ja aber da ist sie ja nicht, unter c ist nur eine verknüpfung/dateiordner von combofix (22mb), wenn man drauf klcikt kommt man in den arbeitsplatz
ja aber da ist sie ja nicht
Hallo johnson1,
dann mache bitte folgendes:
Scan mit SystemLook
Hiermit prüfe ich, ob für diese Infektion übliche Einträge noch vorhanden sind. Das Tool ändert nichts, wirft mir nur die nötigen Infos aus.
Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop (falls noch nicht vorhanden).
Download Mirror #1 - Download Mirror #2
User mit 64Bit-Windows-Versionen benutzen diese Version => http://jpshortstuff.247fixes.com/SystemLook_x64.exe
- Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista- und Windows 7-User unbedingt mit Rechtsklick und als Administrator starten.- Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code::dir C:\Combofix /s :filefind combofix.txt- Klicke nun auf den Button Look, um den Scan zu starten.
- Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
- Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
[°¿°] Ciao, Petra
Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke
voila
Code:SystemLook 30.07.11 by jpshortstuff Log created at 08:17 on 20/08/2012 by johnson Administrator - Elevation successful ========== dir ========== C:\Combofix - Parameters: "/s" ---Files--- 023.dat --a---- 55691 bytes [13:06 20/06/2012] [09:57 16/08/2012] 023v.dat --a---- 2181 bytes [19:07 26/11/2010] [19:07 26/11/2010] 023w7.dat --a---- 660 bytes [17:55 12/02/2010] [17:55 12/02/2010] ActiveDrv.vbs --a---- 690 bytes [18:12 10/02/2012] [18:12 10/02/2012] AppDataFile.cfx --a---- 200543 bytes [06:43 16/08/2012] [06:43 16/08/2012] AppDataFolder.cfx --a---- 28781 bytes [16:01 14/08/2012] [16:01 14/08/2012] appinit.bad --a---- 6760 bytes [00:00 31/08/2000] [00:00 31/08/2000] asp.str --a---- 602 bytes [15:09 13/07/2009] [15:09 13/07/2009] Assoc.cmd --a---- 4144 bytes [14:11 15/04/2010] [14:11 15/04/2010] ATTRIB.3XE -ra---- 18432 bytes [09:57 16/08/2012] [01:38 14/07/2009] Auto-RC.cmd --a---- 5194 bytes [20:38 19/07/2011] [20:38 19/07/2011] av.cmd --a---- 4638 bytes [10:56 07/06/2012] [10:56 07/06/2012] av.vbs --a---- 2933 bytes [15:02 15/12/2010] [15:02 15/12/2010] AWF.cmd --a---- 666 bytes [15:16 26/06/2011] [15:16 26/06/2011] badclsid --a---- 2924559 bytes [09:57 16/08/2012] [09:57 16/08/2012] BFE.dat --a---- 40960 bytes [09:27 03/01/2012] [09:27 03/01/2012] Boot-Rk.cmd --a---- 5277 bytes [09:14 19/11/2011] [09:14 19/11/2011] Boot.bat --a---- 8400 bytes [09:14 19/11/2011] [09:14 19/11/2011] BootDrv.vbs --a---- 875 bytes [08:55 27/07/2010] [08:55 27/07/2010] c.bat --a---- 64148 bytes [13:22 20/07/2012] [13:22 20/07/2012] c.mrk --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] Catch-sub.cmd --a---- 1080 bytes [08:45 21/10/2010] [08:45 21/10/2010] catchme.3XE -ra---- 147456 bytes [09:37 17/04/2009] [09:37 17/04/2009] CCS.bat --a---- 94 bytes [09:57 16/08/2012] [09:57 16/08/2012] CF-Script.cmd --a---- 31149 bytes [19:29 03/06/2012] [19:29 03/06/2012] CF16372.3XE -ra---- 345088 bytes [09:57 16/08/2012] [03:23 21/11/2010] CHCP.bat --a---- 19 bytes [09:57 16/08/2012] [09:57 16/08/2012] clsid.c --a---- 270555 bytes [06:44 16/08/2012] [06:44 16/08/2012] clsid.dat --a---- 720837 bytes [09:57 16/08/2012] [09:57 16/08/2012] clsid.hiv --a---- 5816320 bytes [09:57 16/08/2012] [09:57 16/08/2012] Combo-Fix.sys --a---- 1024 bytes [15:16 19/08/2010] [15:16 19/08/2010] Combobatch.bat --a---- 8216 bytes [11:38 30/10/2011] [11:38 30/10/2011] ComboFix-Download.3XE -ra---- 236032 bytes [00:00 31/08/2000] [00:00 31/08/2000] Create.cmd --a---- 19312 bytes [13:19 12/07/2011] [13:19 12/07/2011] Creg.dat --a---- 604260 bytes [06:42 16/08/2012] [06:42 16/08/2012] CregC.cmd --a---- 4564 bytes [17:03 01/09/2011] [17:03 01/09/2011] CregC.dat --a---- 472 bytes [09:21 17/04/2010] [09:21 17/04/2010] CregC_.dat --a---- 829 bytes [09:57 16/08/2012] [09:57 16/08/2012] CSCRIPT.3XE -ra---- 156160 bytes [09:57 16/08/2012] [01:39 14/07/2009] d-delA.dat --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] dd.3XE -ra---- 101376 bytes [09:52 06/06/2011] [09:52 06/06/2011] ddsDo.sed --a---- 7983 bytes [01:59 25/05/2009] [01:59 25/05/2009] DelClsid.bat --a---- 1948 bytes [11:25 07/05/2011] [11:25 07/05/2011] DelClsid64.bat --a---- 1957 bytes [11:25 07/05/2011] [11:25 07/05/2011] desktop.ini --a---- 113 bytes [09:57 16/08/2012] [09:57 16/08/2012] DesktopFile.cfx --a---- 18772 bytes [19:38 14/08/2012] [19:38 14/08/2012] DisclaimED.dat --a---- 6 bytes [09:57 16/08/2012] [09:57 16/08/2012] DPF.str --a---- 746 bytes [00:00 31/08/2000] [00:00 31/08/2000] DrvRun.vbs --a---- 650 bytes [18:44 18/04/2010] [18:44 18/04/2010] dumphive.3XE -ra---- 51200 bytes [00:00 31/08/2000] [00:00 31/08/2000] embedded.sed --a---- 303 bytes [00:00 31/08/2000] [00:00 31/08/2000] ERDNT.e_e --a---- 163328 bytes [12:02 20/10/2005] [12:02 20/10/2005] ERDNTDOS.LOC --a---- 2815 bytes [00:00 31/08/2000] [00:00 31/08/2000] ERDNTWIN.LOC --a---- 3275 bytes [00:00 31/08/2000] [00:00 31/08/2000] ERUNT.3XE -ra---- 394752 bytes [12:00 20/10/2005] [12:00 20/10/2005] erunt.dat --a---- 10 bytes [09:57 16/08/2012] [09:57 16/08/2012] ERUNT.LOC --a---- 4090 bytes [00:00 31/08/2000] [00:00 31/08/2000] Exe.reg --a---- 17664 bytes [10:05 11/06/2012] [10:05 11/06/2012] extract.3XE -ra---- 52736 bytes [00:00 31/08/2000] [00:00 31/08/2000] FavoriteFolder.cfx --a---- 20 bytes [08:52 05/09/2010] [08:52 05/09/2010] FavoritesFile.cfx --a---- 13018 bytes [17:59 08/08/2012] [17:59 08/08/2012] FD-SV.cmd --a---- 11550 bytes [03:58 25/07/2012] [03:58 25/07/2012] ffdefstr.dll --a---- 38901 bytes [20:45 29/08/2010] [20:45 29/08/2010] FileKill.3XE -ra---- 145920 bytes [00:00 31/08/2000] [00:00 31/08/2000] files.pif --a---- 3247 bytes [06:44 16/08/2012] [06:44 16/08/2012] Fin.dat --a---- 677 bytes [20:32 09/08/2010] [20:32 09/08/2010] FIND3M.bat --a---- 34271 bytes [14:50 04/07/2012] [14:50 04/07/2012] FIXLSP.bat --a---- 5865 bytes [16:32 26/10/2011] [16:32 26/10/2011] FKMGen.cmd --a---- 1115 bytes [20:38 19/07/2011] [20:38 19/07/2011] ForeignWht --a---- 895 bytes [09:57 16/08/2012] [09:57 16/08/2012] GetHive.cmd --a---- 6090 bytes [09:43 03/06/2011] [09:43 03/06/2011] grep.3XE -ra---- 80412 bytes [00:00 31/08/2000] [00:00 31/08/2000] gsar.3XE -ra---- 15360 bytes [00:00 31/08/2000] [00:00 31/08/2000] handle.3XE -ra---- 417136 bytes [05:15 18/11/2008] [05:15 18/11/2008] hidec.3XE -ra---- 1536 bytes [17:54 15/08/2005] [17:54 15/08/2005] history.bat --a---- 954 bytes [09:25 20/10/2009] [09:25 20/10/2009] hwid.pif --a---- 74529 bytes [16:44 14/07/2010] [16:44 14/07/2010] iexplore.exe --a---- 60416 bytes [04:56 20/04/2009] [04:56 20/04/2009] image001.gif --a---- 1057 bytes [00:00 31/08/2000] [00:00 31/08/2000] Imefile.dat --a---- 224 bytes [23:07 04/09/2010] [23:07 04/09/2010] Install-RC.cmd --a---- 8096 bytes [09:30 14/07/2011] [09:30 14/07/2011] johnson.user.cf --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] katch.cmd --a---- 1374 bytes [01:49 09/03/2011] [01:49 09/03/2011] Kill-All.cmd --a---- 1395 bytes [09:29 14/07/2011] [09:29 14/07/2011] kmd.dat --a---- 13 bytes [09:57 16/08/2012] [09:57 16/08/2012] KNetSvcs.vbs --a---- 407 bytes [20:06 20/05/2012] [20:06 20/05/2012] Lang.bat --a---- 254294 bytes [00:55 25/06/2012] [00:55 25/06/2012] List-B.bat --a---- 29921 bytes [02:47 16/08/2012] [02:47 16/08/2012] List-C.bat --a---- 273050 bytes [16:32 07/08/2012] [16:32 07/08/2012] List-D.bat --a---- 121556 bytes [09:26 11/07/2012] [09:26 11/07/2012] List.bat --a---- 2876093 bytes [06:44 16/08/2012] [06:44 16/08/2012] lnkread.vbs --a---- 3495 bytes [22:59 08/10/2011] [22:59 08/10/2011] LocalAppDataFile.cfx --a---- 23588 bytes [06:44 16/08/2012] [06:44 16/08/2012] LocalAppDataFolder.cfx --a---- 6125 bytes [06:44 16/08/2012] [06:44 16/08/2012] LocalService.dat --a---- 225 bytes [00:00 31/08/2000] [00:00 31/08/2000] LocalServiceNetworkRestricted.dat --a---- 91 bytes [00:00 31/08/2000] [00:00 31/08/2000] LocalSettingsFile.cfx --a---- 3893 bytes [16:24 29/05/2012] [16:24 29/05/2012] LocalSystemNetworkRestricted.dat --a---- 198 bytes [00:00 31/08/2000] [00:00 31/08/2000] mbr.3XE -ra---- 184320 bytes [22:11 24/10/2009] [22:11 24/10/2009] mbr.chk --a---- 2141 bytes [03:30 29/08/2010] [03:30 29/08/2010] md5sum.pif --a---- 6902 bytes [06:44 16/08/2012] [06:44 16/08/2012] MDWht.dat --a---- 279004 bytes [20:26 25/07/2012] [20:26 25/07/2012] MoveIt.bat --a---- 2862 bytes [19:06 28/07/2011] [19:06 28/07/2011] MpsSvc.dat --a---- 8192 bytes [04:48 11/02/2012] [04:48 11/02/2012] mtee.3XE -ra---- 11264 bytes [00:00 31/08/2000] [00:00 31/08/2000] MUI --a---- 14 bytes [09:57 16/08/2012] [09:57 16/08/2012] MWindows.dat --a---- 803 bytes [09:57 16/08/2012] [09:57 16/08/2012] mynul.dat --a---- 0 bytes [00:00 31/08/2000] [00:00 31/08/2000] ncmd.com --a---- 8543 bytes [12:38 26/08/2011] [12:38 26/08/2011] ndis_combofix.dat --a---- 283 bytes [08:12 24/12/2009] [08:12 24/12/2009] ND_.bat --a---- 66962 bytes [09:33 24/07/2012] [09:33 24/07/2012] ND_64.bat --a---- 18370 bytes [09:04 