Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.12.2011, 10:36   #1
Crack1985
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung



Hallo liebe Forenuser,
meine Freundin hat sich gestern den Trojaner eingefangen, von dem hier in den letzten Tagen schon mehrfach berichtet worden ist.
Nach dem Hochfahren des Laptops wird der Bildschirm rot oder schwarz, sobald eine Internetverbindung besteht, und ein Fenster mit einer Zahlungsaufforderung erscheint. Nichts geht mehr.

Ich habe mir hier schon einige Beiträge durchgelesen und im abgesicherten Modus einen OTL-Scan auf ihrem Laptop durchgeführt. Da hier ja stets eine individuelle Lösung notwendig ist, poste ich mal die Logfiles und bedanke mich schonmal im Voraus für die Hilfe.

OTL.txt:
Zitat:
OTL logfile created on: 05.12.2011 10:15:39 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\YVETTE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,97 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 80,65% Memory free
6,13 Gb Paging File | 5,77 Gb Available in Paging File | 94,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,22 Gb Total Space | 206,23 Gb Free Space | 71,55% Space Free | Partition Type: NTFS

Computer Name: YVETTE-PC | User Name: YVETTE | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\YVETTE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (McAfee SiteAdvisor Service) -- File not found
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (accvssvc) -- C:\Programme\Common Files\AccSys\accvssvc.exe (AccSys GmbH)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ig [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.05 09:08:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.05 09:08:39 | 000,000,000 | ---D | M]

[2010.05.07 15:23:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Extensions
[2011.12.05 09:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions
[2010.05.07 15:25:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.05 09:05:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.12.05 08:56:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.13 15:46:55 | 000,000,000 | ---D | M] (vShare) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\vshare@toolbar
[2010.11.13 15:47:26 | 000,001,583 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Mozilla\Firefox\Profiles\oqjvbyxp.default\searchplugins\web-search.xml
[2011.12.05 09:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{17D45C31-85D3-11DE-8282-806E6F6E6963}] C:\Users\YVETTE\AppData\Roaming\Microsoft\svhcost.exe (Mozilla Foundation)
O4 - HKCU..\Run: [DSLCoMan] C:\Program Files\DSL Connection Manager\DSLCoMan.exe (AccSys GmbH)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\YVETTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\YVETTE\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00EE1B83-C4F3-44A3-8E60-1E3C011B58BE}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1EC8ABF-FA11-4324-8D15-4E7AA4EAC517}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFB88951-945D-4CFC-B9DA-725BBC986932}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\YVETTE\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\YVETTE\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6cbc72e4-9fba-11de-88bf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6cbc72e4-9fba-11de-88bf-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{7b396e0c-85e4-11de-9d79-001dbaf1d643}\Shell - "" = AutoRun
O33 - MountPoints2\{7b396e0c-85e4-11de-9d79-001dbaf1d643}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7b396e25-85e4-11de-9d79-001dbaf1d643}\Shell - "" = AutoRun
O33 - MountPoints2\{7b396e25-85e4-11de-9d79-001dbaf1d643}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011.12.05 09:27:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\YVETTE\Desktop\OTL.exe
[2011.12.05 09:27:32 | 000,000,000 | ---D | C] -- C:\Users\YVETTE\AppData\Roaming\Malwarebytes
[2011.12.05 09:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.05 09:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.05 09:27:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.05 09:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.05 09:20:10 | 000,000,000 | ---D | C] -- C:\Users\YVETTE\AppData\Local\Secunia PSI
[2011.12.05 09:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011.12.05 09:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.05 09:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.27 20:52:45 | 000,000,000 | ---D | C] -- C:\Users\YVETTE\AppData\Roaming\pdfforge
[2011.11.27 20:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011.11.27 20:52:40 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2011.11.27 20:52:38 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2011.11.27 20:52:38 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2011.11.27 20:52:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2011.11.27 20:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[1 C:\Users\YVETTE\Documents\*.tmp files -> C:\Users\YVETTE\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.05 10:14:50 | 000,302,592 | ---- | M] () -- C:\Users\YVETTE\Desktop\5jgx7ejf.exe
[2011.12.05 09:28:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\YVETTE\Desktop\OTL.exe
[2011.12.05 09:20:04 | 000,000,899 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011.12.05 09:08:40 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.05 08:52:38 | 000,001,356 | ---- | M] () -- C:\Users\YVETTE\AppData\Local\d3d9caps.dat
[2011.12.05 08:51:29 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.05 08:51:29 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.05 08:51:29 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.05 08:51:29 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.05 08:47:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.04 23:20:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 23:20:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 23:20:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.04 23:14:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.04 23:11:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.04 23:02:15 | 000,422,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.27 22:25:36 | 000,057,344 | ---- | M] () -- C:\Users\YVETTE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.27 20:53:59 | 000,092,834 | ---- | M] () -- C:\Users\YVETTE\Documents\Zensus Übertragungsbestätigung.pdf
[2011.11.12 13:03:21 | 258,128,849 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Users\YVETTE\Documents\*.tmp files -> C:\Users\YVETTE\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.05 10:14:50 | 000,302,592 | ---- | C] () -- C:\Users\YVETTE\Desktop\5jgx7ejf.exe
[2011.12.05 09:20:04 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011.12.05 09:20:04 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011.12.05 09:08:40 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.11.27 20:53:58 | 000,092,834 | ---- | C] () -- C:\Users\YVETTE\Documents\Zensus Übertragungsbestätigung.pdf
[2011.11.27 20:52:40 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.11.20 15:38:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.12.08 14:45:52 | 000,001,356 | ---- | C] () -- C:\Users\YVETTE\AppData\Local\d3d9caps.dat
[2009.10.26 21:12:24 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.10.22 20:18:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.22 20:18:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.14 16:32:22 | 000,000,906 | ---- | C] () -- C:\Users\YVETTE\AppData\Roaming\wklnhst.dat
[2009.08.11 20:45:40 | 000,057,344 | ---- | C] () -- C:\Users\YVETTE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.22 13:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.05.14 22:22:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009.03.05 18:22:23 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.03.05 18:22:19 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.03.05 18:22:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.03.05 18:22:18 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009.03.05 10:27:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.03.05 09:48:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.29 17:13:34 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.01.21 08:15:58 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,422,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009.08.23 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\COWON
[2010.04.05 14:35:29 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\DAEMON Tools Lite
[2011.12.04 23:04:26 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Dropbox
[2011.05.18 21:37:06 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\HTC
[2011.05.18 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.09.18 10:05:23 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\ICQ
[2010.12.02 00:57:02 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\InterVideo
[2009.11.01 15:47:01 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\OpenOffice.org
[2011.11.27 20:52:45 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\pdfforge
[2009.11.01 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Template
[2009.09.13 19:21:02 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent
[2011.12.04 23:20:54 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2009.08.10 19:49:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.09.14 17:31:57 | 000,000,000 | ---D | M] -- C:\44693cdface0fef6a69ba64bab
[2009.08.15 15:39:04 | 000,000,000 | ---D | M] -- C:\backup
[2010.10.24 16:36:23 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.10.25 13:09:34 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.05.22 13:40:51 | 000,000,000 | ---D | M] -- C:\Documentation
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.08.10 19:42:25 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.05.22 13:13:41 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.05 09:27:24 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.05 09:27:27 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.08.10 19:42:26 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.03 10:48:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.08.23 11:54:57 | 000,000,000 | ---D | M] -- C:\temp
[2011.10.08 17:38:53 | 000,000,000 | ---D | M] -- C:\Update
[2009.08.10 19:45:50 | 000,000,000 | R--D | M] -- C:\Users
[2009.08.11 21:40:37 | 000,000,000 | ---D | M] -- C:\VAIO Entertainment
[2011.12.04 16:34:18 | 000,000,000 | ---D | M] -- C:\Windows
[2009.05.22 13:40:51 | 000,000,000 | ---D | M] -- C:\_FS_SWRINFO

