDB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D8212A9E-322B-4344-BE5A-0233E7EACD1A}" = protocol=17 | dir=in | app=d:\spiele\lost(r) via domus\lost via domus\detection\launcher.exe |
"{EFB538AA-A7FC-4220-8438-529CF8811422}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F2940622-7178-47EC-9708-1B4F5B72C4A0}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{F5A1081C-C8D8-4D60-9258-3CAD033CFECA}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"TCP Query User{075CE93D-EC98-45D0-929B-96A7DC50BFBB}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{1746368C-505B-4088-AF82-B6AA528A6DBE}C:\program files\nx client for windows\bin\nxssh.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows\bin\nxssh.exe |
"TCP Query User{3258DD1C-6DF9-4B19-8DAC-49C0202DAB81}C:\program files\research in motion\blackberry theme studio 5.0\_jvm\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry theme studio 5.0\_jvm\bin\javaw.exe |
"TCP Query User{3E916FB5-564D-4A7C-9E05-350257D1D7E4}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{5EB33BAB-D58F-4644-8A21-806DC9EE967A}C:\program files\x2goclient\sshd.exe" = protocol=6 | dir=in | app=c:\program files\x2goclient\sshd.exe |
"TCP Query User{82685BAF-6470-4131-8940-FFEF87A5E9A9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{83F0D3E0-44BD-498E-A0DF-B9950B39CEF5}C:\program files\sony\vaio media registration tool\vmpclient.exe" = protocol=6 | dir=in | app=c:\program files\sony\vaio media registration tool\vmpclient.exe |
"TCP Query User{8C239D1D-36B5-4FF2-938A-E054A5577835}C:\program files\research in motion\blackberry theme studio 5.0\_jvm\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry theme studio 5.0\_jvm\bin\java.exe |
"TCP Query User{90BCE46E-695C-4EC7-BADE-882A5B4E77D8}C:\program files\nx client for windows\nxclient.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows\nxclient.exe |
"TCP Query User{9B2742EB-3DAF-4D33-8D7B-99190CAEDD3D}C:\program files\x2goclient\pulse\pulseaudio.exe" = protocol=6 | dir=in | app=c:\program files\x2goclient\pulse\pulseaudio.exe |
"TCP Query User{AD6FDB79-3C42-4BAC-811A-797D46DD500E}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{CE42EB5B-60E9-41C0-846E-D111E4A1F352}C:\program files\nx client for windows\bin\nxssh.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows\bin\nxssh.exe |
"TCP Query User{CFB6BA58-F580-4E4D-B88F-8304DC96EC6B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{018A8111-FBF9-4A87-898E-E0400F91FB10}C:\program files\nx client for windows\nxclient.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows\nxclient.exe |
"UDP Query User{38AD33F9-D7D5-464D-9E18-B5722D553FB1}C:\program files\x2goclient\sshd.exe" = protocol=17 | dir=in | app=c:\program files\x2goclient\sshd.exe |
"UDP Query User{4BA0132C-50ED-4243-9697-6294CDFFD648}C:\program files\research in motion\blackberry theme studio 5.0\_jvm\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry theme studio 5.0\_jvm\bin\javaw.exe |
"UDP Query User{4DA4D2F2-154F-4DFD-A789-099D239895F7}C:\program files\nx client for windows\bin\nxssh.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows\bin\nxssh.exe |
"UDP Query User{508A1EE9-85C5-4BAF-9DF7-214F61988B4C}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{74C73680-0509-4D8B-98BE-8B219124138E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{B065173B-EA4F-4479-8920-34285231CC89}C:\program files\research in motion\blackberry theme studio 5.0\_jvm\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry theme studio 5.0\_jvm\bin\java.exe |
"UDP Query User{C1F20449-2DB3-44D2-B8F3-BBB9C6811E2D}C:\program files\x2goclient\pulse\pulseaudio.exe" = protocol=17 | dir=in | app=c:\program files\x2goclient\pulse\pulseaudio.exe |
"UDP Query User{D14FD02F-70AE-4EE8-A583-DCC819FF453C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E597E212-EDAB-4703-B2BE-FA7FF3917C67}C:\program files\nx client for windows\bin\nxssh.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows\bin\nxssh.exe |