24/07/2012] [09:04 24/07/2012] netsvc.bad.dat --a---- 520 bytes [10:21 14/04/2010] [10:21 14/04/2010] netsvc.dat --a---- 489 bytes [00:00 31/08/2000] [09:57 16/08/2012] NetworkService.dat --a---- 88 bytes [00:00 31/08/2000] [00:00 31/08/2000] NirCmd.3XE -ra---- 60416 bytes [04:56 20/04/2009] [04:56 20/04/2009] NircmdB.exe --a---- 60416 bytes [09:57 16/08/2012] [04:56 20/04/2009] NirCmdC.3XE -ra---- 58880 bytes [04:56 20/04/2009] [04:56 20/04/2009] NIRKMD.3XE -ra---- 60416 bytes [04:56 20/04/2009] [04:56 20/04/2009] NlsLanguageDefault --a---- 6 bytes [09:57 16/08/2012] [09:57 16/08/2012] NT-OS.cmd --a---- 48807 bytes [06:53 20/05/2012] [06:53 20/05/2012] NULL --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] OSid.vbs --a---- 977 bytes [00:00 31/08/2000] [00:00 31/08/2000] pausep.3XE -ra---- 180224 bytes [05:01 29/09/2002] [05:01 29/09/2002] PersonalFile.cfx --a---- 10652 bytes [16:05 14/08/2012] [16:05 14/08/2012] PersonalFolder.cfx --a---- 378 bytes [11:18 01/08/2012] [11:18 01/08/2012] pev.3XE -ra---- 256000 bytes [06:45 26/06/2011] [06:45 26/06/2011] PEV.exe --a---- 256000 bytes [09:57 16/08/2012] [06:45 26/06/2011] pevb.3XE -ra---- 102400 bytes [01:28 28/01/2011] [01:28 28/01/2011] PING.3XE -ra---- 16896 bytes [09:57 16/08/2012] [01:39 14/07/2009] Policies.dat --a---- 2992 bytes [19:51 05/07/2009] [19:51 05/07/2009] powp.dat --a---- 64 bytes [08:57 13/05/2010] [08:57 13/05/2010] Prep.inf --a---- 2870 bytes [19:04 23/08/2011] [19:04 23/08/2011] ProfilesFile.cfx --a---- 30159 bytes [19:38 14/08/2012] [19:38 14/08/2012] ProfilesFolder.cfx --a---- 1619 bytes [14:33 13/08/2012] [14:33 13/08/2012] ProgramsFile.cfx --a---- 10943 bytes [19:38 14/08/2012] [19:38 14/08/2012] ProgramsFolder.cfx --a---- 17056 bytes [02:48 16/08/2012] [02:48 16/08/2012] Purity.dat --a---- 404 bytes [00:00 31/08/2000] [00:00 31/08/2000] PV.3XE -ra---- 73728 bytes [15:42 02/03/2006] [21:42 02/03/2006] pv.com --a---- 73728 bytes [15:42 02/03/2006] [15:42 02/03/2006] rar_sfx.cmd --a---- 108 bytes [09:57 16/08/2012] [09:57 16/08/2012] RCLink.dat --a---- 7478 bytes [00:00 31/08/2000] [00:00 31/08/2000] REGDACL.sed --a---- 3558 bytes [00:00 31/08/2000] [00:00 31/08/2000] RegDo.sed --a---- 9203 bytes [00:00 31/08/2000] [00:00 31/08/2000] region.dat --a---- 1153 bytes [20:03 16/09/2010] [20:03 16/09/2010] RegScan.cmd --a---- 55305 bytes [16:54 26/06/2012] [16:54 26/06/2012] RegScan64.cmd --a---- 21319 bytes [15:52 24/06/2012] [15:52 24/06/2012] REGT.3XE --a---- 398336 bytes [09:57 16/08/2012] [09:57 16/08/2012] Resident.txt --a---- 231 bytes [09:57 16/08/2012] [09:57 16/08/2012] restore_pt.vbs --a---- 587 bytes [14:26 01/05/2009] [14:26 01/05/2009] Rkey.cmd --a---- 442 bytes [21:35 14/11/2009] [21:35 14/11/2009] rmbr.3XE -ra---- 208896 bytes [17:20 07/11/2010] [17:20 07/11/2010] rogues.dat --a---- 820 bytes [00:00 31/08/2000] [00:00 31/08/2000] ROUTE.3XE -ra---- 21504 bytes [09:57 16/08/2012] [01:39 14/07/2009] run2.sed --a---- 287 bytes [00:00 31/08/2000] [00:00 31/08/2000] Rust.str --a---- 30 bytes [03:38 10/06/2009] [03:38 10/06/2009] s0rt.3XE -ra---- 38400 bytes [16:00 10/11/1999] [16:00 10/11/1999] safeboot.dat --a---- 329 bytes [00:00 31/08/2000] [00:00 31/08/2000] safeboot.def.dat --a---- 1867 bytes [04:00 18/10/2009] [09:57 16/08/2012] sed.3XE -ra---- 98816 bytes [00:00 31/08/2000] [00:00 31/08/2000] SetEnvmt.bat --a---- 17392 bytes [07:56 23/06/2012] [07:56 23/06/2012] setpath.3XE -ra---- 66172 bytes [00:00 31/08/2000] [00:00 31/08/2000] setpath_N.cmd --a---- 2494 bytes [09:57 16/08/2012] [09:57 16/08/2012] SF.exe --a---- 49152 bytes [12:42 10/06/2006] [12:42 10/06/2006] sfx.cmd --a---- 14 bytes [09:57 16/08/2012] [09:57 16/08/2012] ShAccess.dat --a---- 376832 bytes [16:10 23/05/2012] [16:10 23/05/2012] SnapShot.cmd --a---- 4634 bytes [18:52 23/06/2011] [18:52 23/06/2011] SRestore.cmd --a---- 2147 bytes [06:53 20/05/2012] [06:53 20/05/2012] srizbi.md5 --a---- 357754 bytes [06:40 16/08/2012] [06:40 16/08/2012] StartMenuFile.cfx --a---- 8304 bytes [15:49 14/08/2012] [15:49 14/08/2012] StartMenuFolder.cfx --a---- 618 bytes [16:51 05/06/2012] [16:51 05/06/2012] StartUpFile.cfx --a---- 28339 bytes [19:38 14/08/2012] [19:38 14/08/2012] Start_dat --a---- 2 bytes [09:57 16/08/2012] [09:57 16/08/2012] SuppScan.cmd --a---- 20664 bytes [09:17 19/11/2011] [09:17 19/11/2011] SvcDrv.vbs --a---- 2176 bytes [00:00 31/08/2000] [00:00 31/08/2000] svchost.dat --a---- 1306 bytes [04:19 27/11/2010] [04:19 27/11/2010] svc_wht.dat --a---- 14828 bytes [22:42 28/11/2009] [09:57 16/08/2012] swreg.3XE -ra---- 518144 bytes [00:00 31/08/2000] [00:00 31/08/2000] swsc.3XE -ra---- 406528 bytes [00:00 31/08/2000] [00:00 31/08/2000] swxcacls.3XE -ra---- 212480 bytes [00:00 31/08/2000] [00:00 31/08/2000] system_ini.dat --a---- 276 bytes [00:00 31/08/2000] [00:00 31/08/2000] tail.3XE -ra---- 35328 bytes [00:00 10/11/1999] [00:00 10/11/1999] TemplatesFile.cfx --a---- 8138 bytes [11:18 01/08/2012] [11:18 01/08/2012] TemplatesFolder.cfx --a---- 138 bytes [10:36 27/03/2012] [10:36 27/03/2012] toolbar.sed --a---- 633 bytes [05:26 30/10/2009] [05:26 30/10/2009] Update-CF.cmd --a---- 3987 bytes [01:47 10/01/2012] [01:47 10/01/2012] VBR.pif --a---- 9098 bytes [19:06 18/02/2012] [19:06 18/02/2012] VerCF.bat --a---- 587 bytes [09:57 16/08/2012] [09:57 16/08/2012] VikPev00 --a---- 2287 bytes [09:57 16/08/2012] [11:48 30/07/2012] VInfo --a---- 3819 bytes [08:40 22/06/2011] [08:40 22/06/2011] VInfo2 --a---- 20194 bytes [14:29 13/08/2012] [14:29 13/08/2012] VINFO3 --a---- 557 bytes [08:40 22/06/2011] [08:40 22/06/2011] Vipev.dat --a---- 308 bytes [15:30 10/05/2010] [15:30 10/05/2010] Vista.krl --a---- 4 bytes [09:57 16/08/2012] [09:57 16/08/2012] vistaMcode.dat --a---- 440 bytes [19:17 26/07/2010] [19:17 26/07/2010] vun.dat --a---- 7584 bytes [20:05 20/06/2010] [20:05 20/06/2010] VwinTemp.dacl --a---- 244 bytes [09:05 31/07/2010] [09:05 31/07/2010] W6432.dat --a---- 2 bytes [09:57 16/08/2012] [09:57 16/08/2012] W7.mac --a---- 6 bytes [09:57 16/08/2012] [09:57 16/08/2012] w7Mcode.dat --a---- 440 bytes [20:20 23/07/2010] [20:20 23/07/2010] w7reg.dat --a---- 22711 bytes [10:19 20/05/2012] [10:19 20/05/2012] Wmi_rem.vbs --a---- 1127 bytes [19:38 11/12/2010] [19:38 11/12/2010] w_sock.dll --a---- 98948 bytes [06:45 21/06/2009] [06:45 21/06/2009] xpmcode.dat --a---- 440 bytes [14:14 22/07/2010] [14:14 22/07/2010] XPSBoot.reg --a---- 13090 bytes [10:41 02/02/2010] [10:41 02/02/2010] zDomain.dat --a---- 23773 bytes [00:00 31/08/2000] [00:00 31/08/2000] zhsvc.dat --a---- 75217 bytes [06:42 16/08/2012] [09:57 16/08/2012] zip.3XE -ra---- 68096 bytes [00:00 31/08/2000] [00:00 31/08/2000] C:\Combofix\de-DE d------ [09:57 16/08/2012] ATTRIB.3XE.mui --a---- 2048 bytes [09:57 16/08/2012] [11:31 02/08/2011] CF16372.3XE.mui --a---- 147968 bytes [09:57 16/08/2012] [11:31 02/08/2011] cmd.3XE.mui --a---- 147968 bytes [09:57 16/08/2012] [11:31 02/08/2011] CSCRIPT.3XE.mui --a---- 12288 bytes [09:57 16/08/2012] [11:31 02/08/2011] PING.3XE.mui --a---- 10752 bytes [09:57 16/08/2012] [11:31 02/08/2011] REGT.3XE.mui --a---- 51712 bytes [09:57 16/08/2012] [11:31 02/08/2011] ROUTE.3XE.mui --a---- 13824 bytes [09:57 16/08/2012] [11:31 02/08/2011] C:\Combofix\en-US d------ [09:57 16/08/2012] iexplore.exe --a---- 1536 bytes [09:57 16/08/2012] [17:54 15/08/2005] C:\Combofix\N_ d------ [09:57 16/08/2012] 10152 --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] 12374 --a---- 213 bytes [09:57 16/08/2012] [09:57 16/08/2012] 15621 --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] 1789 --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] 17960 --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] 22343 --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] 22665 --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] 25278 --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] 25503 --a---- 106 bytes [09:57 16/08/2012] [09:57 16/08/2012] 26866 --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] 27428 --a---- 46 bytes [09:57 16/08/2012] [09:57 16/08/2012] 29471 --a---- 132 bytes [09:57 16/08/2012] [09:57 16/08/2012] 30059 --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] 30092 --a---- 177 bytes [09:57 16/08/2012] [09:57 16/08/2012] 31086 --a---- 66 bytes [09:57 16/08/2012] [09:57 16/08/2012] 31817 --a---- 219 bytes [09:57 16/08/2012] [09:57 16/08/2012] 32463 --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] 32528 --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] 5745 --a---- 0 bytes [09:57 16/08/2012] [09:57 16/08/2012] 5868 --a---- 30 bytes [09:57 16/08/2012] [09:57 16/08/2012] 8917 --a---- 30 bytes [09:57 16/08/2012] [09:57 16/08/2012] Path$ --a---- 120 bytes [09:57 16/08/2012] [09:57 16/08/2012] ========== filefind ========== Searching for "combofix.txt" No files found. -= EOF =-
Hallo johnson1,
lösche die vorhandene Combofix.exe vom Desktop und lasse Combofix nochmal wie folgt laufen:
Malware mit Combofix beseitigen
Lade Combofix von BleepingComputer.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.
Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
- Windows XP (nur 32-bit)
- Windows Vista (32-bit/64-bit)
- Windows 7 (32-bit/64-bit)
Vorbereitung und wichtige Hinweise
- Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
- Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte fragen.
- ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
- Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
- {b]Mache nichts anderes[/b], wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
- Teile uns das mit und warte auf unsere Anweisungen.
- Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
- Während des Laufs von Combofix nichts anderes am Computer machen!
- Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
- Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
- Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
- Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
- Bitte nicht in dieses Combofix-Fenster klicken.
- Das könnte Dein System einfrieren oder hängen bleiben lassen.
- Es wird ein Backup Deiner Registry erstellt.
- Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.
- Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
- Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
- Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.
- Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
- Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
[°¿°] Ciao, Petra
Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke
voila
Code:ComboFix 12-08-20.02 - johnson 21.08.2012 15:44:00.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6055.3863 [GMT 2:00] ausgeführt von:: c:\users\johnson\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ADS - Windows: deleted 192 bytes in 1 streams. . ((((((((((((((((((((((( Dateien erstellt von 2012-07-21 bis 2012-08-21 )))))))))))))))))))))))))))))) . . 2012-08-21 13:50 . 2012-08-21 13:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-21 13:50 . 2012-08-21 13:50 -------- d-----w- c:\users\admin\AppData\Local\temp 2012-08-21 11:13 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A7B777B-31E7-477E-8640-4C50D319D12A}\mpengine.dll 2012-08-17 17:12 . 2012-08-17 17:12 -------- d-----w- c:\program files (x86)\Ask.com 2012-08-16 10:19 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-08-16 10:08 . 2012-08-16 10:08 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-08-16 10:08 . 2012-08-16 10:08 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-08-16 10:08 . 2012-08-16 10:08 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-08-16 10:08 . 2012-08-16 10:08 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-08-16 10:08 . 2012-08-16 10:08 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-16 10:15 . 2011-08-23 08:56 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-15 12:34 . 2012-04-07 23:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-15 12:34 . 2011-08-25 11:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-30 12:36 . 2012-06-30 12:37 268720 ----a-w- c:\windows\system32\javaws.exe 2012-06-30 12:36 . 2012-06-30 12:36 189360 ----a-w- c:\windows\system32\javaw.exe 2012-06-30 12:36 . 2012-06-30 12:36 188840 ----a-w- c:\windows\system32\java.exe 2012-06-30 12:36 . 2012-06-16 15:06 955840 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-30 12:36 . 2011-08-02 01:49 839096 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-06-09 05:43 . 2012-07-11 09:09 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-06-06 06:06 . 2012-07-11 09:09 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 09:09 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 09:09 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 09:09 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 09:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 09:09 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-21 09:34 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 09:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 09:35 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 09:35 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 09:34 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 09:35 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 09:34 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 09:34 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-21 09:34 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:50 . 2012-07-11 09:09 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 09:09 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:48 . 2012-07-11 09:09 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:45 . 2012-07-11 09:09 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 09:09 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 09:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 09:09 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 09:09 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 09:09 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-07-30_11.56.05 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-15 06:53 . 2012-05-05 07:46 43008 c:\windows\SysWOW64\srclient.dll - 2009-07-13 23:23 . 2009-07-14 01:16 43008 c:\windows\SysWOW64\srclient.dll + 2012-08-15 06:53 . 2012-07-04 21:16 57344 c:\windows\SysWOW64\netapi32.dll + 2012-08-16 10:17 . 2012-06-29 00:01 73216 c:\windows\SysWOW64\mshtmled.dll - 2012-07-11 17:38 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll + 2012-08-16 10:17 . 2012-06-29 00:06 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll - 2012-07-11 17:38 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll + 2012-08-16 10:17 . 2012-06-29 00:06 65024 c:\windows\SysWOW64\jsproxy.dll - 2012-07-11 17:38 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll + 2012-08-20 08:00 . 2012-08-20 08:00 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-07-29 22:42 . 2012-07-29 22:42 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2009-07-14 04:54 . 2012-07-26 20:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-08-15 12:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-08-15 12:34 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-26 20:33 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-15 12:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-26 20:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-08-15 06:53 . 2012-07-04 21:14 41984 c:\windows\SysWOW64\browcli.dll - 2010-11-21 03:24 . 2010-11-21 03:24 41984 c:\windows\SysWOW64\browcli.dll + 2010-11-21 03:09 . 2012-08-20 12:54 82596 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-20 12:54 39774 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-08-17 18:44 . 2012-08-20 12:54 17874 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-267714115-4148949142-3198035650-1000_UserData.bin + 2012-08-15 06:53 . 2012-07-04 22:16 73216 c:\windows\system32\netapi32.dll + 2012-08-16 10:17 . 2012-06-29 03:40 96768 c:\windows\system32\mshtmled.dll - 2012-07-11 17:38 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll + 2012-08-16 10:17 . 2012-06-29 03:46 86528 c:\windows\system32\migration\WininetPlugin.dll - 2012-07-11 17:38 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll + 2012-08-16 10:17 . 2012-06-29 03:45 85504 c:\windows\system32\jsproxy.dll - 2012-07-11 17:38 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll + 2009-07-14 05:30 . 2012-08-16 11:39 86016 c:\windows\system32\DriverStore\infpub.dat - 2009-07-14 05:30 . 2012-07-24 11:42 86016 c:\windows\system32\DriverStore\infpub.dat + 2011-08-18 09:04 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS + 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys - 2011-08-02 01:46 . 2012-07-30 11:45 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-02 01:46 . 2012-08-21 12:07 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-02-18 12:13 . 2012-07-30 11:45 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-02-18 12:13 . 2012-08-21 12:07 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-21 12:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-30 11:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-08-15 06:53 . 2012-07-04 22:13 59392 c:\windows\system32\browcli.dll + 2012-08-15 06:53 . 2012-02-11 06:36 67072 c:\windows\splwow64.exe - 2010-11-21 03:24 . 2010-11-21 03:24 67072 c:\windows\splwow64.exe - 2009-07-14 04:46 . 2012-07-12 09:01 99040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 04:46 . 2012-08-19 09:56 99040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2011-08-18 08:42 . 2012-07-11 17:42 35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe + 2011-08-18 08:42 . 2012-08-16 10:19 35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe + 2011-08-18 08:42 . 2012-08-16 10:19 18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe - 2011-08-18 08:42 . 2012-07-11 17:42 18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe - 2011-08-18 08:42 . 2012-07-11 17:42 20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe + 2011-08-18 08:42 . 2012-08-16 10:19 20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe + 2011-08-26 15:12 . 2012-08-16 09:38 3378 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-08-20 12:52 . 2012-08-20 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-30 08:55 . 2012-07-30 08:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-20 12:52 . 2012-08-20 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-30 08:55 . 2012-07-30 08:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-15 06:53 . 2012-02-11 05:43 492032 c:\windows\SysWOW64\win32spl.dll - 2010-11-21 03:24 . 2010-11-21 03:24 492032 c:\windows\SysWOW64\win32spl.dll - 2012-07-11 17:38 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll + 2012-08-16 10:17 . 2012-06-29 00:07 231936 c:\windows\SysWOW64\url.dll + 2012-08-15 12:34 . 2012-08-15 12:34 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe + 2012-08-15 11:34 . 2012-08-15 11:34 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe + 2012-08-15 11:34 . 2012-08-15 11:34 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll + 2012-04-07 23:48 . 2012-08-15 12:34 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe - 2012-04-07 23:48 . 2012-07-26 20:33 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe + 2012-08-16 10:17 . 2012-06-29 00:04 717824 c:\windows\SysWOW64\jscript.dll + 2012-08-16 10:17 . 2012-06-29 00:04 142848 c:\windows\SysWOW64\ieUnatt.exe - 2012-07-11 17:38 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe + 2012-08-16 10:17 . 2012-06-28 23:57 176640 c:\windows\SysWOW64\ieui.dll - 2012-07-11 17:38 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll + 2012-08-15 06:53 . 2012-02-11 06:43 751104 c:\windows\system32\win32spl.dll - 2010-11-21 03:24 . 2010-11-21 03:24 751104 c:\windows\system32\win32spl.dll + 2011-08-23 12:39 . 2012-08-20 06:03 338158 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2011-08-28 11:18 . 2012-08-21 11:01 265418 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2012-07-11 17:38 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll + 2012-08-16 10:17 . 2012-06-29 03:47 237056 c:\windows\system32\url.dll + 2012-08-15 06:53 . 2012-05-05 08:36 503808 c:\windows\system32\srcore.dll + 2012-08-15 06:53 . 2012-02-11 06:36 559104 c:\windows\system32\spoolsv.exe - 2010-11-21 03:24 . 2010-11-21 03:24 559104 c:\windows\system32\spoolsv.exe - 2009-07-14 02:36 . 2012-07-24 11:59 652812 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-15 20:46 652812 c:\windows\system32\perfh009.dat + 2011-08-02 11:32 . 2012-08-15 20:46 697534 c:\windows\system32\perfh007.dat - 2011-08-02 11:32 . 2012-07-24 11:59 697534 c:\windows\system32\perfh007.dat + 2009-07-14 02:36 . 2012-08-15 20:46 121486 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-07-24 11:59 121486 c:\windows\system32\perfc009.dat - 2011-08-02 11:32 . 2012-07-24 11:59 148540 c:\windows\system32\perfc007.dat + 2011-08-02 11:32 . 2012-08-15 20:46 148540 c:\windows\system32\perfc007.dat + 2012-08-15 12:34 . 2012-08-15 12:34 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_Plugin.exe + 2012-08-15 11:33 . 2012-08-15 11:33 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe + 2012-08-15 11:33 . 2012-08-15 11:33 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.dll + 2012-08-15 06:53 . 2012-05-14 05:26 956928 c:\windows\system32\localspl.dll + 2012-08-16 10:17 . 2012-06-29 03:44 816640 c:\windows\system32\jscript.dll - 2012-07-11 17:38 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe + 2012-08-16 10:17 . 2012-06-29 03:43 173056 c:\windows\system32\ieUnatt.exe + 2012-08-16 10:17 . 