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: AFD.SYS >
[2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008.01.21 03:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-29 15:20:42

< >

< End of report >
Extras.txt:
Zitat:
OTL Extras logfile created on: 05.12.2011 10:15:39 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\YVETTE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,97 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 80,65% Memory free
6,13 Gb Paging File | 5,77 Gb Available in Paging File | 94,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,22 Gb Total Space | 206,23 Gb Free Space | 71,55% Space Free | Partition Type: NTFS

Computer Name: YVETTE-PC | User Name: YVETTE | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17169454-C120-4915-B59B-4872A34B07CA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{18A1292E-F437-4E62-9049-8C3D996BE733}" = rport=138 | protocol=17 | dir=out | app=system |
"{21DDB4BC-8525-4E4F-8B00-E6EDEB5A9808}" = lport=138 | protocol=17 | dir=in | app=system |
"{2F808C4B-25BA-4911-8EA1-E55A0BA8ECB0}" = lport=137 | protocol=17 | dir=in | app=system |
"{3FC645D7-B732-4F15-8848-8D5C1633766B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{43A19E0C-CDB1-4E75-8D33-6D3B878582CE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E55EA63-AA00-41CF-ACED-A6773E21E882}" = lport=2869 | protocol=6 | dir=in | app=system |
"{53B5509B-2A87-485B-B511-947076AB779B}" = rport=137 | protocol=17 | dir=out | app=system |
"{67DEAC16-4549-43E0-8F25-793B3358967D}" = rport=445 | protocol=6 | dir=out | app=system |
"{B97809B1-7669-414B-9D6B-C80A9B7B492D}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7029A58-696C-4D50-BB18-E77417433016}" = rport=139 | protocol=6 | dir=out | app=system |
"{DBD1010F-757F-40AD-BF8B-8A8E08F82EDD}" = lport=139 | protocol=6 | dir=in | app=system |
"{F8883F04-55CB-4E4F-B9AC-7327F0DE831F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D4E9335-0F96-4D1E-AA7C-3244E91E26FA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{13B91863-960D-42CE-AA23-0381C90B1FA5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{345EB1EF-B09A-4FE3-BDB1-72EC4955F9EF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{443DFC6C-41CB-4014-864D-4EE5F1639590}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{526D3033-90E2-4F17-9552-B84E840E8F01}" = protocol=17 | dir=in | app=c:\users\yvette\appdata\roaming\dropbox\bin\dropbox.exe |
"{66FEA1FB-B711-4CFA-908D-16A73874B7FE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6A3A257B-68DC-4D08-B975-8D3412E206F1}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{6E41110F-4223-4AB9-9507-7FA03570778D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6F3C5AB4-DEA5-4033-82AA-E6ED728D09A2}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{7B1E3F7C-FCBC-43FC-9601-EC0C94C46B5B}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{850B515A-20C5-4650-B3C5-787DF738DCC5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E6164F2-C57A-48B5-9F60-07C488253E11}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{960B51AA-5940-4223-ADC2-8319CEEA77CF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9CFE75F7-691F-499E-8E58-8626710EC0B8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BF53F566-F090-41B8-A803-DFA0B3659E48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C49459A9-94C1-4158-A962-213098E98538}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C76298E4-C557-44D1-8853-AE726E69BA20}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CBAE0F15-F8C4-4406-9EBD-72403B3F1897}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D294C72D-0444-452C-8C49-6DD05089AA62}" = protocol=6 | dir=in | app=c:\users\yvette\appdata\roaming\dropbox\bin\dropbox.exe |
"{D51E99D1-0621-444B-AA89-458D5CCCC152}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBEE731B-2FE1-47FE-A4F0-A917EA4606D7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F63AB8A8-B77E-4D9D-805B-9821EAE23500}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FA485334-1E95-41C4-8902-F4A9C7B8CEC4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0819B21B-E958-438C-B06C-5A54C98833E9}" = DSL Connection Manager
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B9B76C9-4967-59FC-C994-191AEA152F04}" = ATI Catalyst Install Manager
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{202F2838-156B-FC76-013F-9241B9673F39}" = CCC Help Thai
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{325ED81A-EC15-7CE8-729B-0392A1DD3854}" = CCC Help Czech
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCA23DD-CEDA-CC7F-C74C-4D1EDAE919AA}" = Catalyst Control Center Graphics Full New
"{42DD2173-B7CA-8AB3-8AC2-40DFE2CA6FBC}" = CCC Help German
"{430DD2C5-65FD-9781-F9F2-693CAF05CD10}" = Catalyst Control Center InstallProxy
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{49B8916D-1DEA-F18A-731F-BF0FE209C63B}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EEAF8D8-CB79-06CA-A566-EAC1726DAABB}" = CCC Help Finnish
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{540DB82A-EE11-BBC1-8BD8-BB7D937A53A4}" = CCC Help Hungarian
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5882396B-9FB3-37AC-1AE1-5EA344BD7705}" = Catalyst Control Center Graphics Previews Vista
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BA149D9-D5FA-5AB3-400B-9F1BF424B7CE}" = CCC Help Chinese Traditional
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{642F96CC-1D3B-20DE-8673-44EE15B3DC2F}" = CCC Help Portuguese
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BD56B1C-71E3-411E-8B45-8A73EE81C42F}" = DSL Connection Manager
"{6D26ACF9-4919-0744-C509-28EAF53112D4}" = CCC Help Dutch
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71256374-2053-CF0F-BD54-20082980B95C}" = Catalyst Control Center Graphics Full Existing
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{737D8F4D-24D4-D626-DEC0-9E39A6166890}" = CCC Help Danish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{74B705C2-173A-FFD1-98BC-AD5FB647AB38}" = CCC Help Polish
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BDC03-2D22-BCAE-5CAC-84AFA799FBDE}" = CCC Help Turkish
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8572CE7D-46B0-70B3-96CD-534F07B35F5D}" = CCC Help Italian
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87544F2E-CCA5-01BC-AEBC-D8C1D759EE61}" = CCC Help English
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B38901-52C8-85A7-D6C8-9A5592C9FCAA}" = CCC Help Greek
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{923E3957-F939-453A-BD55-41CFB8D7F211}" = HTC Sync
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9648D00F-0589-619B-6114-BF2A0620168B}" = CCC Help Korean
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9805E4EE-9B66-CABD-AF6B-4B84F2A8EF46}" = Skins
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9AC34FA1-BCDE-1D09-5DB7-EB6A064FDEA9}" = CCC Help Spanish
"{9B973FC0-E71F-6F89-10D6-1BFD063D1707}" = CCC Help Swedish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A3979A05-6834-D0A7-75CD-71B5A9E5F4C0}" = Catalyst Control Center Localization All
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A6F21795-E629-35B2-9487-00A8363B28AA}" = Catalyst Control Center Graphics Light
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90100000001}" = Adobe Reader 9.0.1 - Deutsch
"{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"{B1991F22-4F93-4D11-9866-A7DFE551DF9E}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C0AD2831-3398-A078-CBEB-39A6B381BB56}" = CCC Help Japanese
"{C18A02EC-966B-E7A7-9AC9-082F770ABF9B}" = CCC Help Russian
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9C390CC-F9B9-EFE8-27DF-6EB7FF8F8760}" = CCC Help Norwegian
"{CD431A7B-88D8-0823-E66F-CCFAEA6DA7B4}" = ccc-core-static
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D17D6E7A-DF1E-41E9-B8C2-0078110221A3}" = VAIO Update Merge Module x86
"{D47E6B9C-F5A5-23B7-AB6A-3806AD4C9529}" = ccc-utility
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{D6DA6836-77C2-5338-10E3-D7A6CD65681D}" = Catalyst Control Center Core Implementation
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DA8F979E-43B9-3EEC-721C-F297D9509992}" = Catalyst Control Center Graphics Previews Common
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE0782BC-7AB0-CF6A-6E38-D3040462C7EC}" = CCC Help French
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"dt icon module" =
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"Verbindungsassistent" = Verbindungsassistent
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05.12.2011 03:47:30 | Computer Name = YVETTE-PC | Source = EventSystem | ID = 4609
Description =

