Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Atraps.gen - TR/Atraps.gen2 - TR/Rogue.kdv.686334 - von AVIRA Antivirus entdeckt (https://www.trojaner-board.de/122721-tr-atraps-gen-tr-atraps-gen2-tr-rogue-kdv-686334-avira-antivirus-entdeckt.html)

MacSepp 24.08.2012 15:58
TR/Atraps.gen - TR/Atraps.gen2 - TR/Rogue.kdv.686334 - von AVIRA Antivirus entdeckt
 
Guten Tag,
ich bin über google auf Ihr Forum gestoßen.

Auf meinem Notebook vermeldet AVIRA Antivirus alle paar Minuten folgende Funde, die sich nicht mehr löschen lassen:
TR/Atraps.gen
TR/Atraps.gen2
TR/Rogue.kdv.686334

Für Ihre Hilfe, meinen Rechner wieder sauber zu bekommen, möchte ich mich schon im Voraus herzlich bedanken.

Beste Grüße
Sebastian



Der Quickscan mit Malwarebytes Anti-Malware liefert folgendes Ergebnis:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.24.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MacSepp :: GONDWANA2 [Administrator]

24.08.2012 16:33:05
mbam-log-2012-08-24 (16-33-05).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 209258
Laufzeit: 10 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\MacSepp\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MacSepp\AppData\Local\Temp\5007600.exe (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

t'john 24.08.2012 16:22
:hallo:

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

MacSepp 24.08.2012 22:48
Danke für die zügige Hilfestellung.

Hier schon mal der Log des Vollscans mit Malwarebytes Anti-Malware. Das Ergebnis vom 2. Schritt folgt zugleich.


Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.08.24.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MacSepp :: GONDWANA2 [Administrator]

24.08.2012 17:27:27
mbam-log-2012-08-24 (17-27-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 448525
Laufzeit: 4 Stunde(n), 43 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\n (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

t'john 24.08.2012 22:53
Die OTL Logs?

MacSepp 24.08.2012 22:57
Hier die Ergebnisse vom AdwCleaner:

# AdwCleaner v1.801 - Logfile created 08/24/2012 at 23:56:42
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : MacSepp - GONDWANA2
# Boot Mode : Normal
# Running from : C:\Users\MacSepp\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****



Da Sie nach den OTL Logs fragen, muss ich doch noch mal nachrfragen: Soll ich nur die von Ihnen oben aufgeführten Schritte 1 und 2 durchführen oder aber auch die Schritte 1-3 von Punkt 2 auf http://www.trojaner-board.de/69886-a...-beachten.html ??


***** [Files / Folders] *****

Folder Found : C:\Users\MacSepp\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1090 octets] - [24/08/2012 23:56:42]

########## EOF - C:\AdwCleaner[R1].txt - [1218 octets] ##########





Da Sie nach den OTL Logs fragen, muss ich doch noch mal nachfragen: Soll ich nur die von Ihnen oben aufgeführten Schritte 1 und 2 durchführen oder aber auch die Schritte 1-3 von Punkt 2 auf http://www.trojaner-board.de/69886-a...-beachten.html ??

t'john 24.08.2012 23:20
Sorry, habe den OTL-Teil vergessen ;)

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.


Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.*
%APPDATA%\*AcroIEH*.*
%APPDATA%\*.exe
%APPDATA%\*.tmp
CREATERESTOREPOINT

MacSepp 24.08.2012 23:50
OTL Logfile:
Code:
OTL logfile created on: 25.08.2012 00:27:11 - Run 1
OTL by OldTimer - Version 3.2.58.1    Folder = C:\Users\MacSepp\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,91% Memory free
5,93 Gb Paging File | 4,47 Gb Available in Paging File | 75,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,24 Gb Total Space | 71,11 Gb Free Space | 25,20% Space Free | Partition Type: NTFS
Drive D: | 170,62 Gb Total Space | 138,54 Gb Free Space | 81,20% Space Free | Partition Type: NTFS
 