2012-06-29 03:35 248320 c:\windows\system32\ieui.dll - 2012-07-11 17:38 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll + 2009-07-14 05:30 . 2012-08-16 11:39 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-07-24 11:42 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2012-08-16 11:39 143360 c:\windows\system32\DriverStore\infstor.dat - 2009-07-14 05:30 . 2012-04-08 12:02 143360 c:\windows\system32\DriverStore\infstor.dat + 2010-11-21 03:23 . 2010-11-21 03:23 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe + 2012-08-16 10:19 . 2012-07-06 20:07 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys - 2009-07-14 05:31 . 2011-08-18 09:55 399360 c:\windows\system32\DriverStore\drvindex.dat + 2009-07-14 05:31 . 2012-08-16 11:39 399360 c:\windows\system32\DriverStore\drvindex.dat + 2012-08-15 06:53 . 2012-07-04 22:13 136704 c:\windows\system32\browser.dll + 2009-07-14 05:01 . 2012-08-20 08:00 516000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-07-18 13:46 . 2012-07-18 13:46 593408 c:\windows\Installer\6e113.msp - 2011-08-18 08:42 . 2012-07-11 17:42 888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe + 2011-08-18 08:42 . 2012-08-16 10:19 888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe - 2011-08-18 08:42 . 2012-07-11 17:42 272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe + 2011-08-18 08:42 . 2012-08-16 10:19 272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe + 2011-08-18 08:42 . 2012-08-16 10:19 922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe - 2011-08-18 08:42 . 2012-07-11 17:42 922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe - 2011-08-18 08:42 . 2012-07-11 17:42 845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe + 2011-08-18 08:42 . 2012-08-16 10:19 845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe - 2011-08-18 08:42 . 2012-07-11 17:42 217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe + 2011-08-18 08:42 . 2012-08-16 10:19 217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe + 2012-08-17 17:12 . 2012-08-17 17:12 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe + 2012-01-03 07:37 . 2012-01-03 07:37 320456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\adobearmhelper.exe + 2011-06-23 08:54 . 2011-06-23 08:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\MSCONV97.DLL - 2012-07-11 17:38 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll + 2012-08-16 10:17 . 2012-06-29 00:09 1129472 c:\windows\SysWOW64\wininet.dll - 2012-07-11 17:38 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll + 2012-08-16 10:17 . 2012-06-29 00:09 1103872 c:\windows\SysWOW64\urlmon.dll + 2012-08-15 12:34 . 2012-08-15 12:34 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll + 2012-08-15 12:34 . 2012-08-15 12:34 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe + 2012-08-16 10:17 . 2012-06-29 00:16 1800704 c:\windows\SysWOW64\jscript9.dll - 2012-07-11 17:38 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll + 2012-08-16 10:17 . 2012-06-29 00:01 1793024 c:\windows\SysWOW64\iertutil.dll - 2012-07-11 17:38 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll + 2012-08-16 10:17 . 2012-06-29 00:27 9737728 c:\windows\SysWOW64\ieframe.dll + 2012-08-16 10:17 . 2012-06-29 03:49 1392128 c:\windows\system32\wininet.dll - 2012-07-11 17:38 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll + 2012-08-15 06:53 . 2012-07-18 18:15 3148800 c:\windows\system32\win32k.sys - 2012-07-11 17:42 . 2012-06-12 03:08 3148800 c:\windows\system32\win32k.sys - 2012-07-11 17:38 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll + 2012-08-16 10:17 . 2012-06-29 03:49 1346048 c:\windows\system32\urlmon.dll + 2012-08-16 10:17 . 2012-06-29 03:56 2312704 c:\windows\system32\jscript9.dll - 2012-07-11 17:38 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll + 2012-08-16 10:17 . 2012-06-29 03:42 2144768 c:\windows\system32\iertutil.dll + 2009-07-14 04:45 . 2012-08-16 11:41 5014040 c:\windows\system32\FNTCACHE.DAT - 2009-07-14 04:45 . 2012-07-11 17:48 5014040 c:\windows\system32\FNTCACHE.DAT + 2009-07-14 04:45 . 2012-08-16 11:50 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-07-11 17:50 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2011-08-02 02:54 . 2012-08-20 08:00 3306168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-08-30 11:06 . 2012-08-17 15:04 4814600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-267714115-4148949142-3198035650-1000-12288.dat + 2012-08-17 17:11 . 2012-08-17 17:12 3916800 c:\windows\Installer\747670.msi + 2012-06-26 16:03 . 2012-06-26 16:03 3875840 c:\windows\Installer\6e12f.msp + 2012-07-18 13:53 . 2012-07-18 13:53 5009920 c:\windows\Installer\6e0ed.msp + 2011-08-18 08:42 . 2012-08-16 10:19 1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe - 2011-08-18 08:42 . 2012-07-11 17:42 1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe + 2012-08-16 10:17 . 2012-06-29 00:52 12317184 c:\windows\SysWOW64\mshtml.dll - 2009-07-14 02:34 . 2012-07-11 17:46 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2012-08-16 11:39 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2012-08-16 10:17 . 2012-06-29 04:55 17809920 c:\windows\system32\mshtml.dll + 2012-08-15 12:34 . 2012-08-15 12:34 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll + 2012-08-16 10:17 . 2012-06-29 04:09 10925568 c:\windows\system32\ieframe.dll + 2011-08-17 19:10 . 2012-08-20 08:00 48334552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-267714115-4148949142-3198035650-1000-8192.dat + 2012-07-25 14:59 . 2012-07-25 14:59 11032064 c:\windows\Installer\6e126.msp + 2012-07-18 13:53 . 2012-07-18 13:53 10937344 c:\windows\Installer\6e100.msp + 2012-07-28 01:50 . 2012-07-28 01:50 15765504 c:\windows\Installer\4f4ba7b.msp + 2011-08-03 18:53 . 2011-08-03 18:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\MSO.DLL . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-06-20 11:18 1519824 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Facebook Update"="c:\users\johnson\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-06-24 75048] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-30 336384] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-11 348664] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-20 1568976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/22 20:42;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-06-24 248304] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x] R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x] R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x] R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-07-19 104096] R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-16 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824] R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [2010-09-17 30352] R3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys [2010-09-17 30352] R3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2011-04-28 31576] R3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-04-28 53080] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-28 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-29 203776] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224] S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-10-12 5739008] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2011-03-07 102400] S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys [2011-03-07 98816] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-24 2656280] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-02-14 550080] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-08-12 971704] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-29 9319936] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-29 306688] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-04-01 317440] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-08 12289472] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-04 76912] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-02-24 56344] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2011-04-28 419160] S3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2011-04-28 31576] S3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-04-28 53080] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - CLKMDRV10_9EC60124 . Inhalt des "geplante Tasks" Ordners . 2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 12:34] . 2012-08-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-267714115-4148949142-3198035650-1000Core.job - c:\users\johnson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-31 22:16] . 2012-08-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-267714115-4148949142-3198035650-1000UA.job - c:\users\johnson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-31 22:16] . 2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 21:16] . 2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 21:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://t-online.de/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\johnson\AppData\Roaming\Mozilla\Firefox\Profiles\ehlcsin3.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=b7ee380f-8e90-4e45-832a-d09ef629dd62&apn_ptnrs=%5EABT&apn_sauid=87C4FBFF-F17E-4EB3-BFF5-5265F5FFF092&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q= . - - - - Entfernte verwaiste Registrierungseinträge - - - - . ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-08-21 15:52:52 ComboFix-quarantined-files.txt 2012-08-21 13:52 ComboFix2.txt 2012-08-16 09:36 ComboFix3.txt 2012-07-30 11:57 . Vor Suchlauf: 19 Verzeichnis(se), 229.002.530.816 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 229.412.982.784 Bytes frei . - - End Of File - - EE9459D0958E7AA838BAFFA5C28872E0
zwischenbericht vom laptop: w-lan flieg ich noch öfter raus als vorher... was auch kmisch ist: es gibt zwei verfügbare wlan netze die erreichbar sind, manchmal wird noch ein drittes angezeigt, eine fritzbox mit vollem empfang (5 von 5 balken), es ist aber keine fritz box in der nähe....? und selbst wenn da eine wäre, ist es ja komisch, dass das "haus wlan" nur auf 3 balken kommt ... manchmal wird es aber auch nicht unter den verfügbaren netzen angezeigt, obwohl der router an ist...
Hallo johnson1,
in dem folgenden Combofix-Script gehe ich davon aus, dass die Dropbox nicht mehr installiert ist. Sollte das doch der Fall sein, sage mir vor Ausführung des Skriptes Bescheid.
===== Punkt 1 =====
Combofix mit Skript laufen lassen
- Denke daran, während des Laufs von Combofix Dein Antiviren-Programm und die Firewall temporär abzustellen.
Danach wieder anstellen nicht vergessen!- Wichtig: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Anwendung
- Öffne notepad (Start => Ausführen => notepad (reinschreiben) => ok) oder einen Editor Deiner Wahl und kopiere alles aus der nachfolgenden Codebox in ein leeres Dokument:
Code:Reg:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"=- [-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ApnUpdater"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{AD153D02-A121-4A79-B1CE-AF06A564505B}"=- "{D0347507-5C7D-4C71-9340-415BC564CF42}"=- [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Users\johnson\AppData\Local\Temp\1805071\5871416.exe"=- [HKEY_USERS\S-1-5-21-267714115-4148949142-3198035650-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Users\johnson\AppData\Local\Temp\1805071\5871416.exe"=- [HKEY_USERS\S-1-5-21-267714115-4148949142-3198035650-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Users\johnson\AppData\Local\Temp\1805071\5871416.exe"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_5871416DRV] Driver:: 5871416drv R3 AthBTPort R3 BTATH_A2DP R3 btath_avdt R3 BTATH_BUS R3 BTATH_HCRP R3 BTATH_LWFLT R3 BTATH_RCP R3 BtFilter Firefox:: FF - ProfilePath - c:\users\johnson\AppData\Roaming\Mozilla\Firefox\Profiles\ehlcsin3.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - FF - prefs.js: keyword.URL - File:: c:\windows\system32\DRIVERS\btath_flt.sys c:\windows\system32\drivers\btath_a2dp.sys c:\windows\system32\drivers\btath_avdt.sys c:\windows\system32\DRIVERS\btath_bus.sys c:\windows\system32\DRIVERS\btath_hcrp.sys c:\windows\system32\DRIVERS\btath_lwflt.sys c:\windows\system32\DRIVERS\btath_rcp.sys c:\windows\system32\DRIVERS\btfilter.sys Folder:: c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} c:\program files (x86)\Ask.com c:\users\johnson\appdata\roaming\dropbox C:\Users\johnson\AppData\Local\Temp\1805071 RegLock:: [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]- Speichere dies als CFScript.txt auf Deinem Desktop. Achte darauf, dass bei Dateityp "All types" aktiv ist.