Error - 05.12.2011 03:47:57 | Computer Name = YVETTE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.12.2011 03:47:57 | Computer Name = YVETTE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.12.2011 03:47:57 | Computer Name = YVETTE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.12.2011 03:47:57 | Computer Name = YVETTE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.12.2011 03:47:57 | Computer Name = YVETTE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.12.2011 03:47:58 | Computer Name = YVETTE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.12.2011 03:47:58 | Computer Name = YVETTE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.12.2011 03:48:30 | Computer Name = YVETTE-PC | Source = WinMgmt | ID = 10
Description =

Error - 05.12.2011 05:16:33 | Computer Name = YVETTE-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 13.04.2010 09:58:29 | Computer Name = YVETTE-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.

[ System Events ]
Error - 04.12.2011 18:11:05 | Computer Name = YVETTE-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker An OneNote 2007 senden nicht unter
dem Namen An OneNote 2007 senden freigeben. Fehler: 2114. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.

Error - 04.12.2011 18:11:50 | Computer Name = YVETTE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04.12.2011 18:11:50 | Computer Name = YVETTE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05.12.2011 03:46:36 | Computer Name = YVETTE-PC | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
festgestellt.

Error - 05.12.2011 03:47:22 | Computer Name = YVETTE-PC | Source = DCOM | ID = 10005
Description =

Error - 05.12.2011 03:47:30 | Computer Name = YVETTE-PC | Source = DCOM | ID = 10005
Description =

Error - 05.12.2011 03:47:43 | Computer Name = YVETTE-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00242BF11C08 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%258. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

Error - 05.12.2011 03:47:49 | Computer Name = YVETTE-PC | Source = DCOM | ID = 10005
Description =

Error - 05.12.2011 03:48:31 | Computer Name = YVETTE-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 05.12.2011 03:48:31 | Computer Name = YVETTE-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Alt 05.12.2011, 14:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 06.12.2011, 00:58   #3
Crack1985
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung



Hallo Arne,
vielen Dank, dass du dich meines Problems annimmst.

Hier die Logfiles von Malewarebytes und ESET:

Malwarebytes:
Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8316

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

05.12.2011 17:26:52
mbam-log-2011-12-05 (17-26-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 296565
Laufzeit: 37 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{17D45C31-85D3-11DE-8282-806E6F6E6963} (Trojan.Agent.H) -> Value: {17D45C31-85D3-11DE-8282-806E6F6E6963} -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\YVETTE\AppData\Roaming\microsoft\svhcost.exe (Trojan.Agent.H) -> No action taken.
c:\program files\dsl connection manager\AccTerm.exe (Trojan.Downloader.ic) -> No action taken.
c:\Users\YVETTE\AppData\Local\Temp\0.9798558238065374.exe (Trojan.Agent.H) -> No action taken.
c:\Users\YVETTE\AppData\LocalLow\Sun\Java\deployment\cache\6.0\40\133217a8-5a3b8329 (Trojan.Agent.H) -> No action taken.
ESET:
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=941402c3695f20459b9d53c21c8e7a32
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-05 11:51:30
# local_time=2011-12-06 12:51:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 94 117247 59661785 162234 0
# compatibility_mode=5892 16776573 100 100 4169 160657692 0 0
# compatibility_mode=8192 67108863 100 0 3729 3729 0 0
# scanned=144348
# found=1
# cleaned=0
# scan_time=4126
C:\Users\YVETTE\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001e7 JS/Kryptik.AW.Gen trojan (unable to clean) 00000000000000000000000000000000 I
__________________

Alt 06.12.2011, 08:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung



Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.12.2011, 13:15   #5
Crack1985
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung



Hab die Funde mit Malwarebytes entfernt:
Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8321

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

06.12.2011 11:19:53
mbam-log-2011-12-06 (11-19-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 296956
Laufzeit: 37 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{17D45C31-85D3-11DE-8282-806E6F6E6963} (Trojan.Agent.H) -> Value: {17D45C31-85D3-11DE-8282-806E6F6E6963} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\YVETTE\AppData\Roaming\microsoft\svhcost.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\program files\dsl connection manager\AccTerm.exe (Trojan.Downloader.ic) -> Quarantined and deleted successfully.
c:\Users\YVETTE\AppData\Local\Temp\0.9798558238065374.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\YVETTE\AppData\LocalLow\Sun\Java\deployment\cache\6.0\40\133217a8-5a3b8329 (Trojan.Agent.H) -> Quarantined and deleted successfully.
ESET findet aber noch einen Trojaner:
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=941402c3695f20459b9d53c21c8e7a32
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-05 11:51:30
# local_time=2011-12-06 12:51:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 94 117247 59661785 162234 0
# compatibility_mode=5892 16776573 100 100 4169 160657692 0 0
# compatibility_mode=8192 67108863 100 0 3729 3729 0 0
# scanned=144348
# found=1
# cleaned=0
# scan_time=4126
C:\Users\YVETTE\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001e7 JS/Kryptik.AW.Gen trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=941402c3695f20459b9d53c21c8e7a32
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-06 11:40:59
# local_time=2011-12-06 12:40:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 94 159842 59704380 204829 0
# compatibility_mode=5892 16776573 100 100 4185 160700287 0 0
# compatibility_mode=8192 67108863 100 0 46324 46324 0 0
# scanned=144409
# found=1
# cleaned=0
# scan_time=4099
C:\Users\YVETTE\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001e7 JS/Kryptik.AW.Gen trojan (unable to clean) 00000000000000000000000000000000 I


Alt 06.12.2011, 13:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung



Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung

Alt 06.12.2011, 14:54   #7
Crack1985
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung



Hier der Inhalt der OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.12.2011 14:10:52 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\YVETTE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 83,93% Memory free
6,13 Gb Paging File | 5,84 Gb Available in Paging File | 95,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,22 Gb Total Space | 205,87 Gb Free Space | 71,43% Space Free | Partition Type: NTFS
 
Computer Name: YVETTE-PC | User Name: YVETTE | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\YVETTE\Desktop\OTL.exe (OldTimer Tools)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (McAfee SiteAdvisor Service) --  File not found
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (accvssvc) -- C:\Programme\Common Files\AccSys\accvssvc.exe (AccSys GmbH)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ig [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.05 09:08:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.05 09:08:39 | 000,000,000 | ---D | M]
 