Computer Name: GONDWANA2 | User Name: MacSepp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.25 00:23:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\MacSepp\Desktop\OTL.exe
PRC - [2012.08.24 15:37:16 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.04 18:46:34 | 000,079,008 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realonemessagecenter.exe
PRC - [2012.05.10 00:29:07 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.10 00:29:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.10 00:29:07 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.17 11:36:08 | 001,015,912 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2012.01.13 10:53:48 | 000,939,624 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Update Common\VUAgent.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.21 16:12:58 | 000,745,280 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2011.11.21 16:11:58 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.19 15:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2010.10.19 15:06:30 | 001,206,544 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2010.10.19 15:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010.06.26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2010.06.22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010.05.20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.11.17 19:12:56 | 000,133,664 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService.exe
PRC - [2009.09.16 14:27:12 | 000,480,624 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009.08.26 09:45:23 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.26 09:45:23 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.08.10 23:09:32 | 000,284,592 | ---- | M] (Sony Corporation) -- C:\Programme\sony\Network Utility\LANUtil.exe
PRC - [2009.08.04 09:58:32 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Event Service\VESMgr.exe
PRC - [2009.08.04 09:58:32 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009.07.23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009.07.23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009.07.22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009.07.06 11:50:48 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Power Management\SPMgr.exe
PRC - [2009.07.06 11:50:48 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Power Management\SPMService.exe
PRC - [2009.07.01 19:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.06.11 14:54:08 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Programme\sony\Network Utility\NSUService.exe
PRC - [2009.04.14 10:50:26 | 000,487,992 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe
PRC - [2009.01.08 20:08:54 | 003,344,680 | ---- | M] (Sony Corporation) -- C:\Programme\sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
PRC - [2008.12.08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.09.30 02:04:57 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe
PRC - [2008.09.30 02:04:57 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe
PRC - [2008.09.30 02:04:55 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe
PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008.08.01 14:31:00 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007.08.28 10:01:34 | 000,053,248 | ---- | M] (HP) -- C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2007.05.08 16:44:58 | 000,036,864 | ---- | M] () -- C:\Programme\HP\HP UT\bin\hppusg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 20:01:03 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.13 19:54:10 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.13 19:53:56 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.13 19:53:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 19:53:25 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.13 19:53:22 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
MOD - [2012.06.13 19:53:07 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.08 20:18:22 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012.05.08 20:18:22 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\100d39c2f8985cb93e26feef86ba5212\System.IdentityModel.Selectors.ni.dll
MOD - [2012.05.08 20:18:21 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012.05.08 20:18:19 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012.05.08 20:18:18 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012.05.08 20:08:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.08 20:07:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.08 20:07:24 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012.05.08 20:07:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.08 20:07:00 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.08 20:06:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.08 20:06:56 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.08 20:06:50 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 01:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 04:00:15 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll
MOD - [2009.11.17 18:07:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\4.0.0.4200__1b3c579b6925895f\SPMDam.dll
MOD - [2009.11.17 18:07:41 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\4.0.0.4200__e3c7096ba83f9295\SPMCommon.dll
MOD - [2009.11.17 17:31:52 | 001,736,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3503.38390__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009.11.17 17:31:52 | 000,339,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3503.38372__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.11.17 17:31:52 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3503.38391__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.11.17 17:31:52 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3503.38386__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.11.17 17:31:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3503.38381__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.11.17 17:31:51 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.11.17 17:31:51 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3503.38439__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.11.17 17:31:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3503.38381__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.11.17 17:31:51 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3503.38421__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.11.17 17:31:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3503.38458__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.11.17 17:31:51 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3503.38413__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.11.17 17:31:50 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.11.17 17:31:50 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.11.17 17:31:50 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.11.17 17:31:49 | 000,782,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3503.38415__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.11.17 17:31:49 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3503.38434__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.11.17 17:31:49 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3503.38391__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.11.17 17:31:49 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.11.17 17:31:48 | 000,950,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3503.38482__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2009.11.17 17:31:48 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3503.38392__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.11.17 17:31:48 | 000,360,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3503.38409__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.11.17 17:31:48 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3503.38420__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009.11.17 17:31:48 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3503.38396__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009.11.17 17:31:48 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3503.38419__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.11.17 17:31:48 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3503.38395__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.11.17 17:31:48 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3503.38419__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.11.17 17:31:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3503.38420__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.11.17 17:31:47 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.11.17 17:31:47 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009.11.17 17:31:47 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3503.38413__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.11.17 17:31:47 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.11.17 17:31:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3496.39091__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.11.17 17:31:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3496.39089__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.11.17 17:31:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3496.39100__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009.11.17 17:31:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3496.39127__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009.11.17 17:31:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3496.39125__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.11.17 17:31:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3496.39099__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.11.17 17:31:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3496.39125__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.11.17 17:31:47 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.11.17 17:31:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3496.39086__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.11.17 17:31:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3496.39087__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.11.17 17:31:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3496.39098__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.11.17 17:31:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.11.17 17:31:45 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3496.39091__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.11.17 17:31:45 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3496.39088__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.11.17 17:31:45 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.11.17 17:31:45 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3496.39157__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.11.17 17:31:45 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3496.39091__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.11.17 17:31:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3496.39092__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.11.17 17:31:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3496.39089__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.11.17 17:31:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3496.39122__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.11.17 17:31:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.11.17 17:31:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3496.39090__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.11.17 17:31:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.11.17 17:31:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3496.39101__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.11.17 17:31:44 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3496.39108__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.11.17 17:31:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3496.39122__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.11.17 17:31:43 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3496.39109__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.11.17 17:31:43 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3496.39106__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.11.17 17:31:43 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3496.39105__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.11.17 17:31:43 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3496.39105__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.11.17 17:31:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3496.39108__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.11.17 17:31:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3496.39096__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.11.17 17:31:43 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.11.17 17:31:43 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3496.39101__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.11.17 17:31:43 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3496.39099__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.11.17 17:31:43 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3496.39107__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.11.17 17:31:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3496.39102__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.11.17 17:31:42 | 000,651,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3503.38481__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2009.11.17 17:31:42 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3503.38452__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.11.17 17:31:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3503.38463__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.11.17 17:31:42 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3496.39089__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.11.17 17:31:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3496.39090__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009.11.17 17:31:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3496.39098__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.11.17 17:31:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3496.39090__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.11.17 17:31:42 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3503.38368__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.11.17 17:31:41 | 000,552,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3503.38447__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.11.17 17:31:41 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3503.38385__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.11.17 17:31:41 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3503.38451__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.11.17 17:31:41 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3503.38372__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009.11.17 17:31:41 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3503.38371__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.11.17 17:31:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3496.39100__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.11.17 17:31:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3496.39088__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.11.17 17:31:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3496.39099__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.11.17 17:31:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3496.39098__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.11.17 17:31:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3496.39097__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.11.17 17:31:40 | 001,212,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3503.38377__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.11.17 17:31:40 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3503.38370__90ba9c70f846762e\APM.Server.dll
MOD - [2009.11.17 17:31:40 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3503.38369__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.11.17 17:31:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3496.39092__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.11.17 17:31:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.11.17 17:31:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3496.39110__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009.11.17 17:31:40 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3503.38452__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.11.17 16:40:25 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2009.08.18 05:49:44 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll
MOD - [2008.08.26 12:41:42 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2007.12.21 05:06:58 | 002,969,600 | ---- | M] () -- C:\Programme\Common Files\Sony Shared\AVLib\SonicStage Effect Plugins\Sony Limiter Plugin.dll
MOD - [2007.08.28 10:01:18 | 000,102,400 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\HPFaxUtilities.dll
MOD - [2007.08.28 10:01:16 | 000,573,440 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\Alerts.dll
MOD - [2007.08.28 10:00:48 | 000,434,176 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\HPAppTools.dll
MOD - [2007.08.28 10:00:42 | 000,069,632 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\AppConstants.dll
MOD - [2007.08.28 10:00:40 | 000,040,960 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\Enumeration.dll
MOD - [2007.08.28 10:00:40 | 000,032,768 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\NamedPipeChannel.dll
MOD - [2007.08.28 10:00:36 | 000,122,880 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\HPToolkit.dll
MOD - [2007.08.28 10:00:34 | 000,016,384 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\HPStreamsInterface.dll
MOD - [2007.08.28 10:00:32 | 000,069,632 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\HPTools.dll
MOD - [2007.08.28 09:59:54 | 000,069,632 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\NativeUtils.dll
MOD - [2007.05.08 16:44:58 | 000,114,688 | ---- | M] () -- C:\Programme\HP\HP UT\bin\HPToolkit.dll
MOD - [2007.05.08 16:44:58 | 000,057,344 | ---- | M] () -- C:\Programme\HP\HP UT\bin\HPUsageTracking.dll
MOD - [2007.05.08 16:44:58 | 000,036,864 | ---- | M] () -- C:\Programme\HP\HP UT\bin\hppusg.exe
MOD - [2007.05.08 16:44:58 | 000,036,864 | ---- | M] () -- C:\Programme\HP\HP UT\bin\Enumeration.dll
MOD - [2007.05.08 16:44:44 | 000,065,536 | ---- | M] () -- C:\Programme\HP\HP UT\bin\HPTools.dll
MOD - [2007.05.08 16:44:40 | 000,016,384 | ---- | M] () -- C:\Programme\HP\HP UT\bin\HPStreamsInterface.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2012.07.17 20:30:49 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.10 00:29:07 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.10 00:29:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.01.13 10:53:48 | 000,939,624 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.30 21:51:13 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.11.21 16:11:58 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.11.21 16:10:04 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.19 15:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.10.19 15:05:22 | 000,227,600 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2010.10.19 15:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.05.20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010.05.06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.11.17 19:12:56 | 000,133,664 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2009.09.24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009.09.16 14:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009.09.08 19:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009.08.26 09:45:23 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.08.04 09:58:32 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009.07.27 17:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.07.27 17:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.07.27 17:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.07.27 17:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.07.27 17:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.07.23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009.07.23 11:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.07.23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.07.22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.06 11:50:48 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.26 12:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.06.26 12:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.11 14:54:08 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2009.04.23 15:10:44 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.12.08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008.08.01 14:31:00 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.05.10 00:29:08 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.10 00:29:08 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.10.18 03:20:48 | 007,122,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.03.18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.02.24 14:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.08.26 09:45:53 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.06.30 14:55:35 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009.05.28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2008.11.25 00:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008.11.19 02:08:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008.10.23 02:02:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008.10.23 02:02:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.09.30 02:04:57 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008.04.24 14:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008.01.25 04:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.16 17:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.03.28 14:10:18 | 000,050,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpusbxp.sys -- (umpusbxp)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
IE - HKLM\..\SearchScopes\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?rls=ig
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYS_de
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7SNYS_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\SearchScopes\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\SearchScopes\{B8C7A1C1-F7DA-4E26-B217-07C9D115A010}: "URL" = hxxp://www.bing.com/search?FORM=ASHTDF&PC=ASHTDF&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=ASHTDF&PC=ASHTDF&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/|hxxp://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {0dd39226-2650-404d-a43d-ffd906b35a9e}:0.2.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {5D558C43-550F-4b12-84AB-0D8ABDA9F975}:1.2.1
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {19EB90DC-A456-458b-8AAC-616D91AAFCE1}:0.7
FF - prefs.js..extensions.enabledItems: snaplinks@snaplinks.mozdev.org:1.0.8
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\MacSepp\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.11 22:39:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.02.15 23:17:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.04 18:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.13 20:33:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.17 20:30:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.04 18:47:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.16 18:47:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.06.04 18:47:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.11 22:39:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.17 20:30:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.04 18:47:12 | 000,000,000 | ---D | M]
 