.
.- In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
- Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt.
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte füge es hier als Antwort ein.
Hinweis für Mitleser: Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
===== Punkt 2 =====
Systemscan mit OTL
Erstelle bitte zur Kontrolle erneut OTL-Logfiles, stelle alle Kategorien auf "Benutze Safelist" um und hake oben "Scanne alle Benutzer" an, wie auf folgendem Screenshot zu sehen. User mit 64Bit-Systemen machen auch einen Haken bei "Include 64Bit-Scan". Dann kann ich schauen, ob es noch weitere Reste zu entfernen gibt.
Füge die beiden Logfiles OTL.txt und Extras.txt als Anhang ein, indem Du unterhalb des Textfeldes auf Erweitert klickst und die Logdateien einzeln über Anhänge verwalten hochlädst.
Achte darauf, Nachnamen und/oder persönliche Daten ggfs. zu anonymisieren.
[°¿°] Ciao, Petra
Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke
passiert genau dasselbe: comofix start pc neu, logfile wird erstellt, diesmal speicher ich es sofort, aber danach geht wieder kein programm oder datei, alles kann nicht geöffnet werden, "es wurde versucht ...irgendwas in bezug auf registrierungsschlüssel... datei wurde zum löschen makiert, kan nicht geöffnet werden" so in etwa der wortlaut, kann kein screenshot machen, da ich es ja in keinem programm speichern kann..., nach neustart geht alles wieder...
Code:ComboFix 12-08-22.01 - johnson 22.08.2012 14:36:13.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6055.4225 [GMT 2:00] ausgeführt von:: c:\users\johnson\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\johnson\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\drivers\btath_a2dp.sys" "c:\windows\system32\drivers\btath_avdt.sys" "c:\windows\system32\DRIVERS\btath_bus.sys" "c:\windows\system32\DRIVERS\btath_flt.sys" "c:\windows\system32\DRIVERS\btath_hcrp.sys" "c:\windows\system32\DRIVERS\btath_lwflt.sys" "c:\windows\system32\DRIVERS\btath_rcp.sys" "c:\windows\system32\DRIVERS\btfilter.sys" . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Ask.com c:\program files (x86)\Ask.com\assets\oobe\b.png c:\program files (x86)\Ask.com\assets\oobe\bl.png c:\program files (x86)\Ask.com\assets\oobe\br.png c:\program files (x86)\Ask.com\assets\oobe\l.png c:\program files (x86)\Ask.com\assets\oobe\pointer.png c:\program files (x86)\Ask.com\assets\oobe\r.png c:\program files (x86)\Ask.com\assets\oobe\t.png c:\program files (x86)\Ask.com\assets\oobe\tl.png c:\program files (x86)\Ask.com\assets\oobe\tr.png c:\program files (x86)\Ask.com\AviraBrowserSecurity.exe c:\program files (x86)\Ask.com\cb_a305.ico c:\program files (x86)\Ask.com\cobrand.ico c:\program files (x86)\Ask.com\config.xml c:\program files (x86)\Ask.com\favicon.ico c:\program files (x86)\Ask.com\fv_9a3e.ico c:\program files (x86)\Ask.com\GenericAskToolbar.dll c:\program files (x86)\Ask.com\mupcfg.xml c:\program files (x86)\Ask.com\precache.exe c:\program files (x86)\Ask.com\SaUpdate.exe c:\program files (x86)\Ask.com\Updater\config.xml c:\program files (x86)\Ask.com\Updater\Updater.exe c:\program files (x86)\Ask.com\UpdateTask.exe c:\users\johnson\appdata\roaming\dropbox c:\users\johnson\appdata\roaming\dropbox\bin\Dropbox.exe.log c:\users\johnson\appdata\roaming\dropbox\host.dbx c:\users\johnson\appdata\roaming\dropbox\installer\l\4f7f5fbd c:\users\johnson\appdata\roaming\dropbox\l\4f79756f c:\users\johnson\appdata\roaming\dropbox\l\4f7b3ae0 c:\users\johnson\appdata\roaming\dropbox\l\4f7d842c c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f79b747 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f79b786 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f79b81c c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f79c19f c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f79c894 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f79de32 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7a4d98 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7a5228 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7abb66 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7ac992 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7ac9c7 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7ad348 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7adbe5 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7b0b9b c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7b3ad4 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7b3b3d c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7b4622 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7b7464 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7b8141 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7b86fa c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7c2952 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7c2e9a c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7c3769 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7c38bb c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7c6cb2 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7c6f94 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7c72cd c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7c792a c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7c7b1b c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7c9afe c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7c9bcf c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7c9bf7 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7c9da1 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7ca7b2 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7cd967 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7ce608 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7d7384 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7d8419 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7d8766 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7da3c5 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7da874 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7da92b c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7db303 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7db507 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7dce1b c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7de8bc c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7df035 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7df85a c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7e0a1a c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7e18b5 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7e277d c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7eec10 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7eff5e c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7f0596 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7f345c c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7f36aa c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7f392f c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7f3b9f c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7f4ad3 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7f4f92 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7f535c c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7f54f5 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7f5933 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7f5fd5 c:\users\johnson\appdata\roaming\dropbox\shellext\l\4f7f5fd7 c:\users\johnson\appdata\roaming\dropbox\shellext\l\new_trace c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1031.MST c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_5871416DRV . . ((((((((((((((((((((((( Dateien erstellt von 2012-07-22 bis 2012-08-22 )))))))))))))))))))))))))))))) . . 2012-08-22 12:41 . 2012-08-22 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-22 12:41 . 2012-08-22 12:41 -------- d-----w- c:\users\admin\AppData\Local\temp 2012-08-21 11:13 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A7B777B-31E7-477E-8640-4C50D319D12A}\mpengine.dll 2012-08-16 10:19 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-08-16 10:08 . 2012-08-16 10:08 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-08-16 10:08 . 2012-08-16 10:08 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-08-16 10:08 . 2012-08-16 10:08 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-08-16 10:08 . 2012-08-16 10:08 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-08-16 10:08 . 2012-08-16 10:08 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-16 10:15 . 2011-08-23 08:56 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-15 12:34 . 2012-04-07 23:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-15 12:34 . 2011-08-25 11:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-30 12:36 . 2012-06-30 12:37 268720 ----a-w- c:\windows\system32\javaws.exe 2012-06-30 12:36 . 2012-06-30 12:36 189360 ----a-w- c:\windows\system32\javaw.exe 2012-06-30 12:36 . 2012-06-30 12:36 188840 ----a-w- c:\windows\system32\java.exe 2012-06-30 12:36 . 2012-06-16 15:06 955840 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-30 12:36 . 2011-08-02 01:49 839096 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-06-09 05:43 . 2012-07-11 09:09 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-06-06 06:06 . 2012-07-11 09:09 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 09:09 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 09:09 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 09:09 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 09:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 09:09 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-21 09:34 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 09:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 09:35 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 09:35 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 09:34 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 09:35 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 09:34 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 09:34 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-21 09:34 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:50 . 2012-07-11 09:09 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 09:09 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:48 . 2012-07-11 09:09 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:45 . 2012-07-11 09:09 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 09:09 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 09:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 09:09 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 09:09 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 09:09 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot_2012-08-21_13.51.10 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-22 12:42 . 2012-08-22 12:42 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-08-20 08:00 . 2012-08-20 08:00 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat + 2010-11-21 03:09 . 2012-08-22 10:41 82910 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2012-08-20 12:54 39774 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-22 10:41 39774 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-08-17 18:44 . 2012-08-22 10:41 17922 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-267714115-4148949142-3198035650-1000_UserData.bin + 2011-08-02 01:46 . 2012-08-22 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-02 01:46 . 2012-08-21 12:07 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-02-18 12:13 . 2012-08-21 12:07 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-02-18 12:13 . 2012-08-22 13:03 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-22 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-08-21 12:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-08-20 12:52 . 2012-08-20 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-22 12:43 . 2012-08-22 12:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-22 12:43 . 2012-08-22 12:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-08-20 12:52 . 2012-08-20 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-08-28 11:18 . 2012-08-21 22:39 265458 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2012-08-15 20:46 652812 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-21 18:22 652812 c:\windows\system32\perfh009.dat - 2011-08-02 11:32 . 2012-08-15 20:46 697534 c:\windows\system32\perfh007.dat + 2011-08-02 11:32 . 2012-08-21 18:22 697534 c:\windows\system32\perfh007.dat + 2009-07-14 02:36 . 2012-08-21 18:22 121486 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-08-15 20:46 121486 c:\windows\system32\perfc009.dat - 2011-08-02 11:32 . 2012-08-15 20:46 148540 c:\windows\system32\perfc007.dat + 2011-08-02 11:32 . 2012-08-21 18:22 148540 c:\windows\system32\perfc007.dat - 2009-07-14 05:01 . 2012-08-20 08:00 516000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-22 12:42 516000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-08-02 02:54 . 2012-08-22 12:42 3306168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-08-02 02:54 . 2012-08-20 08:00 3306168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-08-17 19:10 . 2012-08-22 12:42 48860376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-267714115-4148949142-3198035650-1000-8192.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Facebook Update"="c:\users\johnson\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-06-24 75048] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-30 336384] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-11 348664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/22 20:42;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-06-24 248304] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x] R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x] R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x] R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-07-19 104096] R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-16 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824] R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [2010-09-17 30352] R3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys [2010-09-17 30352] R3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2011-04-28 31576] R3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-04-28 53080] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104] R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-28 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-29 203776] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224] S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-10-12 5739008] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2011-03-07 102400] S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys [2011-03-07 98816] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-24 2656280] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-02-14 550080] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-08-12 971704] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-29 9319936] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-29 306688] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-04-01 317440] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-08 12289472] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-04 76912] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-02-24 56344] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2011-04-28 419160] S3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2011-04-28 31576] S3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-04-28 53080] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - CLKMDRV10_9EC60124 . Inhalt des "geplante Tasks" Ordners . 