[2010.05.07 15:23:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Extensions
[2011.12.05 09:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions
[2010.05.07 15:25:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.05 09:05:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.12.05 08:56:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.13 15:46:55 | 000,000,000 | ---D | M] (vShare) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\vshare@toolbar
[2010.11.13 15:47:26 | 000,001,583 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Mozilla\Firefox\Profiles\oqjvbyxp.default\searchplugins\web-search.xml
[2011.12.05 09:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DSLCoMan] C:\Program Files\DSL Connection Manager\DSLCoMan.exe (AccSys GmbH)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10v_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\YVETTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\YVETTE\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00EE1B83-C4F3-44A3-8E60-1E3C011B58BE}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1EC8ABF-FA11-4324-8D15-4E7AA4EAC517}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFB88951-945D-4CFC-B9DA-725BBC986932}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\YVETTE\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\YVETTE\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6cbc72e4-9fba-11de-88bf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6cbc72e4-9fba-11de-88bf-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{7b396e0c-85e4-11de-9d79-001dbaf1d643}\Shell - "" = AutoRun
O33 - MountPoints2\{7b396e0c-85e4-11de-9d79-001dbaf1d643}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7b396e25-85e4-11de-9d79-001dbaf1d643}\Shell - "" = AutoRun
O33 - MountPoints2\{7b396e25-85e4-11de-9d79-001dbaf1d643}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Programme\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.06 11:28:51 | 002,322,184 | ---- | C] (ESET) -- C:\Users\YVETTE\Desktop\esetsmartinstaller_enu.exe
[2011.12.05 23:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.05 09:27:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\YVETTE\Desktop\OTL.exe
[2011.12.05 09:27:32 | 000,000,000 | ---D | C] -- C:\Users\YVETTE\AppData\Roaming\Malwarebytes
[2011.12.05 09:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.05 09:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.05 09:27:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.05 09:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.05 09:20:10 | 000,000,000 | ---D | C] -- C:\Users\YVETTE\AppData\Local\Secunia PSI
[2011.12.05 09:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011.12.05 09:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.05 09:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.27 20:52:45 | 000,000,000 | ---D | C] -- C:\Users\YVETTE\AppData\Roaming\pdfforge
[2011.11.27 20:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011.11.27 20:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[1 C:\Users\YVETTE\Documents\*.tmp files -> C:\Users\YVETTE\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.06 14:10:51 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.06 14:10:51 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.06 14:10:51 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.06 14:10:51 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.06 14:06:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.06 11:31:23 | 000,001,356 | ---- | M] () -- C:\Users\YVETTE\AppData\Local\d3d9caps.dat
[2011.12.06 11:28:52 | 002,322,184 | ---- | M] (ESET) -- C:\Users\YVETTE\Desktop\esetsmartinstaller_enu.exe
[2011.12.05 10:28:25 | 219,859,769 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.05 09:28:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\YVETTE\Desktop\OTL.exe
[2011.12.05 09:20:04 | 000,000,899 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011.12.05 09:08:40 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.04 23:20:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 23:20:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 23:20:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.04 23:14:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.04 23:11:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.04 23:02:15 | 000,422,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.27 22:25:36 | 000,057,344 | ---- | M] () -- C:\Users\YVETTE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.27 20:53:59 | 000,092,834 | ---- | M] () -- C:\Users\YVETTE\Documents\Zensus Übertragungsbestätigung.pdf
[1 C:\Users\YVETTE\Documents\*.tmp files -> C:\Users\YVETTE\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.05 09:20:04 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011.12.05 09:20:04 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011.12.05 09:08:40 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.11.27 20:53:58 | 000,092,834 | ---- | C] () -- C:\Users\YVETTE\Documents\Zensus Übertragungsbestätigung.pdf
[2011.11.27 20:52:40 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.11.20 15:38:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.12.08 14:45:52 | 000,001,356 | ---- | C] () -- C:\Users\YVETTE\AppData\Local\d3d9caps.dat
[2009.10.26 21:12:24 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.10.22 20:18:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.22 20:18:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.14 16:32:22 | 000,000,906 | ---- | C] () -- C:\Users\YVETTE\AppData\Roaming\wklnhst.dat
[2009.08.11 20:45:40 | 000,057,344 | ---- | C] () -- C:\Users\YVETTE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.22 13:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.05.14 22:22:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009.03.05 18:22:23 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.03.05 18:22:19 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.03.05 18:22:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.03.05 18:22:18 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009.03.05 10:27:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.03.05 09:48:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.29 17:13:34 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.01.21 08:15:58 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,422,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009.08.23 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\COWON
[2010.04.05 14:35:29 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\DAEMON Tools Lite
[2011.12.04 23:04:26 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Dropbox
[2011.05.18 21:37:06 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\HTC
[2011.05.18 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.09.18 10:05:23 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\ICQ
[2010.12.02 00:57:02 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\InterVideo
[2009.11.01 15:47:01 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\OpenOffice.org
[2011.11.27 20:52:45 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\pdfforge
[2009.11.01 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Template
[2009.09.13 19:21:02 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent
[2011.12.04 23:20:54 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.18 19:42:02 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Adobe
[2010.08.07 12:39:59 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Apple Computer
[2009.08.15 17:08:47 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\ArcSoft
[2009.08.10 19:49:43 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\ATI
[2011.03.25 09:13:31 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Avira
[2009.08.23 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\COWON
[2010.04.05 14:35:29 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\DAEMON Tools Lite
[2011.02.15 14:39:03 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\DivX
[2011.12.04 23:04:26 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Dropbox
[2009.08.10 22:38:40 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Google
[2009.08.23 11:54:19 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Hamachi
[2011.05.18 21:37:06 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\HTC
[2011.05.18 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.09.18 10:05:23 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\ICQ
[2009.08.10 19:49:11 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Identities
[2009.08.23 12:26:38 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\InstallShield
[2010.12.02 00:57:02 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\InterVideo
[2009.08.13 20:00:04 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Macromedia
[2011.12.05 09:27:32 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Media Center Programs
[2011.12.06 11:19:53 | 000,000,000 | --SD | M] -- C:\Users\YVETTE\AppData\Roaming\Microsoft
[2010.05.07 15:23:48 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Mozilla
[2009.11.01 15:47:01 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\OpenOffice.org
[2011.11.27 20:52:45 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\pdfforge
[2010.10.07 17:18:09 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Sony Corporation
[2009.11.01 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Template
[2009.09.13 19:21:02 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent
 
< %APPDATA%\*.exe /s >
[2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\YVETTE\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.09.02 01:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\YVETTE\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.05.18 19:41:59 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\YVETTE\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.03.25 09:52:51 | 000,010,134 | R--- | M] () -- C:\Users\YVETTE\AppData\Roaming\Microsoft\Installer\{430DD2C5-65FD-9781-F9F2-693CAF05CD10}\ARPPRODUCTICON.exe
[2009.01.14 10:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\Del_CD_ROM.exe
[2009.03.03 11:44:48 | 000,030,160 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\InstallWTGService.exe
[2009.03.03 11:44:55 | 000,251,344 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\OSU.exe
[2009.03.03 11:45:08 | 000,693,712 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\Setup.exe
[2009.03.03 11:45:05 | 001,091,024 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\Uninstaller.exe
[2009.03.03 11:44:52 | 007,009,744 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent.exe
[2009.03.04 07:34:41 | 000,468,432 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe
[2009.03.03 11:45:11 | 000,296,400 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\WTGService.exe
[2009.03.03 11:45:15 | 000,243,152 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\WTGVistaUtil.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys
[2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
[2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---

Alt 06.12.2011, 14:56   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung



Zitat:
Boot Mode: SafeMode with Networking
Wieso bist du im abgesicherten Modus? Geht der normale Modus immer immer noch nicht oder hat das einen anderen Grund?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.12.2011, 15:00   #9
Crack1985
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung



Ich hab den normalen Modus bisher noch nicht wieder ausprobiert, weil der vorher wegen des Trojaners nicht ging und ESET ja noch einen Trojaner gefunden hat, der noch nicht entfernt werden konnte.
Soll ich den OTL-Scan im normalen Modus wiederholen (falls der wieder funktioniert)?