[2009.12.14 20:12:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MacSepp\AppData\Roaming\mozilla\Extensions
[2009.12.14 20:12:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MacSepp\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.24 15:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MacSepp\AppData\Roaming\mozilla\Firefox\Profiles\wwa16h71.default\extensions
[2011.02.13 21:10:22 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\MacSepp\AppData\Roaming\mozilla\Firefox\Profiles\wwa16h71.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010.04.27 15:31:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MacSepp\AppData\Roaming\mozilla\Firefox\Profiles\wwa16h71.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.01 09:28:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\MacSepp\AppData\Roaming\mozilla\Firefox\Profiles\wwa16h71.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.02.13 21:10:23 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\MacSepp\AppData\Roaming\mozilla\Firefox\Profiles\wwa16h71.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.03.19 00:40:18 | 000,000,000 | ---D | M] (ViewInFirefox) -- C:\Users\MacSepp\AppData\Roaming\mozilla\Firefox\Profiles\wwa16h71.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}
[2010.01.06 23:29:22 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\MacSepp\AppData\Roaming\mozilla\Firefox\Profiles\wwa16h71.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2009.11.17 16:49:26 | 000,000,000 | ---D | M] ("OpenBook") -- C:\Users\MacSepp\AppData\Roaming\mozilla\Firefox\Profiles\wwa16h71.default\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
[2010.05.11 19:26:23 | 000,000,000 | ---D | M] (Chromifox Extreme) -- C:\Users\MacSepp\AppData\Roaming\mozilla\Firefox\Profiles\wwa16h71.default\extensions\cfxe@Triton
[2010.03.04 21:13:02 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Users\MacSepp\AppData\Roaming\mozilla\Firefox\Profiles\wwa16h71.default\extensions\chromifox@altmusictv.com
[2012.02.17 03:36:35 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Users\MacSepp\AppData\Roaming\mozilla\Firefox\Profiles\wwa16h71.default\extensions\clickclean@hotcleaner.com
[2011.04.21 00:51:36 | 000,000,000 | ---D | M] (Ovi Maps 3D browser plugin) -- C:\Users\MacSepp\AppData\Roaming\mozilla\Firefox\Profiles\wwa16h71.default\extensions\maps@ovi.com
[2011.03.23 22:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MacSepp\AppData\Roaming\mozilla\Firefox\Profiles\wwa16h71.default\extensions\nostmp
[2010.11.12 00:09:12 | 000,000,000 | ---D | M] (qtl) -- C:\Users\MacSepp\AppData\Roaming\mozilla\Firefox\Profiles\wwa16h71.default\extensions\qtl.co.il@gmail.com
[2009.12.15 20:17:07 | 000,002,186 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\searchplugins\bing.xml
[2012.08.24 16:06:59 | 000,002,521 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\searchplugins\duden---in-allen-bereichen.xml
[2010.08.01 00:59:40 | 000,005,389 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\searchplugins\duden-suche.xml
[2012.08.24 16:06:59 | 000,002,189 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\searchplugins\facebook.xml
[2012.08.24 16:07:00 | 000,002,171 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\searchplugins\flickr.xml
[2011.08.17 18:27:53 | 000,010,525 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\searchplugins\gmx-suche.xml
[2010.04.22 00:54:04 | 000,003,171 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\searchplugins\kinoto.xml
[2012.08.24 16:06:59 | 000,001,961 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\searchplugins\leo-de-en.xml
[2012.03.02 01:05:10 | 000,001,937 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\searchplugins\myspace.xml
[2009.10.27 12:40:54 | 000,002,108 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\searchplugins\qtl.xml
[2010.11.07 21:55:49 | 000,005,509 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\searchplugins\soundcloud.xml
[2010.02.01 20:17:43 | 000,001,334 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\searchplugins\wiktionary-de.xml
[2010.02.25 21:39:36 | 000,002,028 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\searchplugins\xing---powering-relationships.xml
[2010.02.03 22:29:15 | 000,001,713 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\searchplugins\youtube-videosuche.xml
[2012.08.24 16:06:59 | 000,002,385 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\searchplugins\youtube.xml
[2012.03.13 21:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.13 20:33:19 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.02.20 21:59:24 | 000,022,405 | ---- | M] () (No name found) -- C:\USERS\MACSEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWA16H71.DEFAULT\EXTENSIONS\{12C86D9F-4404-481A-9353-7D1015DDEAC4}.XPI
[2011.07.18 18:47:45 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\MACSEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWA16H71.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2012.04.24 20:55:04 | 000,081,104 | ---- | M] () (No name found) -- C:\USERS\MACSEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWA16H71.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
[2012.08.24 15:55:38 | 000,527,187 | ---- | M] () (No name found) -- C:\USERS\MACSEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWA16H71.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011.10.30 02:06:17 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\MACSEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWA16H71.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.07.21 21:36:04 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\MACSEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWA16H71.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012.03.29 22:26:11 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\MACSEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWA16H71.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2011.03.23 22:55:36 | 000,027,225 | ---- | M] () (No name found) -- C:\USERS\MACSEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWA16H71.DEFAULT\EXTENSIONS\CLEARCACHE@MICHEL.DE.ALMEIDA.XPI
[2011.08.16 19:12:07 | 000,019,278 | ---- | M] () (No name found) -- C:\USERS\MACSEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWA16H71.DEFAULT\EXTENSIONS\MAIL@SINDRE.AT.XPI
[2011.03.23 22:55:37 | 000,006,496 | ---- | M] () (No name found) -- C:\USERS\MACSEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWA16H71.DEFAULT\EXTENSIONS\NADIR.KADEM@GMAIL.COM.XPI
[2011.08.19 12:42:10 | 000,006,074 | ---- | M] () (No name found) -- C:\USERS\MACSEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWA16H71.DEFAULT\EXTENSIONS\PRINTPRINTPREVIEW-ANDREWSFIREFOXEXTENSIONS@GMAIL.COM.XPI
[2011.12.22 14:44:05 | 000,104,521 | ---- | M] () (No name found) -- C:\USERS\MACSEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWA16H71.DEFAULT\EXTENSIONS\SNAPLINKS@SNAPLINKS.MOZDEV.ORG.XPI
[2012.07.17 20:30:49 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.01 02:18:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2012.06.04 18:46:42 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011.03.23 22:47:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.23 22:47:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.03.23 22:47:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.23 22:47:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.23 22:47:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.23 22:47:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.11.27 01:20:37 | 000,358,536 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 12309 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HPPQVideo] "C:\Programme\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml -o remindLater File not found
O4 - HKLM..\Run: [HPUsageTracking] C:\Programme\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000..\Run: [Facebook Update] C:\Users\MacSepp\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000..\Run: [MsgCenterExe] C:\Program Files\Real\RealPlayer\update\RealOneMessageCenter.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000..\Run: [Xmlkb] C:\Users\MacSepp\AppData\Roaming\modwmi\kbtor.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\MacSepp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk = C:\Programme\sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
O4 - Startup: C:\Users\MacSepp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk = C:\Programme\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108819
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open Link Target in Firefox - C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: View This Page in Firefox - C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E352AB00-63A5-48CF-A158-AE6EC085ACB4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\VAIO 08 img5 Wallpaper 1920x1080.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\VAIO 08 img5 Wallpaper 1920x1080.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.25 00:23:39 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\MacSepp\Desktop\OTL.exe
[2012.08.24 16:31:28 | 000,000,000 | ---D | C] -- C:\Users\MacSepp\AppData\Roaming\Malwarebytes
[2012.08.24 16:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.24 16:31:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.24 16:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.24 16:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.25 00:23:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\MacSepp\Desktop\OTL.exe
[2012.08.24 23:59:46 | 000,011,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.24 23:59:46 | 000,011,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.24 23:56:16 | 000,618,227 | ---- | M] () -- C:\Users\MacSepp\Desktop\adwcleaner.exe
[2012.08.24 23:53:18 | 000,001,549 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk
[2012.08.24 23:51:57 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.24 23:50:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.24 23:50:44 | 2389,983,232 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.24 23:50:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.24 21:39:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3472092657-621045899-3219247329-1000UA.job
[2012.08.24 21:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3472092657-621045899-3219247329-1000Core.job
[2012.08.24 16:31:19 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.29 15:48:05 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.29 15:48:05 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.29 15:48:05 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.29 15:48:05 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.29 14:50:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
 
========== Files Created - No Company Name ==========
 
[2012.08.24 23:56:08 | 000,618,227 | ---- | C] () -- C:\Users\MacSepp\Desktop\adwcleaner.exe
[2012.08.24 16:31:19 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.24 15:34:39 | 000,013,312 | ---- | C] () -- C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\U\80000000.@
[2012.08.01 18:42:09 | 000,001,712 | ---- | C] () -- C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\U\00000001.@
[2012.01.10 21:34:15 | 000,002,048 | -HS- | C] () -- C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\@
[2011.09.05 15:34:30 | 000,000,905 | ---- | C] () -- C:\Users\MacSepp\.recently-used.xbel
[2011.07.04 20:49:38 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011.04.12 21:35:20 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.03.13 16:04:15 | 000,000,097 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.03.05 19:51:32 | 000,013,824 | ---- | C] () -- C:\Users\MacSepp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.04 21:49:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.17 17:18:14 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.10.06 23:45:27 | 000,000,000 | ---- | C] () -- C:\Users\MacSepp\AppData\Roaming\wklnhst.dat
 