2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 12:34] . 2012-08-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-267714115-4148949142-3198035650-1000Core.job - c:\users\johnson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-31 22:16] . 2012-08-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-267714115-4148949142-3198035650-1000UA.job - c:\users\johnson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-31 22:16] . 2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 21:16] . 2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 21:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://t-online.de/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\johnson\AppData\Roaming\Mozilla\Firefox\Profiles\ehlcsin3.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe c:\windows\SysWOW64\DllHost.exe c:\windows\SysWOW64\DllHost.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-08-22 15:18:26 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-08-22 13:18 ComboFix2.txt 2012-08-21 13:52 ComboFix3.txt 2012-08-16 09:36 ComboFix4.txt 2012-07-30 11:57 . Vor Suchlauf: 18 Verzeichnis(se), 228.359.553.024 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 228.184.129.536 Bytes frei . - - End Of File - - FF6E5835E9DCEA94DA9B75AFD856A1C6Code:OTL logfile created on: 22.08.2012 15:37:37 - Run 8 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\johnson\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,91 Gb Total Physical Memory | 3,92 Gb Available Physical Memory | 66,32% Memory free 11,82 Gb Paging File | 9,35 Gb Available in Paging File | 79,10% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449,51 Gb Total Space | 212,68 Gb Free Space | 47,31% Space Free | Partition Type: NTFS Computer Name: JOHNSON-VAIO | User Name: johnson | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.11 16:17:10 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.21 19:35:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\johnson\Desktop\OTL.exe PRC - [2012.07.12 00:16:22 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\johnson\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.06.24 16:05:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2011.03.05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2011.02.24 22:02:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.24 22:02:27 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2011.02.15 11:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe PRC - [2011.01.29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2011.01.12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.01.12 18:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.11.27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 19:55:38 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll MOD - [2012.06.13 16:55:14 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.13 16:55:06 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.13 13:51:14 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll MOD - [2012.05.13 04:08:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.13 04:08:07 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.13 04:08:02 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.13 04:07:59 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.13 04:07:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.13 04:07:53 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.06.30 00:55:22 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.01.29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV - [2012.08.16 12:08:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.15 14:34:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2011.10.12 11:55:12 | 005,739,008 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.08.12 16:35:30 | 000,971,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2011.07.19 04:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService) SRV - [2011.06.24 16:05:46 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2011.02.24 22:02:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2011.02.24 22:02:27 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2011.02.21 12:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2011.02.21 12:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2011.02.18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2011.02.18 22:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2011.02.14 17:54:50 | 000,550,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2011.01.20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2011.01.12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.09 01:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.06.30 01:39:02 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.06.30 00:18:16 | 000,306,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.06.21 01:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.06.01 20:04:37 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.04.28 22:18:04 | 000,053,080 | ---- | M] (TASCAM) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tscusb2a.sys -- (TASCAM_US144_MK2_WDM) DRV:64bit: - [2011.04.28 22:18:04 | 000,053,080 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2a.sys -- (TASCAM_US122L_WDM) DRV:64bit: - [2011.04.28 22:18:04 | 000,031,576 | ---- | M] (TASCAM) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tscusb2m.sys -- (TASCAM_US144_MK2_MIDI) DRV:64bit: - [2011.04.28 22:18:04 | 000,031,576 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2m.sys -- (TASCAM_US122L_MIDI) DRV:64bit: - [2011.04.28 22:18:02 | 000,419,160 | ---- | M] (TASCAM) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tascusb2.sys -- (TASCAM_US122144) DRV:64bit: - [2011.04.01 10:15:27 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.07 22:58:44 | 000,102,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2011.03.07 04:30:45 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsnxc64.sys -- (risdsnpe) DRV:64bit: - [2011.03.04 11:21:46 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.03.04 11:01:05 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.02.24 22:02:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.12.10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.17 14:27:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64) DRV:64bit: - [2010.09.17 14:27:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synusb64.sys -- (SynasUSB) DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-267714115-4148949142-3198035650-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://t-online.de/ IE - HKU\S-1-5-21-267714115-4148949142-3198035650-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-267714115-4148949142-3198035650-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 48 D8 EB CE 4B CD 01 [binary data] IE - HKU\S-1-5-21-267714115-4148949142-3198035650-1000\..\SearchScopes,DefaultScope = {F324D28E-EF51-4B6A-A527-EF234906986F} IE - HKU\S-1-5-21-267714115-4148949142-3198035650-1000\..\SearchScopes\{5A093B01-56AE-4159-A6C2-093FE71A5977}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=b7ee380f-8e90-4e45-832a-d09ef629dd62&apn_sauid=87C4FBFF-F17E-4EB3-BFF5-5265F5FFF092 IE - HKU\S-1-5-21-267714115-4148949142-3198035650-1000\..\SearchScopes\{F324D28E-EF51-4B6A-A527-EF234906986F}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-267714115-4148949142-3198035650-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\johnson\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.16 12:08:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.04.16 10:25:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johnson\AppData\Roaming\mozilla\Extensions [2012.08.17 19:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johnson\AppData\Roaming\mozilla\Firefox\Profiles\ehlcsin3.default\extensions [2012.04.17 18:47:35 | 000,000,000 | ---D | M] (exfm) -- C:\Users\johnson\AppData\Roaming\mozilla\Firefox\Profiles\ehlcsin3.default\extensions\jid0-IsXX48jx4obwoZPnzG6RQB0pK9A@jetpack [2012.08.17 19:12:15 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\johnson\AppData\Roaming\mozilla\Firefox\Profiles\ehlcsin3.default\extensions\toolbar@ask.com [2012.08.17 19:12:15 | 000,002,344 | ---- | M] () -- C:\Users\johnson\AppData\Roaming\Mozilla\Firefox\Profiles\ehlcsin3.default\searchplugins\askcom.xml [2012.04.16 10:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.16 12:08:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.16 12:07:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.16 12:07:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.16 12:07:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.16 12:07:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.16 12:07:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.16 12:07:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.08.22 14:42:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-267714115-4148949142-3198035650-1000..\Run: [Facebook Update] C:\Users\johnson\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-267714115-4148949142-3198035650-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-267714115-4148949142-3198035650-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25C6BD73-08F0-4418-860C-2F800FE9CE44}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CFB0B2C-C6D7-4E90-9443-109D3B6D0272}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98595174-3099-450F-BFE0-3ADE07C6CF09}: DhcpNameServer = 195.34.133.21 212.186.211.21 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.22 15:18:27 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.08.22 15:16:09 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.08.22 12:46:50 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{0C6D7D1A-2C31-43B0-B1A6-168054BF2FF6} [2012.08.21 15:41:05 | 004,735,900 | R--- | C] (Swearware) -- C:\Users\johnson\Desktop\ComboFix.exe [2012.08.21 13:01:55 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{1F0C1881-CA69-485A-A214-7250534D9D42} [2012.08.21 01:46:32 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{A3BCFAD3-C1A7-4D3C-A418-109CF51ABDC6} [2012.08.20 23:23:52 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{53C3855C-5FDD-4B90-939B-B6A967D4896C} [2012.08.20 21:02:21 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{29F6C49E-2898-4E22-AB90-F77EE1557DEA} [2012.08.20 08:04:43 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{4B46A312-247D-48C5-A938-182686D278F4} [2012.08.20 08:04:04 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{17D8F3E2-752B-4EEF-898C-697E225B01CC} [2012.08.19 11:55:54 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{59ECAB0F-4459-46FC-BBDE-5D2436F540DA} [2012.08.19 03:25:26 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{20DEC55E-2ECB-4C63-B5CC-382526B08C67} [2012.08.18 14:28:18 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{91D5FC1F-A5FB-4847-AC50-289384BF7356} [2012.08.18 14:28:16 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{B3570F89-470F-4B86-8F90-1C274FBE39FE} [2012.08.17 19:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.08.17 09:35:31 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{13CBBFA9-B125-4E4D-94FE-39AB6495ABDF} [2012.08.17 09:35:15 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{83C6DABF-7145-4017-94A1-9570E9CF12B8} [2012.08.16 12:17:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.16 12:17:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.16 12:17:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.16 12:17:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.16 12:17:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.16 12:17:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.16 12:17:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.16 12:17:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.16 12:17:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.16 12:17:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.16 12:17:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.16 12:17:54 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.16 12:17:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.16 12:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.08.16 12:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.08.16 12:06:17 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{B2446EB0-9C41-4AC2-987D-34FAAE955017} [2012.08.16 12:06:15 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{0BF5BAAE-51CF-4E44-94CB-3A7D834EA48F} [2012.08.16 11:45:28 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{0B40B23F-03DC-46B2-B098-1DFFAB5C6522} [2012.08.16 11:43:39 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{538EA40A-B52B-41E1-9993-31FFA9E72AB5} [2012.08.15 13:02:06 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{10335D7F-0926-468E-BBA0-F057113EB65A} [2012.08.15 13:01:53 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{3A7563AE-F5CF-49FF-BE45-08D6B9E0FD32} [2012.08.15 08:53:34 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.15 08:53:33 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.15 08:53:33 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.15 08:53:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.15 08:53:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 08:53:32 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 08:53:32 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 08:53:31 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.15 01:01:32 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{EE88C69D-4CD0-46C7-8A2C-A9D0D05D06B9} [2012.08.15 01:01:19 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{281AD3CD-FC67-4634-8CFC-929C21477B33} [2012.08.14 12:26:29 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{E9E1BAF0-C3C7-4B2F-BB76-A505AEF8D6AB} [2012.08.14 