"UDP Query User{ED155922-7165-40DF-81F9-725DF001CDE5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F78811CA-45FD-49F5-BCED-9D130A27E7C8}C:\program files\sony\vaio media registration tool\vmpclient.exe" = protocol=17 | dir=in | app=c:\program files\sony\vaio media registration tool\vmpclient.exe |
"UDP Query User{FD6AD856-B72D-451D-A23C-A8F90D3261B3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0312BD0D-A1FE-4E1A-9208-D436F566D867}" = VAIO Azure Float Wallpaper
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.1205
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{09A84598-E18A-4E7B-A49A-E19BB8D5C648}" = AppMon Utility
"{0AAE6279-45D3-4E87-A8C5-0E6F29BC2C32}" = VAIO Content Importer VAIO Content Exporter
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{133F46FF-B547-4462-AEAA-2322CA89CF67}" = VAIO Database Converter Ver 1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1B47F7BA-7CF9-4F00-9340-099E3A004059}" = VAIO Update Merge Module x86
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2702B8FC-6003-4AC6-ADBC-EC65746D800A}" = Lost Via Domus
"{28AD24E2-BC9F-49B8-A20C-31C6C2D78428}" = VAIO Database Converter 1.0
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{33017152-D6EA-46DD-93E0-7D2679CCBB51}" = Corel WinDVD
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D88D5E3-3BA1-4B8A-9536-4C4CACFFEC97}" = BlackBerry Device Software v6.0.0 für das BlackBerry 9700-Smartphone
"{3EB47E4E-AEA2-4DCD-BC4C-7191D4E1B3EF}" = VAIO Content Metadata XML Interface Library
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA0CF6F-2C23-4A29-9A3B-CF68207755B4}" = VAIO Content Metadata Intelligent Analyzing Manager
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{51B055DD-A5F8-4D0C-A09C-66E58AD56F20}" = WD SmartWare
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C1EC809-88C6-4111-A6E0-0C6E203B3818}" = VAIO Movie Story 1.3 Upgrade
"{6C9FCAE4-E4D5-4465-AAD5-8E1245485E63}" = Steganos Password Manager Free
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6DBC43E3-EA67-46F3-BA2B-93310AF94D85}" = PGP Desktop
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Funktion Einstellungen
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FC56444-161D-43B4-A662-F18F2E4A2A32}" = VAIO Content Metadata Manager Setting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEBB1D78-EB8C-4F8B-B57E-459958979C3B}" = VAIO Content Metadata XML Interface Library
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" =
"{B06FE058-3C46-40D1-9298-E43CB6CA35C9}" = Click to DVD Menu Data 1.0 for BD
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{CC85B598-5643-4FD0-9AD9-B7B551D2F435}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CF3C170B-D713-4089-84FE-63285B424B95}" = calibre
"{D17D6E7A-DF1E-41E9-B8C2-0078110221A3}" = VAIO Update Merge Module x86
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0
"{DCD786A9-31EF-4D35-B7CC-EFB8F548AEE2}" = O&O SafeErase
"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD BD 3.0.23
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EBE55E74-AF94-47BB-849B-C79F236C65F4}" = VAIO Movie Story
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3DCD04C-BE9C-408C-BC8C-B77AF972DBC2}" = teXXas
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\
"Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.3.1 Standard
"Adobe Acrobat 8 Standard - English, Français, Deutsch_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry Theme Studio 5.0" = BlackBerry Theme Studio 5.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.0
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dt icon module" =
"eBay HTML" =
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Family Tree Builder" = MyHeritage Family Tree Builder
"FileZilla Client" = FileZilla Client 3.6.0.2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 5.3.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"gtfirstboot Setting Request" =
"HotspotShield" = Hotspot Shield 2.81
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"JDownloader" = JDownloader