========== LOP Check ==========
 
[2009.11.27 01:03:24 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Ashampoo
[2011.02.14 20:41:21 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\CheckPoint
[2012.04.02 01:23:21 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2010.05.27 23:08:39 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\GARMIN
[2010.06.22 23:23:09 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\GeoSetter
[2011.02.17 00:19:22 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\GHISLER
[2010.02.14 00:43:17 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\GMX
[2012.02.22 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\GRASS6
[2011.06.29 23:00:22 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\gtk-2.0
[2009.11.17 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\InterVideo
[2011.02.15 22:48:35 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\IrfanView
[2009.11.17 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Leadertech
[2012.03.01 01:55:20 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\modwmi
[2011.12.23 23:10:53 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Nokia
[2011.05.17 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Nokia Ovi Suite
[2011.11.07 00:40:11 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Nokia Suite
[2009.11.27 00:06:08 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Panasonic
[2011.02.28 22:32:30 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\PC Suite
[2009.11.27 01:24:13 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\ProtectDisc
[2009.12.14 20:11:58 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Thunderbird
[2010.02.27 03:02:16 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\TuneUp Software
[2012.08.24 21:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3472092657-621045899-3219247329-1000Core.job
[2012.08.24 21:39:01 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3472092657-621045899-3219247329-1000UA.job
[2012.05.17 23:23:39 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.02 01:22:09 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Adobe
[2010.11.17 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Apple Computer
[2010.05.01 20:26:23 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\ArcSoft
[2009.11.27 01:03:24 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Ashampoo
[2009.11.17 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\ATI
[2011.10.13 17:10:07 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Avira
[2011.02.14 20:41:21 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\CheckPoint
[2012.04.02 01:23:21 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2011.04.12 21:35:38 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Corel
[2010.07.07 00:08:46 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\DivX
[2010.05.27 23:08:39 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\GARMIN
[2010.06.22 23:23:09 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\GeoSetter
[2011.02.17 00:19:22 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\GHISLER
[2010.02.14 00:43:17 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\GMX
[2009.11.17 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Google
[2012.02.22 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\GRASS6
[2011.06.29 23:00:22 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\gtk-2.0
[2009.11.17 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Hewlett-Packard
[2009.11.17 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\HP
[2012.06.04 18:38:08 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\HpUpdate
[2009.11.17 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Identities
[2009.11.17 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\InstallShield
[2009.11.17 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Intel
[2009.11.17 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\InterVideo
[2011.02.15 22:48:35 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\IrfanView
[2009.11.17 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Leadertech
[2010.11.14 16:45:38 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Logishrd
[2010.11.14 17:33:58 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Logitech
[2009.11.17 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Macromedia
[2012.08.24 16:31:28 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Malwarebytes
[2009.07.14 09:48:18 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Media Center Programs
[2011.09.14 18:25:54 | 000,000,000 | --SD | M] -- C:\Users\MacSepp\AppData\Roaming\Microsoft
[2012.03.01 01:55:20 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\modwmi
[2009.11.17 16:49:21 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Mozilla
[2011.12.23 23:10:53 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Nokia
[2011.05.17 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Nokia Ovi Suite
[2011.11.07 00:40:11 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Nokia Suite
[2009.11.27 00:06:08 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Panasonic
[2011.02.28 22:32:30 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\PC Suite
[2009.11.27 01:24:13 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\ProtectDisc
[2012.06.04 18:47:21 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Real
[2009.11.25 01:15:30 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Roxio
[2009.11.17 17:46:34 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Roxio Log Files
[2012.06.16 00:39:55 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Skype
[2011.07.13 22:15:52 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\skypePM
[2009.11.25 00:51:14 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Sony Corporation
[2009.11.17 16:49:30 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Talkback
[2009.12.14 20:11:58 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\Thunderbird
[2010.02.27 03:02:16 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\TuneUp Software
 
< %APPDATA%\*.exe /s >
[2012.05.12 06:00:56 | 004,853,770 | ---- | M] (Phil Harvey) -- C:\Users\MacSepp\AppData\Roaming\GeoSetter\tools\exiftool.exe
[2012.04.02 01:22:04 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MacSepp\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.04.02 01:22:02 | 014,852,504 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MacSepp\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2009.11.17 17:37:45 | 000,010,134 | R--- | M] () -- C:\Users\MacSepp\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
[2010.11.14 17:33:33 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\MacSepp\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2009.11.17 17:28:44 | 000,010,134 | R--- | M] () -- C:\Users\MacSepp\AppData\Roaming\Microsoft\Installer\{51CBB909-7A5D-1B81-2F79-219231F0C7A6}\ARPPRODUCTICON.exe
[2011.12.23 20:29:11 | 000,053,248 | R--- | M] (Flexera Software, Inc.) -- C:\Users\MacSepp\AppData\Roaming\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\ARPPRODUCTICON.exe
[2011.12.23 20:29:11 | 000,049,152 | R--- | M] (Flexera Software, Inc.) -- C:\Users\MacSepp\AppData\Roaming\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
[2011.12.23 20:29:11 | 000,073,728 | R--- | M] (Flexera Software, Inc.) -- C:\Users\MacSepp\AppData\Roaming\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
[2011.12.23 20:29:11 | 000,073,728 | R--- | M] (Flexera Software, Inc.) -- C:\Users\MacSepp\AppData\Roaming\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
[2011.12.23 20:29:11 | 000,049,152 | R--- | M] (Flexera Software, Inc.) -- C:\Users\MacSepp\AppData\Roaming\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
[2012.03.01 01:55:20 | 000,000,000 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\modwmi\kbtor.exe
[2004.08.18 13:39:30 | 000,036,864 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\IEMenu.exe
[2010.09.01 16:52:56 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\extensions\nostmp\content\getPlusPlus_Adobe_reg.exe
[2010.07.09 10:42:45 | 069,222,840 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
[2010.03.24 01:14:23 | 000,738,824 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MacSepp\AppData\Roaming\Real\RealPlayer\setup\AU_setup20100217.exe
[2010.08.29 13:37:37 | 000,497,160 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MacSepp\AppData\Roaming\Real\RealPlayer\setup\AU_setup20100730.exe
[2011.02.16 21:24:56 | 000,514,216 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MacSepp\AppData\Roaming\Real\RealPlayer\setup\AU_setup20101108.exe
[2011.11.01 23:26:23 | 000,574,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MacSepp\AppData\Roaming\Real\RealPlayer\setup\AU_setup20110526.exe
[2010.01.26 15:05:33 | 000,402,952 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MacSepp\AppData\Roaming\Real\RealPlayer\setup\AU_setup9.exe
[2010.03.15 18:25:01 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MacSepp\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2010.12.06 20:06:19 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MacSepp\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2012.05.21 18:37:12 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MacSepp\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe
[2012.05.21 21:37:43 | 028,087,744 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MacSepp\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_data\RealPlayer_de.exe
[2012.05.21 21:37:16 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MacSepp\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_2d2ec4fd9937ddb4\iaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_950dad68cf8acc20\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.08.26 09:45:14 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2011.04.06 16:47:04 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.04.06 16:47:04 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
 
< %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* >
[2009.11.25 01:26:24 | 000,001,302 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk
[2012.07.11 18:51:19 | 000,000,174 | -HS- | M] () -- C:\Users\MacSepp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2012.08.24 23:53:18 | 000,001,549 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk
 
< %APPDATA%\*AcroIEH*.* >
 
< %APPDATA%\*.exe >
 
< %APPDATA%\*.tmp >
 
<          >

< End of report >
--- --- ---

MacSepp 25.08.2012 00:28
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 25.08.2012 00:27:11 - Run 1
OTL by OldTimer - Version 3.2.58.1    Folder = C:\Users\MacSepp\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,91% Memory free
5,93 Gb Paging File | 4,47 Gb Available in Paging File | 75,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,24 Gb Total Space | 71,11 Gb Free Space | 25,20% Space Free | Partition Type: NTFS
Drive D: | 170,62 Gb Total Space | 138,54 Gb Free Space | 81,20% Space Free | Partition Type: NTFS
 