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{1BB6C11B-DC13-4FBA-A21A-7F30F5E8C6B9} [2012.08.13 21:20:35 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{99C3BD20-AFE2-4D88-8982-2090259ECA0A} [2012.08.13 21:20:21 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{0C3C11F5-F447-494B-9E5B-C467C16744C5} [2012.08.13 08:17:34 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{079A8202-240C-46A8-8F2F-9AE29C033FE1} [2012.08.13 08:17:21 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{E7243CB7-6912-427B-8553-143CA7C62C0F} [2012.08.12 12:19:34 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{C09A877E-03EE-4004-BA85-D3EA1EC66596} [2012.08.12 12:19:21 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{C242063D-3EE0-4224-BA40-59264978DB6F} [2012.08.11 16:13:56 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{062B79C7-BF86-4BDE-BE56-906C61915162} [2012.08.11 16:13:34 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{6F4A2424-0AF9-479B-885B-B89D884A36F2} [2012.07.31 01:35:44 | 000,000,000 | R--D | C] -- C:\Users\johnson\Documents\Scanned Documents [2012.07.31 01:35:43 | 000,000,000 | ---D | C] -- C:\Users\johnson\Documents\Fax [2012.07.30 23:46:27 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{1D0EAA48-C1E4-4353-A3D9-0EF62AB3881E} [2012.07.30 23:46:17 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{34FD1C93-9602-417F-9C3E-1336B7F52D3F} [2012.07.30 13:46:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.07.30 13:46:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.07.30 13:46:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.07.30 13:46:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.07.30 13:46:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.07.30 10:56:28 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{8EA15144-CF9F-44D3-8A8E-FFF44603D728} [2012.07.30 10:56:23 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{A1C4D743-B178-43DB-B90F-3ADF46B5DB9C} [2012.07.29 16:31:31 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{3CE34A7C-DFBD-4F66-A9C9-7C1217057EA8} [2012.07.29 16:31:17 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{64A8A437-B9B2-4EC9-AD83-95330022B1B7} [2012.07.28 21:35:56 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{7F8DD765-7114-4B7C-AAB2-417D6D5B844E} [2012.07.28 21:35:52 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{B93E1C0B-97A3-4671-ACE0-87A193E4D969} [2012.07.27 22:34:01 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{F16F113C-B10D-4E95-AD5A-B0DC30C854AB} [2012.07.27 22:34:00 | 000,000,000 | ---D | C] -- C:\Users\johnson\AppData\Local\{71E4722E-295D-456A-A844-C0F745B0A15E} [2012.07.24 08:51:38 | 000,694,833 | ---- | C] (Farbar) -- C:\Users\johnson\Desktop\FSS.exe ========== Files - Modified Within 30 Days ========== [2012.08.22 15:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.22 15:29:42 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.22 15:29:42 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.22 15:29:08 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.22 15:26:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.22 15:22:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.22 15:22:02 | 466,984,959 | -HS- | M] () -- C:\hiberfil.sys [2012.08.22 15:21:06 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-267714115-4148949142-3198035650-1000UA.job [2012.08.22 14:42:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.08.22 14:35:09 | 004,735,900 | R--- | M] (Swearware) -- C:\Users\johnson\Desktop\ComboFix.exe [2012.08.22 02:17:46 | 000,030,389 | ---- | M] () -- C:\Users\johnson\Desktop\A-ha_-_Headlines_And_Deadlines_-_The_Hits_Of_a-ha.jpg [2012.08.22 00:39:16 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-267714115-4148949142-3198035650-1000Core.job [2012.08.21 20:22:44 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.21 20:22:44 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.21 20:22:44 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.21 20:22:44 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.21 20:22:44 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.21 20:13:19 | 000,391,358 | ---- | M] () -- C:\test.xml [2012.08.20 08:16:52 | 000,165,376 | ---- | M] () -- C:\Users\johnson\Desktop\SystemLook_x64.exe [2012.08.17 19:12:18 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.08.17 11:12:44 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.16 13:41:49 | 005,014,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.15 14:34:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.15 14:34:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.15 01:06:36 | 002,346,199 | ---- | M] () -- C:\Users\johnson\Desktop\Bild 209.jpg [2012.08.14 16:50:58 | 000,711,999 | ---- | M] () -- C:\Users\johnson\Desktop\noten.jpg [2012.07.30 00:09:22 | 000,735,037 | ---- | M] () -- C:\Users\johnson\Desktop\1.jpg [2012.07.29 22:42:20 | 002,673,858 | ---- | M] () -- C:\Users\johnson\Desktop\berlin festival vorbericht 2012 unipress.pdf [2012.07.27 17:59:39 | 000,105,581 | ---- | M] () -- C:\Users\johnson\Desktop\F73.pdf [2012.07.26 14:19:08 | 000,437,483 | ---- | M] () -- C:\Users\johnson\Desktop\FLT_PDCDEG30388_0.pdf [2012.07.24 08:51:54 | 000,694,833 | ---- | M] (Farbar) -- C:\Users\johnson\Desktop\FSS.exe ========== Files Created - No Company Name ========== [2012.08.22 02:18:04 | 000,030,389 | ---- | C] () -- C:\Users\johnson\Desktop\A-ha_-_Headlines_And_Deadlines_-_The_Hits_Of_a-ha.jpg [2012.08.20 08:16:47 | 000,165,376 | ---- | C] () -- C:\Users\johnson\Desktop\SystemLook_x64.exe [2012.08.15 01:06:36 | 002,346,199 | ---- | C] () -- C:\Users\johnson\Desktop\Bild 209.jpg [2012.08.14 16:50:55 | 000,711,999 | ---- | C] () -- C:\Users\johnson\Desktop\noten.jpg [2012.07.30 13:46:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.07.30 13:46:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.07.30 13:46:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.07.30 13:46:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.07.30 13:46:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.07.30 00:09:19 | 000,735,037 | ---- | C] () -- C:\Users\johnson\Desktop\1.jpg [2012.07.29 22:42:18 | 002,673,858 | ---- | C] () -- C:\Users\johnson\Desktop\berlin festival vorbericht 2012 unipress.pdf [2012.07.27 17:59:39 | 000,105,581 | ---- | C] () -- C:\Users\johnson\Desktop\F73.pdf [2012.07.26 14:19:08 | 000,437,483 | ---- | C] () -- C:\Users\johnson\Desktop\FLT_PDCDEG30388_0.pdf [2012.05.14 16:15:21 | 249,810,944 | ---- | C] () -- C:\Users\johnson\20120514_Arte+7-Tracks.mp4 [2012.02.23 21:42:06 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg [2012.02.08 18:23:40 | 000,000,132 | ---- | C] () -- C:\Users\johnson\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.12.01 20:03:21 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.12.01 20:03:21 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.12.01 20:03:21 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.12.01 20:03:21 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat [2011.12.01 20:03:21 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat [2011.12.01 20:03:21 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.11.29 20:33:39 | 000,000,000 | ---- | C] () -- C:\Users\johnson\settings.php [2011.11.15 18:40:04 | 000,004,608 | ---- | C] () -- C:\Users\johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.30 17:26:49 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys [2011.10.30 17:25:43 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe [2011.09.19 00:55:49 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll [2011.09.13 14:19:41 | 000,000,870 | ---- | C] () -- C:\Users\johnson\RPSTD2010.lic [2011.09.13 14:19:35 | 000,000,019 | ---- | C] () -- C:\Users\johnson\rp.ini [2011.08.02 03:48:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.02 03:46:52 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.06.30 09:01:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.04.14 05:56:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.04.14 05:56:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.03.04 12:00:37 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.02.11 01:03:27 | 001,592,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2012.04.06 23:28:49 | 000,000,000 | ---D | M] -- C:\Users\johnson\AppData\Roaming\Amazon [2011.11.02 23:54:43 | 000,000,000 | ---D | M] -- C:\Users\johnson\AppData\Roaming\Audacity [2011.08.23 16:57:16 | 000,000,000 | ---D | M] -- C:\Users\johnson\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.08.23 17:14:46 | 000,000,000 | ---D | M] -- C:\Users\johnson\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.07.10 12:42:53 | 000,000,000 | ---D | M] -- C:\Users\johnson\AppData\Roaming\elsterformular [2012.07.18 23:34:48 | 000,000,000 | ---D | M] -- C:\Users\johnson\AppData\Roaming\FileZilla [2012.02.13 23:32:09 | 000,000,000 | ---D | M] -- C:\Users\johnson\AppData\Roaming\Opera [2011.08.23 16:59:16 | 000,000,000 | ---D | M] -- C:\Users\johnson\AppData\Roaming\PACE Anti-Piracy [2011.09.02 14:44:22 | 000,000,000 | ---D | M] -- C:\Users\johnson\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1 [2011.11.15 20:43:37 | 000,000,000 | ---D | M] -- C:\Users\johnson\AppData\Roaming\Simfy [2012.05.12 11:30:27 | 000,000,000 | ---D | M] -- C:\Users\johnson\AppData\Roaming\SoftGrid Client [2011.08.23 17:03:00 | 000,000,000 | ---D | M] -- C:\Users\johnson\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.04.28 22:46:21 | 000,000,000 | ---D | M] -- C:\Users\johnson\AppData\Roaming\Steinberg [2011.08.17 20:51:07 | 000,000,000 | ---D | M] -- C:\Users\johnson\AppData\Roaming\TP [2011.08.24 20:35:03 | 000,000,000 | ---D | M] -- C:\Users\johnson\AppData\Roaming\Windows Live Writer [2012.08.22 00:39:16 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-267714115-4148949142-3198035650-1000Core.job [2012.08.22 15:21:06 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-267714115-4148949142-3198035650-1000UA.job [2012.06.25 21:12:40 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >Code:OTL Extras logfile created on: 22.08.2012 15:37:37 - Run 8 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\johnson\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,91 Gb Total Physical Memory | 3,92 Gb Available Physical Memory | 66,32% Memory free 11,82 Gb Paging File | 9,35 Gb Available in Paging File | 79,10% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449,51 Gb Total Space | 212,68 Gb Free Space | 47,31% Space Free | Partition Type: NTFS Computer Name: JOHNSON-VAIO | User Name: johnson | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-267714115-4148949142-3198035650-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.) "C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{005E0D14-4DE7-4CA0-BD82-1B76894CD8FE}" = lport=445 | protocol=6 | dir=in | app=system | "{09C97482-589C-4545-BFD1-51D9D856E13A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2529266D-72EB-4395-A550-19C06093B33B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{37F91E5F-95FF-40FD-B4CE-760EFFAD78D2}" = lport=139 | protocol=6 | dir=in | app=system | "{3958CEFE-7237-47F4-B4F1-7890F740EC47}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3CFFDF9D-5D2E-4D31-BAD8-FD21FB6272A4}" = lport=53 | protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\dcdhcpservice.exe | "{44BFA49C-CA1E-4D19-A70E-B6180BD153FE}" = rport=139 | protocol=6 | dir=out | app=system | "{542340F5-0C72-4BF7-9338-1427EA64CEEE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{58AADA3C-04C6-4D16-A5EE-31C25B1D2C1B}" = lport=10243 | protocol=6 | dir=in | app=system | "{617B35D0-901C-4CB8-AF3D-D8B242EA9DF2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{63B6B14B-5FB5-47BC-9114-19314142A513}" = rport=10243 | protocol=6 | dir=out | app=system | "{753B9BD4-942F-491A-8782-35D7D8748F15}" = rport=137 | protocol=17 | dir=out | app=system | "{775444A3-D326-41C7-8891-E2300BB9742F}" = lport=138 | protocol=17 | dir=in | app=system | "{87AE913A-2811-41AF-8C47-DBBFC2E76750}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9447932C-D9FD-4001-8E21-3D8559132DC3}" = rport=445 | protocol=6 | dir=out | app=system | "{9ACAC6B4-948A-4844-B4CC-C084250E5281}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{A0526C45-5E2C-424F-866D-72EB379C814F}" = rport=138 | protocol=17 | dir=out | app=system | "{A1A6B724-45F9-4605-A4B5-9B6CBBAF4FE4}" = lport=2869 | protocol=6 | dir=in | app=system | "{B45303C0-3686-4F64-BD37-BCC8313601AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B6AFB230-8F0C-4E37-942A-0912864615E1}" = lport=137 | protocol=17 | dir=in | app=system | "{CE2539CB-45DB-4DB0-8BB0-3A16FB566BB0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D09879C1-A97C-4E14-BEA1-49FF557A9D46}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{DE4A00CA-F393-4350-BC4C-8B9F41B0B357}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ECCE8FEB-249B-464D-A253-0087F71A7572}" = lport=80 | protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | "{EE6A682E-024C-48A0-AA62-DF955C4AFCBA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{F5E93A66-4D2F-42AA-9ADF-202330A07D62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04459CB0-0849-467C-BF99-BB077FC54451}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0467420C-785A-49A8-AA75-2EA8DD536B9E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{09694D2C-A756-4DF8-9D57-44444224EFCB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{1B2D4B4F-F16F-4E41-A50C-6B3CE8A91454}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{1DEB75FC-E687-4E01-AD14-C0B0A0A478B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{20C06557-895D-4DE4-8AE5-D145A872504C}" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\vaiocaremain.exe | "{21FD61D2-AA11-48A7-92A9-D5635F7B549B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{34348642-960F-4C60-B03E-2FC0E0CE1937}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{39F2C65F-18E4-4D99-B66D-40BA8E39BE6E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3ACCEA14-F39C-4AD5-840E-23DAD512CB08}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3B4A0150-F306-4E8D-AFDC-E4E80CF67E45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3F74C8C4-B066-4012-B0FB-F634BC794440}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{478542F5-830C-4383-9BF1-EF835D6D0B0F}" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\vcagent.exe | "{48A2444E-CA89-42DB-9E0F-71A7344440A3}" = protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | "{4CEC4170-E357-4701-9567-7355C40BFBD0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{618BB428-A0AA-4D52-A0E0-9AD53B69A758}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6673085D-34F7-4AEC-AC1C-1C757ABC508E}" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\selfhealupdate.exe | "{75E32783-47C5-482C-970C-4E2528BAEA2C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{765AECAF-0DE5-4FF1-AC33-F4EA7A09C4FC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7D47CC66-DACF-441D-AF90-072AC7972173}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7E4D2063-6C8C-4A0F-99DD-8528BEF318A4}" = protocol=6 | dir=out | app=system | "{8C153943-9773-4816-8015-56E5B2A46A6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{917A2C1E-A1A1-4BC2-ABF3-90C5C96193DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9878F3E3-7617-41C5-BE32-FC80B2FF4E26}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{AC5AC483-A82D-44B7-A7EF-55708D5703B5}" = dir=in | app=c:\users\johnson\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{B7F34484-339B-40D4-9B48-179FEDE3239D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B831E601-5214-4C78-B15D-FB821128B1B5}" = protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | "{BE506C83-EE7B-402A-91EA-53DA3B60C546}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{C8026FA6-0B67-4F5D-B913-0F54A19C6125}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CC537B02-3C42-4B73-A5A6-10F332F682CE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DABDD5C3-7B7E-4309-8258-E13459A717FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E3608CD7-AF44-4A7A-BD64-534CAF16A019}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E371D9C4-F1AC-4F88-A7F1-6C8DE16561A8}" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\selfhealupdate.exe | "{E8E0F3A1-38BC-4794-93CD-691C248E5973}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{EE2BE5D1-EE0E-43E9-9E70-5C1D7A18E1DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EED79640-8A50-42B3-AB7D-4BB3D2E77DC5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EFA1B8B1-1E21-49D8-A4AD-FDE68ABB04DC}" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\vaiocaremain.exe | "{F5611982-67EE-4EDD-97A4-80C877DB1E96}" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\vcagent.exe | "{FD763E0C-6CB1-4EFB-A3DC-FCD3E166B0B9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{2275DDE5-B080-44E4-A1E8-B1B6E2DAEFD6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{4E3DE563-490D-43A6-B917-912E7CA8FC52}C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 6\components\vstbridgeapp.exe | "TCP Query User{BBFACB2D-0B0D-4F1E-994B-78E6F6D243B3}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{E9BF2797-4761-4ADC-88B9-EF6F8A936372}C:\program files\steinberg\cubase 6\cubase6.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 6\cubase6.exe | "UDP Query User{1A4C0E8E-EBEA-4415-9C27-DEE92BD2F35C}C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 6\components\vstbridgeapp.exe | "UDP Query User{8009E7EC-49DF-412A-9BB9-600AAA4D5C38}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{B0071AF3-544C-489D-82E3-593DEA10D342}C:\program files\steinberg\cubase 6\cubase6.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 6\cubase6.exe | "UDP Query User{C9F59DF0-7C96-4947-BA56-8908CE529578}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery "{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64 "{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit) "{2844B862-1B06-445A-8699-735617D857A8}" = Magic Bullet QuickLooks Limited "{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64 "{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation "{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2 "{B99C316B-C135-43B5-8E77-2BC5E241F964}" = Steinberg HALion Sonic SE 64bit "{BF3C5FE1-FD86-A14D-8EC2-6488D646515E}" = ATI Catalyst Install Manager "{C6651CD0-4892-4465-96AC-C9864A695FF9}" = Steinberg Cubase 6 64bit "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}" = VPMx64 "{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64 "{EF0D9E83-0978-DE76-42CC-5B85223FECA1}" = ccc-utility64 "{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64 "{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9 "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{027D81A3-C4C4-47CD-4C68-94DBCEA166F1}" = CCC Help Greek "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{046885A1-B4AE-4459-A0D1-8C93706698D6}" = "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3 "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08D7BC86-7358-464C-8AD0-0D84B5F0A0C9}" = Remote Keyboard "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{15CDC9CF-D347-1F6D-2EDB-D0F41B136758}" = PX Profile Update "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1B0545C4-620F-4661-A369-C4D113F24932}" = Windows Live Writer Resources "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect "{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = PMB VAIO Edition Plug-in "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack "{2303F9E7-6293-4A85-BC21-CA226FAD5CE4}" = Windows Live Mail "{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}" = Основи Windows Live "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{3146D75D-ABF3-404F-41AC-D3F71C8F57F0}" = CCC Help Czech "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement "{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{40D0BF3D-51B3-B375-03B8-3E6077F07500}" = Catalyst Control Center Localization All "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01 "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials "{4AA6294E-4EF6-F97E-BB64-6B01509F19B7}" = CCC Help French "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti "{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{520EA81D-67E8-7685-8827-1C6AE94FD29D}" = Catalyst Control Center Profiles Mobile "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01 "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen "{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}" = Remote Play with PlayStation 3 "{5FFE0D6C-333E-E5FD-CC11-08B868AA6B6B}" = CCC Help Finnish "{602835D0-9152-2CD4-036D-195E10882A3B}" = CCC Help Portuguese "{61313BAF-5054-6F87-74AE-F2261F3F22B8}" = PX Profile Update "{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86 "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0 "{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}" = Елемент керування Windows Live Mesh ActiveX для віддалених підключень "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6874282F-37D6-4829-8B6F-D2D4FD818AA5}" = Catalyst Control Center - Branding "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6AC57EEF-2733-4DE6-81BB-E78ACB964C22}" = Windows Live Photo Common "{6C1924D1-C8FA-6FC6-B336-6525B8CC1FB9}" = Catalyst Control Center InstallProxy "{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources "{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur "{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{7501466B-08D4-8BA7-923B-07081D2502B8}" = CCC Help Thai "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79010D2C-F736-DC24-7C81-6D05E4BC1615}" = CCC Help Norwegian "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = "{81B109ED-6ECA-49FF-9238-8E31FA5DB1A9}_is1" = RescuePRO 3.5 "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = "{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}" = Steinberg LoopMash Content 2 "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{8A3F4A11-5617-CDB8-2881-D9259C4FF0AC}" = CCC Help Swedish "{8A870B3A-F417-A62F-3E66-A7BB834D73D9}" = CCC Help English "{8CBA7E47-48DA-47DC-8E98-6984BA830295}" = Steinberg VST Amp Rack Content 01 "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E298C44-5129-9C0D-45C5-0D45C76683E7}" = CCC Help Korean "{8EA8B699-999D-3D4F-F27D-E0A42812999D}" = CCC Help Turkish "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_SMALLBUSINESSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_SMALLBUSINESSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007 "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91989CE7-EE83-4A53-8E06-D97887928119}" = VAIO Care "{92280FD3-A119-41E6-A740-A62DBA4DFB53}" = Windows Live UX Platform Language Pack "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{958B4A34-B318-64E9-8F84-7C9C5C603143}" = CCC Help Japanese "{985212B0-C225-3F12-E2B3-120E135F02BE}" = CCC Help Spanish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{9FFD310D-FF84-45B1-7890-5408F68D5CCC}" = CCC Help Italian "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help "{A3C76DBA-0552-2B25-460C-443500703A91}" = Catalyst Control Center Graphics Previews Common "{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86 "{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}" = Steinberg HALion Sonic SE Content "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2575E95-5BA5-238F-8A6B-FB52BAC1CA04}" = CCC Help Chinese Standard "{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default "{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86 "{B9CBED84-5041-0817-4C72-C38D473C344B}" = CCC Help Chinese Traditional "{BB4DF1E8-5734-28CD-6DD1-B5CED1CCFAB9}" = CCC Help Polish "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content "{C14EAE86-C526-4E00-B245-CFF86233C3D2}" = VAIO 3D Portal "{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch "{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics "{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4 "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C8646AD5-4396-D48C-BF6D-5D0B992EEBAC}" = CCC Help Danish "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery "{C9B93384-B53D-1BBC-2A5B-F83D86DACE13}" = CCC Help Hungarian "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail "{D38DA998-7DAC-1915-88F1-233AF88E5F08}" = CCC Help Dutch "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4E7BB46-310E-4A21-B261-052A5997EA2F}" = V3DPX86 "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF5F58CF-767E-69AB-1B9A-A846EAFADFDD}" = CCC Help Russian "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3E41C2A-3A29-476D-9685-3F8055AF696A}" = Adobe Creative Suite 5.5 Production Premium "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = "{FB788CBC-A069-55BC-EF8D-FE9F4AA06FFF}" = CCC Help German "{FDC98E0C-DE7C-6AFA-86D7-4DB8F22B6E4C}" = Catalyst Control Center "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9 "ASIO4ALL" = ASIO4ALL "Avira AntiVir Desktop" = Avira Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story "eLicenser Control" = eLicenser Control "ElsterFormular 13.2.0.8623p" = ElsterFormular "experience-sony-bundle" = TriDef 3D (Sony) 1.1.3 "FileZilla Client" = FileZilla Client 3.5.3 "Git_is1" = Git version 1.7.9-preview20120201 "Heroku_is1" = Heroku version 2.28.15 "InstallShield_{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = VAIO - PMB VAIO Edition Plug-in "InstallShield_{2844B862-1B06-445A-8699-735617D857A8}" = Magic Bullet QuickLooks Limited "InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0 "InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Native Instruments Controller Editor" = Native Instruments Controller Editor "Native Instruments Service Center" = Native Instruments Service Center "Native Instruments Traktor 2" = Native Instruments Traktor 2 "Numark Cue (Atomix Productions)" = Numark Cue (Atomix Productions) "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Opera 12.01.1532" = Opera 12.01 "PremElem90" = Adobe Premiere Elements 9 "SMALLBUSINESSR" = Microsoft Office Small Business 2007 "splashtop" = VAIO Quick Web Access "VAIO C Series - Summer 2011 Screensaver" = VAIO C Series - Summer 2011 Screensaver "VAIO Help and Support" = "Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions "VLC media player" = VLC media player 1.1.11 "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-267714115-4148949142-3198035650-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{BD5F3A9C-22D5-4C1D-AEA0-ED1BE83A1E67}_is1" = Ruby 1.9.2-p290 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20.03.2012 14:40:14 | Computer Name = johnson-VAIO | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 20.03.2012 14:40:14 | Computer Name = johnson-VAIO | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 20.03.2012 14:40:14 | Computer Name = johnson-VAIO | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 20.03.2012 14:40:14 | Computer Name = johnson-VAIO | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 20.03.2012 14:40:14 | Computer Name = johnson-VAIO | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 20.03.2012 14:40:14 | Computer Name = johnson-VAIO | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 20.03.2012 14:40:14 | Computer Name = johnson-VAIO | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 20.03.2012 14:40:14 | Computer Name = johnson-VAIO | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 20.03.2012 14:40:14 | Computer Name = johnson-VAIO | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 20.03.2012 14:40:14 | Computer Name = johnson-VAIO | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 20.03.2012 14:40:14 | Computer Name = johnson-VAIO | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC [ System Events ] Error - 22.08.2012 08:42:25 | Computer Name = johnson-VAIO | Source = DCOM | ID = 10010 Description = Error - 22.08.2012 08:42:24 | Computer Name = johnson-VAIO | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 22.08.2012 08:43:06 | Computer Name = johnson-VAIO | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 22.08.2012 08:43:21 | Computer Name = johnson-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht. Error - 22.08.2012 08:43:21 | Computer Name = johnson-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 22.08.2012 08:43:22 | Computer Name = johnson-VAIO | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: %%126 Error - 22.08.2012 09:21:08 | Computer Name = johnson-VAIO | Source = DCOM | ID = 10010 Description = Error - 22.08.2012 09:22:14 | Computer Name = johnson-VAIO | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 22.08.2012 09:22:15 | Computer Name = johnson-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht. Error - 22.08.2012 09:22:15 | Computer Name = johnson-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report >
Geändert von johnson1 (22.08.2012 um 14:52 Uhr)
Hallo johnson1,
scheint hiermit zusammenzuhängen:
Error - 22.08.2012 08:42:24 | Computer Name = johnson-VAIO | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
http://www.wintotal.de/tipparchiv/?id=1770
Rufe mal den Dienst auf über Start => ausführen => services.msc eintragen.
Es öffnet sich das Fenster der Dienste.
Suche den Dienst PEVSystemstart und mache einen Doppelklick darauf
Button "Anmelden" anklicken und schauen, ob bei bei Lokales Systemkonto vor
Datenaustausch zwischen Dienst und Desktop zulassen ein Haken gesetzt ist.
[°¿°] Ciao, Petra
Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke
kann den dienst nicht finden, auch nicht unter systemstart
Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)
Berechtigungen