Alt 06.12.2011, 15:01   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung



Ja ausprobieren
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.12.2011, 16:12   #11
Crack1985
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung



Normaler Modus funktioniert.
Hier das Ergebnis vom OTL-Scan:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.12.2011 15:18:18 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\YVETTE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 56,44% Memory free
6,16 Gb Paging File | 4,65 Gb Available in Paging File | 75,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,22 Gb Total Space | 202,05 Gb Free Space | 70,10% Space Free | Partition Type: NTFS
 
Computer Name: YVETTE-PC | User Name: YVETTE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\YVETTE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Programme\sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
PRC - C:\Users\YVETTE\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Programme\sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Programme\sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\AccSys\accvssvc.exe (AccSys GmbH)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\09d9d35b68b4fe07c1d2f25e2533f21e\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\dbcb4baf3d2ed9e62645bd332fc221f2\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\6b2ee1fdc6a182722db04af9c3cd10c3\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll ()
MOD - C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MOD - C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll ()
MOD - C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll ()
MOD - C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll ()
MOD - C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (McAfee SiteAdvisor Service) --  File not found
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (accvssvc) -- C:\Programme\Common Files\AccSys\accvssvc.exe (AccSys GmbH)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ig [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.05 09:08:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.05 09:08:39 | 000,000,000 | ---D | M]
 
[2010.05.07 15:23:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Extensions
[2011.12.05 09:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions
[2010.05.07 15:25:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.05 09:05:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.12.05 08:56:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.13 15:46:55 | 000,000,000 | ---D | M] (vShare) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\vshare@toolbar
[2010.11.13 15:47:26 | 000,001,583 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Mozilla\Firefox\Profiles\oqjvbyxp.default\searchplugins\web-search.xml
[2011.12.06 15:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.06 15:14:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DSLCoMan] C:\Program Files\DSL Connection Manager\DSLCoMan.exe (AccSys GmbH)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\YVETTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\YVETTE\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00EE1B83-C4F3-44A3-8E60-1E3C011B58BE}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1EC8ABF-FA11-4324-8D15-4E7AA4EAC517}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFB88951-945D-4CFC-B9DA-725BBC986932}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\YVETTE\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\YVETTE\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6cbc72e4-9fba-11de-88bf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6cbc72e4-9fba-11de-88bf-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{7b396e0c-85e4-11de-9d79-001dbaf1d643}\Shell - "" = AutoRun
O33 - MountPoints2\{7b396e0c-85e4-11de-9d79-001dbaf1d643}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7b396e25-85e4-11de-9d79-001dbaf1d643}\Shell - "" = AutoRun
O33 - MountPoints2\{7b396e25-85e4-11de-9d79-001dbaf1d643}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Programme\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.06 15:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.12.06 11:28:51 | 002,322,184 | ---- | C] (ESET) -- C:\Users\YVETTE\Desktop\esetsmartinstaller_enu.exe
[2011.12.05 23:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.05 09:27:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\YVETTE\Desktop\OTL.exe
[2011.12.05 09:27:32 | 000,000,000 | ---D | C] -- C:\Users\YVETTE\AppData\Roaming\Malwarebytes
[2011.12.05 09:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.05 09:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.05 09:27:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.05 09:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.05 09:20:10 | 000,000,000 | ---D | C] -- C:\Users\YVETTE\AppData\Local\Secunia PSI
[2011.12.05 09:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011.12.05 09:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.05 09:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.27 20:52:45 | 000,000,000 | ---D | C] -- C:\Users\YVETTE\AppData\Roaming\pdfforge
[2011.11.27 20:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011.11.27 20:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[1 C:\Users\YVETTE\Documents\*.tmp files -> C:\Users\YVETTE\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.06 15:14:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.06 15:12:24 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.06 15:12:24 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.06 15:12:24 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.06 15:12:23 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.06 15:05:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.06 15:04:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.06 15:04:29 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.06 15:04:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.06 15:04:22 | 3186,659,328 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.06 11:31:23 | 000,001,356 | ---- | M] () -- C:\Users\YVETTE\AppData\Local\d3d9caps.dat
[2011.12.06 11:28:52 | 002,322,184 | ---- | M] (ESET) -- C:\Users\YVETTE\Desktop\esetsmartinstaller_enu.exe
[2011.12.05 10:28:25 | 219,859,769 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.05 09:28:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\YVETTE\Desktop\OTL.exe
[2011.12.05 09:20:04 | 000,000,899 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011.12.05 09:08:40 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.04 23:20:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.04 23:02:15 | 000,422,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.27 22:25:36 | 000,057,344 | ---- | M] () -- C:\Users\YVETTE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.27 20:53:59 | 000,092,834 | ---- | M] () -- C:\Users\YVETTE\Documents\Zensus Übertragungsbestätigung.pdf
[1 C:\Users\YVETTE\Documents\*.tmp files -> C:\Users\YVETTE\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.06 15:04:22 | 3186,659,328 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.05 09:20:04 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011.12.05 09:20:04 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011.12.05 09:08:40 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.11.27 20:53:58 | 000,092,834 | ---- | C] () -- C:\Users\YVETTE\Documents\Zensus Übertragungsbestätigung.pdf
[2011.11.27 20:52:40 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.11.20 15:38:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.12.08 14:45:52 | 000,001,356 | ---- | C] () -- C:\Users\YVETTE\AppData\Local\d3d9caps.dat
[2009.10.26 21:12:24 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.10.22 20:18:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.22 20:18:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.14 16:32:22 | 000,000,906 | ---- | C] () -- C:\Users\YVETTE\AppData\Roaming\wklnhst.dat
[2009.08.11 20:45:40 | 000,057,344 | ---- | C] () -- C:\Users\YVETTE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.22 13:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.05.14 22:22:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009.03.05 18:22:23 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.03.05 18:22:19 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.03.05 18:22:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.03.05 18:22:18 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009.03.05 10:27:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.03.05 09:48:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.29 17:13:34 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,422,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009.08.23 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\COWON
[2010.04.05 14:35:29 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\DAEMON Tools Lite
[2011.12.06 15:08:28 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Dropbox
[2011.05.18 21:37:06 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\HTC
[2011.05.18 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.09.18 10:05:23 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\ICQ
[2010.12.02 00:57:02 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\InterVideo
[2009.11.01 15:47:01 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\OpenOffice.org
[2011.11.27 20:52:45 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\pdfforge
[2009.11.01 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Template
[2009.09.13 19:21:02 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent
[2011.12.04 23:20:54 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.18 19:42:02 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Adobe
[2010.08.07 12:39:59 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Apple Computer
[2009.08.15 17:08:47 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\ArcSoft
[2009.08.10 19:49:43 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\ATI
[2011.03.25 09:13:31 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Avira
[2009.08.23 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\COWON
[2010.04.05 14:35:29 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\DAEMON Tools Lite
[2011.02.15 14:39:03 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\DivX
[2011.12.06 15:08:28 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Dropbox
[2009.08.10 22:38:40 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Google
[2009.08.23 11:54:19 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Hamachi
[2011.05.18 21:37:06 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\HTC
[2011.05.18 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.09.18 10:05:23 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\ICQ
[2009.08.10 19:49:11 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Identities
[2009.08.23 12:26:38 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\InstallShield
[2010.12.02 00:57:02 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\InterVideo
[2009.08.13 20:00:04 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Macromedia
[2011.12.05 09:27:32 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Media Center Programs
[2011.12.06 11:19:53 | 000,000,000 | --SD | M] -- C:\Users\YVETTE\AppData\Roaming\Microsoft
[2010.05.07 15:23:48 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Mozilla
[2009.11.01 15:47:01 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\OpenOffice.org
[2011.11.27 20:52:45 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\pdfforge
[2010.10.07 17:18:09 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Sony Corporation
[2009.11.01 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Template
[2009.09.13 19:21:02 | 000,000,000 | ---D | M] -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent
 