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Logitech Unifying" = Logitech Unifying-Software 2.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"MyTomTom" = MyTomTom 3.2.0.802
"NVIDIA Drivers" = NVIDIA Drivers
"nxclient_is1" = NX Client for Windows 3.4.0-5
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Picasa 3" = Picasa 3
"Quarks&Co Screensaver Screensaver" = Quarks&Co Screensaver Screensaver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"VAIO Help and Support" =
"VAIO MFU Module" =
"VAIO Xblack Contents" = VAIO Xblack Contents
"WinRAR archiver" = WinRAR
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{dfc307dd-ab9f-4f7b-844c-a97d6e70cac4}_is1" = FitLive 1.1.10
"Dropbox" = Dropbox
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live PSG" = DC Universe Online Live
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.05.2013 09:57:33 | Computer Name = ***| Source = Windows Search Service | ID = 9000
Description =
Error - 22.05.2013 09:57:33 | Computer Name = *** | Source = Windows Search Service | ID = 7040
Description =
Error - 22.05.2013 09:57:33 | Computer Name = *** | Source = Windows Search Service | ID = 7042
Description =
Error - 22.05.2013 09:57:33 | Computer Name = *** | Source = Windows Search Service | ID = 1006
Description =
Error - 22.05.2013 10:18:46 | Computer Name = *** | Source = ESENT | ID = 490
Description = Windows (2496) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 22.05.2013 10:18:46 | Computer Name = *** | Source = ESENT | ID = 455
Description = Windows (2496) Windows: Fehler -1811 (0xfffff8ed) beim Öffnen von
Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
Error - 22.05.2013 10:18:47 | Computer Name = ***| Source = Windows Search Service | ID = 9000
Description =
Error - 22.05.2013 10:18:47 | Computer Name = *** | Source = Windows Search Service | ID = 7040
Description =
Error - 22.05.2013 10:18:47 | Computer Name = ***| Source = Windows Search Service | ID = 7042
Description =
Error - 22.05.2013 10:18:47 | Computer Name = *** | Source = Windows Search Service | ID = 1006
Description =
[ OSession Events ]
Error - 03.11.2009 13:31:47 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 146
seconds with 120 seconds of active time. This session ended with a crash.
Error - 10.12.2009 21:17:21 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.12.2009 20:40:31 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 65
seconds with 60 seconds of active time. This session ended with a crash.
Error - 09.02.2011 14:23:55 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 14.04.2011 11:02:13 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.04.2011 12:55:17 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28.05.2011 09:17:39 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 02.06.2011 16:27:25 | Computer Name = ***| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.06.2011 12:39:10 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.06.2011 02:37:53 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 22.05.2013 09:55:09 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473536.
Error - 22.05.2013 09:55:09 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
16 Mal passiert.
Error - 22.05.2013 09:55:54 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473536.
Error - 22.05.2013 09:55:54 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
17 Mal passiert.
Error - 22.05.2013 09:57:14 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473536.
Error - 22.05.2013 09:57:14 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
18 Mal passiert.
Error - 22.05.2013 09:57:34 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473536.
Error - 22.05.2013 09:57:34 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
19 Mal passiert.
Error - 22.05.2013 10:18:47 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473536.
Error - 22.05.2013 10:18:47 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