Computer Name: GONDWANA2 | User Name: MacSepp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3472092657-621045899-3219247329-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0819AA3B-BA6D-4D90-8F52-88B95D8302FD}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{0A34F1A6-6A61-41B3-90FC-2EA673B13778}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BDD0693-01D9-4BF4-95FA-241F9DC307DF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{100EA185-27BA-4565-BF0A-26EAE9437612}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{11F9D178-C0A6-42C7-AC3B-BB80E057EDEB}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{173876CF-EDEA-4E64-B44E-E2AC3A91137A}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{1F1CC733-A6F1-40AC-86E4-17D9CFD33473}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{20791A4E-8C66-44CA-A767-A3AF1FF7C1B4}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{2E38C7B0-40EF-49C5-86E3-2FC8E2089DBD}" = dir=in | app=c:\programme\hp\digital imaging\bin\hpqpse.exe |
"{3573D855-5C32-4338-87B3-461DB5D02FE5}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{371F509E-821A-447A-851D-B475D644F292}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{37C54180-FDA4-4AF2-9247-426F3F96787B}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{3FC1AADC-7F06-44EC-B5C6-D0A5A1A0C43B}" = dir=in | app=c:\programme\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{46B2E70D-FDCB-4304-94DE-78BF22CBA2CD}" = dir=in | app=c:\programme\hp\digital imaging\bin\hpqpsapp.exe |
"{4D50FA50-7983-4BEE-A1E3-1ADD56AEBF74}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{50A920F9-7593-40A2-8580-8E91C94F683E}" = dir=in | app=c:\programme\hp\digital imaging\bin\hpqsudi.exe |
"{5227C8E8-8BA3-4DED-82F9-E850298A7468}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{52F397C5-C32A-4A76-ACDB-D4178105EE7B}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{553CA5A8-E1DB-48EB-933D-091A584F2E25}" = dir=in | app=c:\users\macsepp\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{58F90055-286B-4FA8-8C0D-9E93667BF626}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{653C2CF8-084E-4E15-9434-F9429EDE93AE}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{68493AA2-35D0-46E1-8477-F659486513F8}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{6F90ECEF-4958-4B1F-B0EF-EB8DCB9B3719}" = dir=in | app=c:\programme\hp\digital imaging\bin\hpqusgh.exe |
"{7C0D0B69-418A-4D92-AE80-748A6E810B3C}" = dir=in | app=c:\programme\hp\digital imaging\bin\hpqusgm.exe |
"{7C923B19-15DF-49D3-9D0B-D910F6568996}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{839EA8F9-73DB-48FA-ACB5-DE669E471074}" = dir=in | app=c:\programme\hp\hp software update\hpwucli.exe |
"{84264338-343E-4B2F-9E64-6C3B2C56318A}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{84D0727E-0634-4F2E-9B3C-6B29E982EB3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{858A7AE0-8D5E-471D-81D9-7716828E507B}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{8AE7B24B-10C5-4057-BF33-67143B78A992}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{997B6FEE-2FC8-4DA1-82D3-53D2945D3978}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A73DF42-C6C3-4614-A063-FCEBBBD385A3}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{9BE8EE39-3B07-400A-A04B-A96D22430496}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{9FB47C47-A630-46CD-81E2-7065F3354F82}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{A566EFCB-A3B7-4EB1-859B-82D3977804D4}" = protocol=17 | dir=in | app=c:\program files\dm\dm fotowelt\dm fotowelt.exe |
"{AA577D35-ADE4-49E5-A602-06F327DF04EA}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{ADC9156E-7B41-4722-A482-EE3236AD2CD2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C3625A76-6909-4324-863A-C0F381EE1BE6}" = protocol=6 | dir=in | app=c:\program files\dm\dm fotowelt\dm fotowelt.exe |
"{CC83DC54-7710-4CF0-B1D7-0C4EF016D145}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{CDCFF050-BBE3-4FE5-9B91-29FDD21C8A9C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{CEA172AB-BB7E-4272-8CED-6DF5FADC91E5}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{DAC230B0-B359-4D91-AA51-D11AB7DA0CE1}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{DDF0C431-83BD-471C-9DE4-D070A0BF7E04}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{E9813D02-B40C-4C36-AA1F-D6938C5029BD}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{ECFF119F-F7FF-4686-9CDA-EE9F5C8C7C06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F5DC8086-C46D-4E83-BF72-075F62795F98}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{FB6F4D92-FF39-43F8-B24C-57EEB91A4FA5}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{FC17C816-2D9F-4B59-86E2-886FB3C9A09D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FDD7BEB3-B4F8-4631-A67D-3B988030C6E2}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{3AD1F4AF-FED0-4BCC-BE87-78B4DB4AA59C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{5C4183E3-0BB4-48AA-AB4D-E91C7B75909D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{ADE12E82-9184-41A1-ADE0-4EF7D22B0531}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{B92DEB02-6647-4AE3-A160-A2DDD1CFE1EB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{DBB67A98-4CC6-472F-8C81-921BE2BEDA62}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{DD481355-0477-4F30-8993-8FACA90719D5}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{E0B047F0-8950-47E5-B224-8C820B0EE09C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E96C0208-B292-4158-85AF-74DB3112BEC1}D:\prüll\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=d:\prüll\diablo-iii-setup-dede.exe |
"TCP Query User{F6D5E516-2977-4478-9AF6-3332CD2ED0DC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F82EC7BF-F237-415B-8768-807016A59360}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{0A3250BF-CFDE-4047-A4DD-5B51AC8D1D2D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0E4DE218-6A30-4360-8313-2BEA05EC0438}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{328127D7-6DF7-4F60-BC95-6441050487D6}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{4861481A-331B-448E-8583-730D79DD29AE}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{504C017B-BF0F-4E69-86E8-4D4828054C96}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{72ED2D06-6E6C-4625-B741-4E0AB6B0951F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{88EABE54-9E54-46EC-AD43-637E31C6D021}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B6795A69-B1F0-4F48-BE1A-BEF3C896E331}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{C25991DE-A26A-4C1B-A513-05EACC5A748F}D:\prüll\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=d:\prüll\diablo-iii-setup-dede.exe |
"UDP Query User{F41B1958-7951-4DDF-BEDA-EB8F9F284E9C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{183372B8-A3C2-063B-5C9E-B5C3E09F7158}" = CCC Help Norwegian
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19B683DF-B562-4C0B-8AAA-2A92409D190A}" = Sony Home Network Library
"{1B47F7BA-7CF9-4F00-9340-099E3A004059}" = VAIO Update Merge Module x86
"{1C5D5D15-CABD-4C5A-A80E-B5C4CA6FE90A}" = hppTLBXFXCP1510
"{1D2DF848-BA1C-6D29-8DC6-A8EBC85B2128}" = CCC Help Thai
"{1F07C5EC-A79E-9A66-7BE8-352E18A21CC9}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{1F8C6532-34B4-4425-BB1B-0D6B617E94D3}" = HP Basic Color Match
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2176C142-DEE5-8AF0-9257-CA2E65368A52}" = CCC Help Finnish
"{223C0721-A6B0-4853-88C0-331029841734}" = HP Color LaserJet CP1510 Series 2.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{2595949B-F42D-4FBE-989D-870116DBB4B2}" = Abbott USB Data Cable
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27EA389E-B0D3-E606-A801-C397BC417B00}" = Catalyst Control Center Graphics Previews Common
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{32DD0B80-68A4-2BAD-6D43-D2A6A7732AA2}" = CCC Help Hungarian
"{33017152-D6EA-46DD-93E0-7D2679CCBB51}" = Corel WinDVD
"{33F55462-96AF-0D67-AAF3-5ACBDE186FF7}" = CCC Help Dutch
"{359391F9-1A4D-A988-D62D-0F33C59AFDF6}" = CCC Help English
"{36BDB1C2-CC66-41EB-B7DD-76339A7BB046}" = VAIO Edit Components
"{36FBD8D7-CEFC-2BFD-9E50-CDEA040D5F47}" = CCC Help Swedish
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{391780BF-4092-402F-8276-E543008D409B}" = CoPilot Health Management System
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7C4990-D713-E889-63E7-214D35B55B18}" = Catalyst Control Center Graphics Previews Vista
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{484D0DD1-57D3-4AE5-8B5A-40232C83B674}" = VAIO Entertainment Platform
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C5FC19D-AE05-3F78-4336-90116C43400E}" = CCC Help French
"{4E64FCCA-AE91-609C-6646-3BA7B2542C17}" = CCC Help Russian
"{4F29AF49-2F30-4E33-416B-E373ACE30B03}" = Catalyst Control Center Core Implementation
"{51CBB909-7A5D-1B81-2F79-219231F0C7A6}" = Catalyst Control Center InstallProxy
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{547FD64B-98D9-1D8F-9001-BE027E3A7BD8}" = Catalyst Control Center InstallProxy
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5CCB5E3A-8FA6-E1B8-082E-507493C836CD}" = Catalyst Control Center Localization All
"{5D9F5605-4B95-A700-B10E-FC5DBE052D18}" = CCC Help Italian
"{5E894531-91FB-4B76-AA0F-49E0E1F357D6}" = hppPQVideoCP1510
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{641FE800-650B-4E99-A304-9D50E7235BAF}" = Topo Deutschland v2
"{64FD4D83-085A-49D0-905A-F06057B73DA3}" = hppCLJCP1510
"{653C3AFC-E8BB-E745-DEE8-A9EA8ED5D432}" = CCC Help Greek
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}" = Garmin WebUpdater
"{6CCAF3C8-8B77-3601-6E9C-E85E9444B0E6}" = CCC Help Chinese Traditional
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7ADCEEA0-AC82-4360-AD6B-CCF01B66F9DB}" = hppusgCP1510
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Funktion Einstellungen
"{7C8744A5-DED2-028E-C0B7-42AAA764E806}" = CCC Help Korean
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CF4115F-8947-2E35-718E-9AE7907FDD34}" = Catalyst Control Center Graphics Full New
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889D48DA-457F-4C8B-9095-6458F2793B12}" = Nokia Software Updater
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B1CF7D7-9D45-6FB7-8B8A-72E804B74ACD}" = CCC Help Danish
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{96AE9B73-23A5-3781-07EE-D873CDF1935A}" = CCC Help Polish
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{97F52122-E41C-C805-3981-E8686E073978}" = CCC Help Chinese Standard
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99804FF5-11AC-4FC9-B66B-72E9A6B386BC}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A82C622C-22E2-409E-7113-EB749DEBC9F7}" = CCC Help Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA66EAEF-E6F9-BB8A-1463-72BE38F70856}" = CCC Help Japanese
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEF0D6B2-1087-3D96-624F-B83A5EBD175D}" = Catalyst Control Center Graphics Full Existing
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1991F22-4F93-4D11-9866-A7DFE551DF9E}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.6
"{B932A416-28A7-4D08-89A6-7A0464DAD37D}" = hpzTLBXFX
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C59587F6-A0BC-40A7-AFE9-E7E368FDB742}" = HP Print View Software
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D17D6E7A-DF1E-41E9-B8C2-0078110221A3}" = VAIO Update Merge Module x86
"{D2004393-13BB-E18E-B1BF-19D758AFCD8D}" = CCC Help Spanish
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Intel(R) PROSet/Wireless WiFi-Software
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DD21CAA4-C666-656A-0717-064BFCB850A9}" = ccc-utility
"{DDAF9A24-31F2-998B-79F3-F02580284D50}" = CCC Help Turkish
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E492D84D-F8CB-48C7-A78C-D62537D5AE46}" = GMX SMS-Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9DC3DE6-B510-FF40-F696-CFA52F9916FE}" = CCC Help German
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED5BDA06-0D68-4B4C-93FE-50BE94ADA6E9}" = hppManualsCP1510
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29F2FAC-3F7E-4302-689C-C6579A19B3FC}" = CCC Help Czech
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F50D41C8-AC24-3FCD-D3AB-10C2D7CBDFB8}" = Catalyst Control Center Graphics Light
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F88A7EB0-90F4-4012-9194-33AF2F1C5BF1}" = VAIO Movie Story 1.5 Upgrade
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Ashampoo Music Studio 2009_is1" = Ashampoo Music Studio 2009
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.unitedinternet.ums.sms-mms-manager" = GMX SMS-Manager
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Diablo III" = Diablo III
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dm Fotowelt" = dm Fotowelt
"dm-Fotowelt" = dm-Fotowelt
"dt icon module" =
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Geo" = Lexikon der Geowissenschaften
"GeoSetter_is1" = GeoSetter 3.4.16
"GMX ProfiFax" = GMX ProfiFax
"GMX SMS-Manager" = GMX SMS-Manager
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Marketing Resources" = HP Print View Software
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"InstallShield_{2595949B-F42D-4FBE-989D-870116DBB4B2}" = Abbott USB Data Cable
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"IrfanView" = IrfanView (remove only)
"Lexikon der Geographie" = Lexikon der Geographie
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"ProInst" = Intel PROSet Wireless
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"Quantum GIS Wroclaw" = Quantum GIS Wroclaw 1.7.4 Wroclaw
"RealPlayer 15.0" = RealPlayer
"SP6" = Logitech SetPoint 6.15
"TuneUp Utilities" = TuneUp Utilities
"VAIO Help and Support" =
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3472092657-621045899-3219247329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.08.2012 09:33:59 | Computer Name = gondwana2 | Source = WinMgmt | ID = 10
Description =
 