< %APPDATA%\*.exe /s >
[2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\YVETTE\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.09.02 01:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\YVETTE\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.05.18 19:41:59 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\YVETTE\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.03.25 09:52:51 | 000,010,134 | R--- | M] () -- C:\Users\YVETTE\AppData\Roaming\Microsoft\Installer\{430DD2C5-65FD-9781-F9F2-693CAF05CD10}\ARPPRODUCTICON.exe
[2009.01.14 10:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\Del_CD_ROM.exe
[2009.03.03 11:44:48 | 000,030,160 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\InstallWTGService.exe
[2009.03.03 11:44:55 | 000,251,344 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\OSU.exe
[2009.03.03 11:45:08 | 000,693,712 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\Setup.exe
[2009.03.03 11:45:05 | 001,091,024 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\Uninstaller.exe
[2009.03.03 11:44:52 | 007,009,744 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent.exe
[2009.03.04 07:34:41 | 000,468,432 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe
[2009.03.03 11:45:11 | 000,296,400 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\WTGService.exe
[2009.03.03 11:45:15 | 000,243,152 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Verbindungsassistent\BackUp\WTGVistaUtil.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys
[2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
[2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.04.05 14:36:48 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 03:24:47 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< End of report >
         
--- --- ---

Alt 06.12.2011, 18:59   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.de/ig [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
[2010.11.13 15:46:55 | 000,000,000 | ---D | M] (vShare) -- C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\vshare@toolbar
[2010.11.13 15:47:26 | 000,001,583 | ---- | M] () -- C:\Users\YVETTE\AppData\Roaming\Mozilla\Firefox\Profiles\oqjvbyxp.default\searchplugins\web-search.xml
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6cbc72e4-9fba-11de-88bf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6cbc72e4-9fba-11de-88bf-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{7b396e0c-85e4-11de-9d79-001dbaf1d643}\Shell - "" = AutoRun
O33 - MountPoints2\{7b396e0c-85e4-11de-9d79-001dbaf1d643}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7b396e25-85e4-11de-9d79-001dbaf1d643}\Shell - "" = AutoRun
O33 - MountPoints2\{7b396e25-85e4-11de-9d79-001dbaf1d643}\Shell\AutoRun\command - "" = G:\AutoRun.exe
[2011.11.27 20:52:45 | 000,000,000 | ---D | C] -- C:\Users\YVETTE\AppData\Roaming\pdfforge
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.12.2011, 19:48   #13
Crack1985
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung



Hab den Fix ausgeführt.
Hier ist das Logfile:
Zitat:
All processes killed
========== OTL ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Programme\ICQ6Toolbar\ICQ Service.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Web Search..." removed from browser.search.defaultenginename
Prefs.js: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\vshare@toolbar\modules folder moved successfully.
C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\vshare@toolbar\locale\en-US folder moved successfully.
C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\vshare@toolbar\locale folder moved successfully.
C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\vshare@toolbar\components folder moved successfully.
C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\vshare@toolbar\chrome folder moved successfully.
C:\Users\YVETTE\AppData\Roaming\mozilla\Firefox\Profiles\oqjvbyxp.default\extensions\vshare@toolbar folder moved successfully.
C:\Users\YVETTE\AppData\Roaming\Mozilla\Firefox\Profiles\oqjvbyxp.default\searchplugins\web-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cbc72e4-9fba-11de-88bf-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cbc72e4-9fba-11de-88bf-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cbc72e4-9fba-11de-88bf-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cbc72e4-9fba-11de-88bf-806e6f6e6963}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b396e0c-85e4-11de-9d79-001dbaf1d643}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b396e0c-85e4-11de-9d79-001dbaf1d643}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b396e0c-85e4-11de-9d79-001dbaf1d643}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b396e0c-85e4-11de-9d79-001dbaf1d643}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b396e25-85e4-11de-9d79-001dbaf1d643}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b396e25-85e4-11de-9d79-001dbaf1d643}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b396e25-85e4-11de-9d79-001dbaf1d643}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b396e25-85e4-11de-9d79-001dbaf1d643}\ not found.
File G:\AutoRun.exe not found.
C:\Users\YVETTE\AppData\Roaming\pdfforge\Images2PDF folder moved successfully.
C:\Users\YVETTE\AppData\Roaming\pdfforge folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: YVETTE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 500458398 bytes
->Java cache emptied: 2990722 bytes
->FireFox cache emptied: 50570857 bytes
->Google Chrome cache emptied: 52733277 bytes
->Flash cache emptied: 160288 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 172536727 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 743,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12062011_192321

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 06.12.2011, 20:04   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.12.2011, 22:57   #15
Crack1985
 