20 Mal passiert.
< End of report >
Falls dieser benötigt wird, kann ich ihn gerne als Archiv hochladen. Aus eurer Anleitung für Hilfesuchende ging aber hervor, dass dies nur getan werden sollte, wenn ihr ausdrücklich darum bittet, daher warte ich erstmal auf eure Antwort. Nochmal Danke!   Kleines Update: Hab jetzt mal ein Quick-scan mit Malwarebytes durchgeführt und dabei wurde ein Malware.Trace entdeckt. Hab dan die entsprechende Datei unter Quarantäne gestellt. Hier der Log Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.22.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16576 *** :: ***-PC [Administrator] 23.05.2013 00:26:06 mbam-log-2013-05-23 (00-26-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 251305 Laufzeit: 15 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\***\AppData\Roaming\usernt.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Hab jetzt mal ein Quick-scan mit Malwarebytes durchgeführt und dabei wurde ein Malware.Trace entdeckt. Hab dan die entsprechende Datei unter Quarantäne gestellt. Hier der Log Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.22.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16576 *** :: ***-PC [Administrator] 23.05.2013 00:26:06 mbam-log-2013-05-23 (00-26-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 251305 Laufzeit: 15 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\***\AppData\Roaming\usernt.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Geändert von SWista (22.05.2013 um 23:11 Uhr) |
|
23.05.2013, 12:05
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Wahrscheinlich E-mail durch Keylogger gehackt Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
23.05.2013, 14:40
| #3 |
| | Wahrscheinlich E-mail durch Keylogger gehackt Hi Cosinus,
__________________Danke für die schnelle Rückmeldung. Ich hab nach dem kompletten Scan der Festplatte mit dem Antivirenprogramm kein weiteren Scan mehr durchgeführt. Leider sind in dem Antivirenprogramm keine älteren Logs als vom 30.04 diseen Jahres und die sind alle soweit sauber, aber natürlich Poste ich diese im Anschluss, wenn du diese einsehen möchtest. Mit Malware hab ich gestern Nacht nochmal einen kompletten Scan durchlaufen lassen, was ziehmlich zeitintensiv war, und dabei ist er tatsächlich nochmal fündig geworden. In einem Ordner von Studiumssachen, die ich von einem Freund vor Jahren bekommen habe. Damals, daran kann ich mich noch gut dran erinnern, hatte mir mein Antivirenprogramm nichts beanstandet und seit dem auch nicht mehr. In dem Bericht steht zwar, dass keine Aktion durchgeführt wurde, aber ich hab die Datei dann ebenfalls in Quarantäne gestellt. Darf ich diese Datein eigentlich von Malwarebytes löschen lassen oder lieber nicht? Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.22.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16576 *** :: ***-PC [Administrator] 23.05.2013 01:17:14 MBAM-log-2013-05-23 (04-16-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 514692 Laufzeit: 2 Stunde(n), 57 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\***\Documents\Studium\Rechtliches\Matts TUKram\Wichtige Nachschlagewerke\Daemon Tools (4.06).exe (Adware.WhenU) -> Keine Aktion durchgeführt. (Ende) |
|
23.05.2013, 14:48
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wahrscheinlich E-mail durch Keylogger gehackt Das ist nur ein Adwarefund Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.05.2013, 21:23
| #5 |
| | Wahrscheinlich E-mail durch Keylogger gehackt So, hab alles (hoffentlich) so gemacht, wie angeführt. Der GMER Log ist deutlich zu lang. Soll ich diesen als Archiv anhängen? MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.23.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
*** :: ***-PC [administrator]
23.05.2013 18:24:45
mbar-log-2013-05-23 (18-24-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30614
Time elapsed: 22 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
für eure schnellen Antworten. Da kann sich so mancher kostenpflichtiger Servicedienstleister mindestens eine Scheiben von abschneiden. |
|
23.05.2013, 21:53
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wahrscheinlich E-mail durch Keylogger gehackt ja wenn zu lang, dann bitte gezippt anhängen
__________________ --> Wahrscheinlich E-mail durch Keylogger gehackt |
|
23.05.2013, 22:46
| #7 |
| | Wahrscheinlich E-mail durch Keylogger gehackt GMER Log ist im Anhang. |
|
23.05.2013, 22:48
| #8 |
| | Wahrscheinlich E-mail durch Keylogger gehackt Könntest du vielleich eine Prognose stellen, ob und wie schlimm es aussieht? Danke! |
|
23.05.2013, 22:58
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wahrscheinlich E-mail durch Keylogger gehackt noch ist alles unauffällig aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Wahrscheinlich E-mail durch Keylogger gehackt |
| adobe reader xi, antiviren-programm, applaus, avira, bho, converter, e-mail, ebay, error, firefox, flash player, ftp, home, hotspot, install.exe, installation, internet, logfile, mozilla, mp3, plug-in, prozess, realtek, registry, rundll, scan, security, smartphone, software, svchost.exe, visual studio, windows |
Linear-Darstellung