Error - 24.08.2012 09:35:08 | Computer Name = gondwana2 | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 24.08.2012 10:00:42 | Computer Name = gondwana2 | Source = WinMgmt | ID = 10
Description =
 
Error - 24.08.2012 10:02:23 | Computer Name = gondwana2 | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 24.08.2012 11:03:03 | Computer Name = gondwana2 | Source = WinMgmt | ID = 10
Description =
 
Error - 24.08.2012 11:04:26 | Computer Name = gondwana2 | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 24.08.2012 16:31:45 | Computer Name = gondwana2 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia
 PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.08.2012 16:33:06 | Computer Name = gondwana2 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\windows
 live\messenger\wlcsdk.exe".  Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.08.2012 17:51:19 | Computer Name = gondwana2 | Source = WinMgmt | ID = 10
Description =
 
Error - 24.08.2012 17:52:43 | Computer Name = gondwana2 | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
[ OSession Events ]
Error - 06.01.2010 07:13:49 | Computer Name = gondwana2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 06.01.2010 07:46:56 | Computer Name = gondwana2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.01.2010 15:40:40 | Computer Name = gondwana2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.03.2010 14:33:50 | Computer Name = gondwana2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1464
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.02.2011 13:49:29 | Computer Name = gondwana2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.02.2011 14:20:14 | Computer Name = gondwana2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.04.2011 09:11:44 | Computer Name = gondwana2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 4080
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.08.2011 17:44:44 | Computer Name = gondwana2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7145
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 13.12.2011 18:44:10 | Computer Name = gondwana2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3982
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 26.02.2012 18:48:51 | Computer Name = gondwana2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1954
 seconds with 540 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 24.08.2012 09:45:14 | Computer Name = gondwana2 | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
 initialisieren.
 
Error - 24.08.2012 10:00:20 | Computer Name = gondwana2 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 24.08.2012 10:00:30 | Computer Name = gondwana2 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
Error - 24.08.2012 10:02:18 | Computer Name = gondwana2 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.
 
Error - 24.08.2012 11:02:31 | Computer Name = gondwana2 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 24.08.2012 11:02:37 | Computer Name = gondwana2 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
Error - 24.08.2012 11:04:20 | Computer Name = gondwana2 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.
 
Error - 24.08.2012 17:50:53 | Computer Name = gondwana2 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 24.08.2012 17:50:57 | Computer Name = gondwana2 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
Error - 24.08.2012 17:52:41 | Computer Name = gondwana2 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.
 
[ TuneUp Events ]
Error - 24.11.2010 16:17:52 | Computer Name = gondwana2 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
 
< End of report >
--- --- ---

t'john 25.08.2012 15:35
Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
IE - HKLM\..\SearchScopes\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}: "URL" = http://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYS_de
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7SNYS_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\SearchScopes\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}: "URL" = http://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\SearchScopes\{B8C7A1C1-F7DA-4E26-B217-07C9D115A010}: "URL" = http://www.bing.com/search?FORM=ASHTDF&PC=ASHTDF&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=ASHTDF&PC=ASHTDF&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.spiegel.de/|http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
 
O3 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000..\Run: [Xmlkb] C:\Users\MacSepp\AppData\Roaming\modwmi\kbtor.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\MacSepp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk = C:\Programme\sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
O4 - Startup: C:\Users\MacSepp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk = C:\Programme\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3472092657-621045899-3219247329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108819
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

[2012.03.01 01:55:20 | 000,000,000 | ---D | M] -- C:\Users\MacSepp\AppData\Roaming\modwmi
[2012.03.01 01:55:20 | 000,000,000 | ---- | M] () -- C:\Users\MacSepp\AppData\Roaming\modwmi\kbtor.exe
 
[2012.08.24 15:34:39 | 000,013,312 | ---- | C] () -- C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\U\80000000.@
[2012.08.01 18:42:09 | 000,001,712 | ---- | C] () -- C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\U\00000001.@
[2012.01.10 21:34:15 | 000,002,048 | -HS- | C] () -- C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\@

[2010.01.04 21:49:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

:Files
C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\
C:\Users\MacSepp\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\MacSepp\AppData\Local\Temp\*.exe
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

MacSepp 25.08.2012 16:19
Hier das Logfile:


All processes killed
========== OTL ==========
Service SBSDWSCService stopped successfully!
Service SBSDWSCService deleted successfully!
File C:\Program Files\Spybot not found.
Service nosGetPlusHelper stopped successfully!
Service nosGetPlusHelper deleted successfully!
File C:\Program Files\NOS\bin\getPlus_Helper_3004.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Internet Explorer\SearchScopes\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}\ not found.
Registry key HKEY_USERS\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B8C7A1C1-F7DA-4E26-B217-07C9D115A010}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8C7A1C1-F7DA-4E26-B217-07C9D115A010}\ not found.
HKU\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Bing" removed from browser.search.defaultenginename
Prefs.js: "hxxp://www.bing.com/search?FORM=ASHTDF&PC=ASHTDF&q=" removed from browser.search.defaulturl
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.spiegel.de/|hxxp://www.facebook.com/" removed from browser.startup.homepage
Prefs.js: chromifox@altmusictv.com:3.6.5 removed from extensions.enabledItems
Prefs.js: cfxe@Triton:3.6.5 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Programme\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3472092657-621045899-3219247329-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Xmlkb deleted successfully.
C:\Users\MacSepp\AppData\Roaming\modwmi\kbtor.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
C:\Users\MacSepp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk moved successfully.
C:\Programme\sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe moved successfully.
C:\Users\MacSepp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk moved successfully.
C:\Programme\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3472092657-621045899-3219247329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3472092657-621045899-3219247329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\MacSepp\AppData\Roaming\modwmi folder moved successfully.
File C:\Users\MacSepp\AppData\Roaming\modwmi\kbtor.exe not found.
C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\U\80000000.@ moved successfully.
C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\U\00000001.@ moved successfully.
C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\@ moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
========== FILES ==========
C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\U folder moved successfully.
C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\L folder moved successfully.
C:\Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725} folder moved successfully.
File\Folder C:\Users\MacSepp\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
C:\Users\MacSepp\AppData\Local\Temp\InstallFlashPlayer.exe moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-11c6ee9d-n folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\MacSepp\Desktop\cmd.bat deleted successfully.
C:\Users\MacSepp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MacSepp
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3789329294 bytes
->FireFox cache emptied: 112855682 bytes
->Flash cache emptied: 14961261 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1325154 bytes
RecycleBin emptied: 7500421403 bytes