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Standard

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung



Hier das Log vom TDSS-Killer:
Zitat:
22:50:03.0200 4640 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
22:50:03.0528 4640 ============================================================
22:50:03.0528 4640 Current date / time: 2011/12/06 22:50:03.0528
22:50:03.0528 4640 SystemInfo:
22:50:03.0528 4640
22:50:03.0528 4640 OS Version: 6.0.6002 ServicePack: 2.0
22:50:03.0528 4640 Product type: Workstation
22:50:03.0528 4640 ComputerName: YVETTE-PC
22:50:03.0528 4640 UserName: YVETTE
22:50:03.0528 4640 Windows directory: C:\Windows
22:50:03.0528 4640 System windows directory: C:\Windows
22:50:03.0528 4640 Processor architecture: Intel x86
22:50:03.0528 4640 Number of processors: 2
22:50:03.0528 4640 Page size: 0x1000
22:50:03.0528 4640 Boot type: Normal boot
22:50:03.0528 4640 ============================================================
22:50:04.0230 4640 Initialize success
22:50:28.0036 2052 ============================================================
22:50:28.0036 2052 Scan started
22:50:28.0036 2052 Mode: Manual; SigCheck; TDLFS;
22:50:28.0036 2052 ============================================================
22:50:29.0112 2052 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:50:29.0252 2052 ACPI - ok
22:50:29.0455 2052 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:50:29.0596 2052 adp94xx - ok
22:50:29.0892 2052 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:50:29.0908 2052 adpahci - ok
22:50:30.0110 2052 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:50:30.0142 2052 adpu160m - ok
22:50:30.0360 2052 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:50:30.0391 2052 adpu320 - ok
22:50:30.0672 2052 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:50:30.0812 2052 AFD - ok
22:50:31.0187 2052 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:50:31.0218 2052 agp440 - ok
22:50:31.0265 2052 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:50:31.0296 2052 aic78xx - ok
22:50:31.0421 2052 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:50:31.0452 2052 aliide - ok
22:50:31.0592 2052 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:50:31.0670 2052 amdagp - ok
22:50:31.0826 2052 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:50:31.0858 2052 amdide - ok
22:50:31.0951 2052 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:50:32.0060 2052 AmdK7 - ok
22:50:32.0326 2052 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:50:32.0497 2052 AmdK8 - ok
22:50:32.0996 2052 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:50:33.0059 2052 arc - ok
22:50:33.0214 2052 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:50:33.0234 2052 arcsas - ok
22:50:33.0494 2052 ArcSoftKsUFilter (857b48965a0503b7ab795d4bfe7cbd8b) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
22:50:33.0604 2052 ArcSoftKsUFilter - ok
22:50:33.0864 2052 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:50:33.0971 2052 AsyncMac - ok
22:50:34.0131 2052 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
22:50:34.0166 2052 atapi - ok
22:50:34.0259 2052 athr (1ea05449220e3d755477ce517a83846b) C:\Windows\system32\DRIVERS\athr.sys
22:50:34.0404 2052 athr - ok
22:50:34.0929 2052 atikmdag (71c98afef4bf7a5bb54cbaaddb5d7972) C:\Windows\system32\DRIVERS\atikmdag.sys
22:50:35.0793 2052 atikmdag - ok
22:50:36.0246 2052 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
22:50:36.0293 2052 avgntflt - ok
22:50:36.0542 2052 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
22:50:36.0589 2052 avipbb - ok
22:50:36.0932 2052 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:50:37.0041 2052 Beep - ok
22:50:37.0369 2052 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:50:37.0431 2052 blbdrive - ok
22:50:37.0650 2052 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:50:37.0728 2052 bowser - ok
22:50:37.0931 2052 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:50:37.0993 2052 BrFiltLo - ok
22:50:38.0430 2052 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:50:38.0492 2052 BrFiltUp - ok
22:50:38.0711 2052 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:50:38.0835 2052 Brserid - ok
22:50:39.0023 2052 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:50:39.0179 2052 BrSerWdm - ok
22:50:39.0549 2052 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:50:39.0719 2052 BrUsbMdm - ok
22:50:39.0959 2052 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:50:40.0079 2052 BrUsbSer - ok
22:50:40.0419 2052 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
22:50:40.0479 2052 BthEnum - ok
22:50:40.0839 2052 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:50:40.0939 2052 BTHMODEM - ok
22:50:41.0423 2052 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
22:50:41.0688 2052 BthPan - ok
22:50:42.0115 2052 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
22:50:42.0443 2052 BTHPORT - ok
22:50:42.0739 2052 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
22:50:42.0833 2052 BTHUSB - ok
22:50:43.0223 2052 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:50:43.0270 2052 cdfs - ok
22:50:44.0175 2052 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:50:44.0315 2052 cdrom - ok
22:50:44.0674 2052 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:50:44.0767 2052 circlass - ok
22:50:45.0142 2052 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:50:45.0235 2052 CLFS - ok
22:50:45.0922 2052 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:50:46.0000 2052 CmBatt - ok
22:50:46.0483 2052 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:50:46.0499 2052 cmdide - ok
22:50:46.0655 2052 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:50:46.0686 2052 Compbatt - ok
22:50:47.0123 2052 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:50:47.0170 2052 crcdisk - ok
22:50:47.0451 2052 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:50:47.0529 2052 Crusoe - ok
22:50:48.0168 2052 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:50:48.0231 2052 DfsC - ok
22:50:48.0496 2052 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:50:48.0589 2052 disk - ok
22:50:48.0901 2052 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
22:50:48.0964 2052 DMICall - ok
22:50:49.0229 2052 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:50:49.0276 2052 drmkaud - ok
22:50:49.0650 2052 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:50:49.0713 2052 DXGKrnl - ok
22:50:50.0040 2052 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:50:50.0134 2052 E1G60 - ok
22:50:50.0352 2052 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:50:50.0493 2052 Ecache - ok
22:50:50.0758 2052 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:50:50.0867 2052 elxstor - ok
22:50:51.0257 2052 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:50:51.0335 2052 ErrDev - ok
22:50:51.0569 2052 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:50:51.0663 2052 exfat - ok
22:50:51.0912 2052 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:50:51.0975 2052 fastfat - ok
22:50:52.0255 2052 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:50:52.0333 2052 fdc - ok
22:50:52.0505 2052 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:50:52.0521 2052 FileInfo - ok
22:50:52.0567 2052 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:50:52.0645 2052 Filetrace - ok
22:50:52.0677 2052 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:50:52.0755 2052 flpydisk - ok
22:50:53.0176 2052 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:50:53.0223 2052 FltMgr - ok
22:50:53.0332 2052 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:50:53.0379 2052 Fs_Rec - ok
22:50:53.0503 2052 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:50:53.0519 2052 gagp30kx - ok
22:50:53.0597 2052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:50:53.0628 2052 GEARAspiWDM - ok
22:50:53.0893 2052 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
22:50:53.0956 2052 hamachi - ok
22:50:54.0081 2052 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:50:54.0221 2052 HdAudAddService - ok
22:50:54.0611 2052 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:50:54.0720 2052 HDAudBus - ok
22:50:55.0001 2052 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:50:55.0110 2052 HidBth - ok
22:50:55.0313 2052 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:50:55.0407 2052 HidIr - ok
22:50:55.0578 2052 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:50:55.0656 2052 HidUsb - ok
22:50:55.0999 2052 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:50:56.0046 2052 HpCISSs - ok
22:50:56.0155 2052 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:50:56.0296 2052 HSFHWAZL - ok
22:50:56.0389 2052 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:50:56.0514 2052 HSF_DPV - ok
22:50:56.0701 2052 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:50:56.0733 2052 HSXHWAZL - ok
22:50:56.0842 2052 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
22:50:56.0904 2052 HTCAND32 - ok
22:50:56.0982 2052 htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys
22:50:57.0045 2052 htcnprot - ok
22:50:57.0185 2052 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:50:57.0294 2052 HTTP - ok
22:50:57.0419 2052 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:50:57.0528 2052 hwdatacard - ok
22:50:57.0575 2052 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:50:57.0622 2052 i2omp - ok
22:50:57.0731 2052 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:50:57.0762 2052 i8042prt - ok
22:50:58.0027 2052 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