Total Files Cleaned = 10.890,00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08252012_171130

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

t'john 25.08.2012 19:14
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

MacSepp 26.08.2012 10:09
Moin,

der Rechner läuft soweit ganz gut. Mir fallen keine Unregelmäßigkeiten bzgl. Geschwindigkeit etc. auf. AVIRA hat sich seit dem Fix auch nicht mehr gemeldet. Ich lasse jetzt den Vollscan durchführen und melde mich später wieder mit den Ergebnissen.

Bis dahin nochmals Danke für die Hilfe

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.26.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MacSepp :: GONDWANA2 [Administrator]

26.08.2012 11:05:45
mbam-log-2012-08-26 (11-05-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 436570
Laufzeit: 4 Stunde(n), 20 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)




# AdwCleaner v1.801 - Logfile created 08/26/2012 at 15:47:05
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : MacSepp - GONDWANA2
# Boot Mode : Normal
# Running from : C:\Users\MacSepp\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\MacSepp\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1219 octets] - [24/08/2012 23:56:42]
AdwCleaner[R2].txt - [1150 octets] - [26/08/2012 15:47:05]

########## EOF - C:\AdwCleaner[R2].txt - [1278 octets] ##########

Merkwürdig finde ich, dass auf einmal AVIRA sich meldet:
In der Datei
'C:\_OTL\MovedFiles\...\34bb0aba-434896a3' wurde ein Virus oder unerwünschtes Programm 'JAVA\Dldr.Lamar.DN' gefunden.

Was soll ich machen?

t'john 27.08.2012 00:31
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

MacSepp 27.08.2012 18:59
So ich habe nun beide Schritte durchgeführt. Bleibt aber noch die Frage, wie ich nach dem Detail Scan fortfahren soll? Soll ich auf "Ausgewähltes in Quarantäne" (es wurden ja 2 suspekte Objekte gefunden: s.u.) oder auf "Weiter" klicken?



# AdwCleaner v1.801 - Logfile created 08/27/2012 at 17:34:28
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : MacSepp - GONDWANA2
# Boot Mode : Normal
# Running from : C:\Users\MacSepp\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\MacSepp\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\prefs.js

C:\Users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1219 octets] - [24/08/2012 23:56:42]
AdwCleaner[R2].txt - [1279 octets] - [26/08/2012 15:47:05]
AdwCleaner[S1].txt - [1320 octets] - [27/08/2012 17:34:28]

########## EOF - C:\AdwCleaner[S1].txt - [1448 octets] ##########







Emsisoft Anti-Malware - Version 6.6
Letztes Update: 27.08.2012 17:45:44

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 27.08.2012 17:46:59

C:\_OTL\MovedFiles\08252012_171130\C_Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\U\00000001.@ gefunden: Trojan.Crypt.EFC!E2
C:\_OTL\MovedFiles\08252012_171130\C_Users\MacSepp\AppData\Local\{f152da06-61e9-fc82-c61b-1378e3f16725}\U\80000000.@ gefunden: Trojan.Win32.Sirefef.AMN!E1

Gescannt 685392
Gefunden 2

Scan Ende: 27.08.2012 19:52:51
Scan Zeit: 2:05:52

Ich habe die 2 suspekten Objekte in Quarantäne geschoben. Wie ist denn das weitere Vorgehen mit diesen Dateien? Avira ploppt anscheinend immer dann auf, wenn ein neuer Scan die bereits in der Quarantäne eines anderen Programms befindlichen Dateien mitscannt.

t'john 28.08.2012 15:29
Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)


Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.


  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.


  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.


  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.


  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

MacSepp 28.08.2012 17:05
Combofix Logfile:
Code:
ComboFix 12-08-28.01 - MacSepp 28.08.2012  18:20:30.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3039.1897 [GMT 2:00]
ausgeführt von:: c:\users\MacSepp\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\programdata\Roaming
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\vjocx.dll
c:\windows\system32\Thumbs.db
D:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vvdsvc
-------\Service_vvdsvc
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-28 bis 2012-08-28  ))))))))))))))))))))))))))))))
.
.
2012-08-28 16:33 . 2012-08-28 16:39        --------        d-----w-        c:\users\MacSepp\AppData\Local\temp
2012-08-27 15:43 . 2012-08-27 21:30        --------        d-----w-        c:\program files\Emsisoft Anti-Malware
2012-08-26 13:57 . 2012-08-01 22:51        7023536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{04898BDF-8FA6-421F-ABEC-4282BF6AB049}\mpengine.dll
2012-08-25 15:11 . 2012-08-25 15:11        --------        d-----w-        C:\_OTL
2012-08-24 14:31 . 2012-08-24 14:31        --------        d-----w-        c:\users\MacSepp\AppData\Roaming\Malwarebytes
2012-08-24 14:31 . 2012-08-24 14:31        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-08-24 14:31 . 2012-08-24 14:31        --------        d-----w-        c:\programdata\Malwarebytes
2012-08-24 14:31 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 15:32 . 2012-03-29 21:20        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-27 15:32 . 2011-05-13 16:39        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 14:04 . 2012-06-25 14:04        1394248        ----a-w-        c:\windows\system32\msxml4.dll
2012-06-12 02:40 . 2012-07-11 16:35        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-11 16:33        1390080        ----a-w-        c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 16:33        1236992        ----a-w-        c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 16:33        805376        ----a-w-        c:\windows\system32\cdosys.dll
2012-06-04 16:46 . 2003-03-18 18:14        499712        ----a-w-        c:\windows\system32\msvcp71.dll
2012-06-04 16:46 . 2003-02-21 01:42        348160        ----a-w-        c:\windows\system32\msvcr71.dll
2012-06-02 22:19 . 2012-06-23 17:55        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 17:55        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 17:54        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 17:54        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 17:55        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 17:55        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 17:54        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 17:54        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-23 17:54        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-11 16:42        1800192        ----a-w-        c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 16:42        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 16:42        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 16:42        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 16:42        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-11 16:33        67440        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 16:33        134000        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 16:33        369336        ----a-w-        c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 16:33        225280        ----a-w-        c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 16:33        219136        ----a-w-        c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2009-10-03 17:50        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-07-17 18:30 . 2011-03-23 20:47        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2009-08-10 284592]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Facebook Update"="c:\users\MacSepp\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-30 122880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-21 7596576]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-08-21 1833504]
"HPUsageTracking"="c:\programme\HP\HP UT\bin\hppusg.exe" [2007-05-08 36864]
"ToolBoxFX"="c:\programme\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-08-28 53248]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2009-07-15 1101824]
"hpqSRMon"="c:\programme\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1206544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-24 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2012-07-30 3408288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29        64592        ----a-w-        c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-08-04 07:58        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"GMX SMS-Manager"=c:\program files\GMX\GMX SMS-Manager\SMSMngr.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Facebook Update"="c:\users\MacSepp\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"MsgCenterExe"="c:\program files\Real\RealPlayer\update\RealOneMessageCenter.exe"  -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"HP Software Update"=c:\programme\HP\HP Software Update\HPWuSchd2.exe
"MarketingTools"=c:\program files\Sony\Marketing Tools\MarketingTools.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [x]
R3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk
*Deregistered* - mfebopk
*Deregistered* - mfesmfk
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
vvdsvc        REG_MULTI_SZ          vvdsvc
nosGetPlusHelper        REG_MULTI_SZ          nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3472092657-621045899-3219247329-1000Core.job
- c:\users\MacSepp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 19:34]
.
2012-08-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3472092657-621045899-3219247329-1000UA.job
- c:\users\MacSepp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 19:34]
.
2012-08-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 23:35]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 21:19]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 21:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/webhp?rls=ig
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open Link Target in Firefox - file://c:\users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: View This Page in Firefox - file://c:\users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\MacSepp\AppData\Roaming\Mozilla\Firefox\Profiles\wwa16h71.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-HPPQVideo - c:\programme\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Geo - c:\windows\IsUn0407.exe
AddRemove-Lexikon der Geographie - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(7404)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-28  18:50:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-28 16:50
.
Vor Suchlauf: 14 Verzeichnis(se), 86.968.344.576 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 86.290.337.792 Bytes frei
.
- - End Of File - - 4A9C75C93E2205502C0B9C4E00A358FB
--- --- ---







Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
7-Zip 4.65
AAVUpdateManager
Abbott USB Data Cable
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 7.0
Adobe Premiere Elements 7.0
Adobe Premiere Elements 7.0 Templates
Adobe Reader X (10.1.3) - Deutsch
Alps Pointing-device for VAIO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft Software Suite
ArcSoft WebCam Companion 2
Ashampoo Burning Studio 2010
Ashampoo Music Studio 2009
ATI Catalyst Install Manager
Audiograbber 1.83 SE
Audiograbber Lame-MP3-Plugin
Avira Free Antivirus
Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
Bonjour
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Choice Guard
Compatibility Pack für 2007 Office System
CoPilot Health Management System
Corel WinDVD
CustomerResearchQFolder
CutePDF Writer 2.8
DeviceDiscovery
DeviceManagementQFolder
Diablo III
DivX-Setup
DivX Converter
DivX Plus DirectShow Filters
dm-Fotowelt
dm Fotowelt
Dolby Control Center
Einstellungen für VAIO-Inhaltsüberwachung
Emsisoft Anti-Malware
eReg
erLT
eSupportQFolder
Facebook Video Calling 1.2.0.159
Free M4a to MP3 Converter 6.2
Garmin Communicator Plugin
Garmin MapSource
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
GeoSetter 3.4.16
GIMP 2.6.7
GMX ProfiFax
GMX SMS-Manager
Google Earth
Google Update Helper
Google Updater
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hewlett-Packard ACLM.NET v1.1.0.0
HP Basic Color Match
HP Color LaserJet CP1510 Series 2.0
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 3.5
HP Print View Software
HP Product Assistant
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 9.0
HP Update
hppCLJCP1510
hppFonts
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
hppManualsCP1510
hppPQVideoCP1510
HPProductAssistant
hppTLBXFXCP1510
hppusgCP1510
HPSSupply
hpzTLBXFX
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi-Software
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Lexikon der Geographie
Lexikon der Geowissenschaften
Logitech SetPoint 6.15
Malwarebytes Anti-Malware Version 1.62.0.1300
MarketResearch
Me&My VAIO
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC100_CRT_SP1_x86
Mozilla Firefox 14.0.1 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 14.0 (x86 de)
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
Nokia Suite
OGA Notifier 2.0.0048.0
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
PC Connectivity Solution
Primo
Product_SF_Full_QFolder
Product_SF_Min_QFolder
Protect Disc License Helper 1.0.118
PSSWCORE
Quantum GIS Wroclaw 1.7.4 Wroclaw
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Runtime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Setting Utility Series
Skype™ 5.5
SmartSound Quicktracks for Premiere Elements
SmartWebPrinting
Software Info for Me&My VAIO
SolutionCenter
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Plugins
Sony Home Network Library
Spelling Dictionaries Support For Adobe Reader 9
Steuer-Spar-Erklärung 2010
Steuer-Spar-Erklärung 2011
Steuer-Spar-Erklärung 2012
Topo Deutschland v2
TrayApp
TuneUp Utilities
TuneUp Utilities Language Pack (de-DE)
Unterstützung für VAIO-Präsentation
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Settings
VAIO Content Metadata XML Interface Library
VAIO Content Monitoring Settings
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Edit Components
VAIO Edit Components 6.6
VAIO Energie Verwaltung
VAIO Entertainment Platform
VAIO Event Service
VAIO Launcher
VAIO Marketing Tools
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story 1.5 Upgrade
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO Original Function Settings
VAIO Original Funktion Einstellungen
VAIO Smart Network
VAIO Update
VAIO Update Merge Module x86
VAIO Wallpaper Contents
VC80CRTRedist - 8.0.50727.6195
VideoToolkit01
VU5x86
WebReg
WIDCOMM Bluetooth Software
Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.8)
Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live-Uploadtool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin






Darf ich eigentlich zwischenzeitlich die bereitgestellten Windows- und Firefox-Updates installieren?

t'john 29.08.2012 01:11
ja, kannst du.


Sehr gut! :daumenhoc



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

MacSepp 29.08.2012 19:13
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ad0abade2a345b4988f4c0582b619063
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-29 06:06:54
# local_time=2012-08-29 08:06:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 27736955 27736955 0 0
# compatibility_mode=5893 16776573 100 94 0 97886660 0 0
# compatibility_mode=8192 67108863 100 0 139 139 0 0
# compatibility_mode=9217 16776894 25 4 48535563 48535563 0 0
# scanned=257016
# found=1
# cleaned=1
# scan_time=8145
C:\_OTL\MovedFiles\08252012_171130\C_Users\MacSepp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\34bb0aba-434896a5 Java/Exploit.CVE-2012-1723.AB trojan (deleted - quarantined) 00000000000000000000000000000000 C

t'john 29.08.2012 22:01
Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 6 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

MacSepp 29.08.2012 22:33
Firefox 15.0 ist aktuell

Flash (11,4,402,265) ist aktuell.

Java (1,7,0,6) ist aktuell.

Adobe Reader 10,1,4,38 ist aktuell.

t'john 29.08.2012 23:16
Noch Probleme?

MacSepp 30.08.2012 05:50
Bislang nicht. Kann ich denn jetzt ganz normal wieder mit dem Rechner arbeiten? Kann eigentlich aus so was wie ein Drucker befallen sein. Frage daher, da ich diesen hin und wieder an einen anderen Rechner anschließe.

t'john 30.08.2012 18:56
Zitat:
Kann ich denn jetzt ganz normal wieder mit dem Rechner arbeiten?
ja

Zitat:
Kann eigentlich aus so was wie ein Drucker befallen sein. Frage daher, da ich diesen hin und wieder an einen anderen Rechner anschließe.
nein, keine Sorge.


Sehr gut! :daumenhoc

damit bist Du sauber und entlassen! :)

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?

MacSepp 02.09.2012 13:37
Ganz herzlichen Dank für die Hilfe und den tollen Service!! Das ist echt klasse!

So, jetzt habe ich die letzten Arbeitsschritte abgearbeitet und die Lektüre überflogen und teilweise bereits umgesetzt. Insgesamt habe ich aber nun doch noch abschließend ein paar Fragen:

- Ist so ein Programm wie TuneUp überhaupt sinnvoll? Ein paar Funktionen, die es anbietet, besitzt Windows ja eh, hätte ich aber so nie gefunden bzw. so einfach angewendet.

- Sollte man zusätzlich zur Antivieren Software auch hin und wieder Anti-Malware laufen lassen?

- Beim Firefox Addon "NoScript" werden zusätzlich zur eigentlich aufgerufenen Internetseite noch andere Sachen geblockt. Sollte man diese dann auf seriösen Seiten auch erlauben? Die Namen sagen mir nichts.

- Bei einem der Arbeitsschritte/Scans sollte ich auch meine USB-Sticks anschließen. Nun habe ich hier auch eine mobile Festplatte, die ich aber zu dem Zeitpunkt noch nicht vor Ort hatte. Ich deponiere sie bewusst mit der Absicherung an einem anderen Ort. Sie ist mindest ein 3/4 Jahr nicht mehr am Rechner gewesen. Muss ich diese auch noch scannen? Wenn ja, womit?

- Ähnliche Frage betrifft mein Smartphone, dessen Daten ich von Zeit zu Zeit auf dem Rechner sichere.

Über Auskünfte zu meinen Fragen würde ich mich noch sehr freuen.

Beste Grüße
MacSepp

t'john 05.09.2012 13:23
- Mit TuneUp machst du das System kaputt. Oft sind Nebeneffekte solcher Software, dass Dienste in Windows wie die Firewall einfach nicht mehr funktionieren. Finger weg.

- Schadet nicht.

- Ja, auf serioesen Seiten kann man es erlauben. Vor allem muss man sich dessen bewusst sein, dass so ein Plugin laeuft wenn auf der Seite etwas nicht funktioniert.

- Bei Gelegenheit mit einem Virenscanner. Das reicht.

- Smartphone ist eine Welt fuer sich, mit einem anderen Betriebssystem. Da was zu empfehlen ist schwierig.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131