22:50:58.0059 2052 iaStor - ok
22:50:58.0464 2052 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:50:58.0511 2052 iaStorV - ok
22:50:58.0589 2052 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:50:58.0605 2052 iirsp - ok
22:50:59.0010 2052 IntcAzAudAddService (3aa1f82efa2b0454af163124c9920d16) C:\Windows\system32\drivers\RTKVHDA.sys
22:50:59.0260 2052 IntcAzAudAddService - ok
22:50:59.0431 2052 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:50:59.0463 2052 intelide - ok
22:50:59.0587 2052 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:50:59.0650 2052 intelppm - ok
22:50:59.0743 2052 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:50:59.0790 2052 IpFilterDriver - ok
22:50:59.0853 2052 IpInIp - ok
22:50:59.0977 2052 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:51:00.0055 2052 IPMIDRV - ok
22:51:00.0180 2052 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:51:00.0243 2052 IPNAT - ok
22:51:00.0539 2052 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:51:00.0601 2052 IRENUM - ok
22:51:00.0945 2052 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:51:00.0991 2052 isapnp - ok
22:51:01.0179 2052 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:51:01.0194 2052 iScsiPrt - ok
22:51:01.0257 2052 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:51:01.0272 2052 iteatapi - ok
22:51:01.0335 2052 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:51:01.0366 2052 iteraid - ok
22:51:01.0428 2052 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:51:01.0444 2052 kbdclass - ok
22:51:01.0491 2052 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
22:51:01.0537 2052 kbdhid - ok
22:51:01.0600 2052 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:51:01.0693 2052 KSecDD - ok
22:51:01.0787 2052 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:51:01.0849 2052 lltdio - ok
22:51:01.0943 2052 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:51:01.0974 2052 LSI_FC - ok
22:51:02.0021 2052 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:51:02.0052 2052 LSI_SAS - ok
22:51:02.0224 2052 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:51:02.0271 2052 LSI_SCSI - ok
22:51:02.0380 2052 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:51:02.0442 2052 luafv - ok
22:51:02.0489 2052 MBAMSwissArmy - ok
22:51:02.0629 2052 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:51:02.0661 2052 mdmxsdk - ok
22:51:02.0723 2052 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:51:02.0754 2052 megasas - ok
22:51:02.0817 2052 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:51:02.0895 2052 MegaSR - ok
22:51:03.0051 2052 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:51:03.0097 2052 Modem - ok
22:51:03.0160 2052 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:51:03.0207 2052 monitor - ok
22:51:03.0253 2052 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:51:03.0285 2052 mouclass - ok
22:51:03.0378 2052 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:51:03.0472 2052 mouhid - ok
22:51:03.0534 2052 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:51:03.0565 2052 MountMgr - ok
22:51:03.0643 2052 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:51:03.0659 2052 mpio - ok
22:51:03.0737 2052 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:51:03.0784 2052 mpsdrv - ok
22:51:03.0893 2052 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:51:03.0909 2052 Mraid35x - ok
22:51:04.0018 2052 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:51:04.0080 2052 MRxDAV - ok
22:51:04.0174 2052 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:51:04.0205 2052 mrxsmb - ok
22:51:04.0361 2052 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:51:04.0408 2052 mrxsmb10 - ok
22:51:04.0517 2052 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:51:04.0548 2052 mrxsmb20 - ok
22:51:04.0642 2052 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
22:51:04.0657 2052 msahci - ok
22:51:04.0689 2052 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:51:04.0735 2052 msdsm - ok
22:51:04.0798 2052 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:51:04.0829 2052 Msfs - ok
22:51:04.0954 2052 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:51:04.0969 2052 msisadrv - ok
22:51:05.0063 2052 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:51:05.0110 2052 MSKSSRV - ok
22:51:05.0157 2052 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:51:05.0219 2052 MSPCLOCK - ok
22:51:05.0328 2052 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:51:05.0391 2052 MSPQM - ok
22:51:05.0531 2052 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:51:05.0547 2052 MsRPC - ok
22:51:05.0609 2052 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:51:05.0640 2052 mssmbios - ok
22:51:05.0687 2052 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:51:05.0749 2052 MSTEE - ok
22:51:05.0874 2052 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:51:05.0921 2052 Mup - ok
22:51:06.0015 2052 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:51:06.0061 2052 NativeWifiP - ok
22:51:06.0264 2052 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:51:06.0295 2052 NDIS - ok
22:51:06.0342 2052 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:51:06.0405 2052 NdisTapi - ok
22:51:06.0498 2052 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:51:06.0607 2052 Ndisuio - ok
22:51:06.0701 2052 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:51:06.0763 2052 NdisWan - ok
22:51:06.0873 2052 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:51:06.0935 2052 NDProxy - ok
22:51:06.0982 2052 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:51:07.0044 2052 NetBIOS - ok
22:51:07.0231 2052 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:51:07.0278 2052 netbt - ok
22:51:07.0403 2052 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:51:07.0419 2052 nfrd960 - ok
22:51:07.0575 2052 NPF (b15e0180c43d8b5219196d76878cc2dd) C:\Windows\system32\drivers\npf.sys
22:51:07.0590 2052 NPF - ok
22:51:07.0762 2052 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:51:07.0824 2052 Npfs - ok
22:51:07.0965 2052 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:51:08.0043 2052 nsiproxy - ok
22:51:08.0464 2052 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:51:08.0573 2052 Ntfs - ok
22:51:08.0745 2052 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:51:08.0823 2052 ntrigdigi - ok
22:51:08.0916 2052 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:51:08.0979 2052 Null - ok
22:51:09.0228 2052 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:51:09.0291 2052 nvraid - ok
22:51:09.0353 2052 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:51:09.0384 2052 nvstor - ok
22:51:09.0462 2052 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:51:09.0478 2052 nv_agp - ok
22:51:09.0509 2052 NwlnkFlt - ok
22:51:09.0540 2052 NwlnkFwd - ok
22:51:09.0665 2052 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:51:09.0727 2052 ohci1394 - ok
22:51:09.0837 2052 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:51:09.0946 2052 Parport - ok
22:51:10.0039 2052 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:51:10.0102 2052 partmgr - ok
22:51:10.0273 2052 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:51:10.0367 2052 Parvdm - ok
22:51:10.0507 2052 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:51:10.0539 2052 pci - ok
22:51:10.0601 2052 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:51:10.0679 2052 pciide - ok
22:51:10.0741 2052 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:51:10.0773 2052 pcmcia - ok
22:51:10.0897 2052 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:51:11.0053 2052 PEAUTH - ok
22:51:11.0272 2052 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:51:11.0350 2052 PptpMiniport - ok
22:51:11.0443 2052 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:51:11.0490 2052 Processor - ok
22:51:11.0599 2052 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:51:11.0662 2052 PSched - ok
22:51:11.0740 2052 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
22:51:11.0755 2052 PSI - ok
22:51:11.0802 2052 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
22:51:11.0833 2052 PxHelp20 - ok
22:51:11.0943 2052 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:51:12.0114 2052 ql2300 - ok
22:51:12.0239 2052 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:51:12.0270 2052 ql40xx - ok
22:51:12.0317 2052 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:51:12.0395 2052 QWAVEdrv - ok
22:51:12.0504 2052 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:51:12.0613 2052 RasAcd - ok
22:51:12.0723 2052 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:51:12.0816 2052 Rasl2tp - ok
22:51:12.0925 2052 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:51:12.0972 2052 RasPppoe - ok
22:51:13.0113 2052 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:51:13.0144 2052 RasSstp - ok
22:51:13.0284 2052 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:51:13.0315 2052 rdbss - ok
22:51:13.0409 2052 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:51:13.0487 2052 RDPCDD - ok
22:51:13.0549 2052 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:51:13.0596 2052 rdpdr - ok
22:51:13.0752 2052 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:51:13.0830 2052 RDPENCDD - ok
22:51:14.0017 2052 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:51:14.0080 2052 RDPWD - ok
22:51:14.0173 2052 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
22:51:14.0220 2052 regi - ok
22:51:14.0329 2052 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
22:51:14.0361 2052 RFCOMM - ok
22:51:14.0439 2052 rimsptsk (f7d9ecf41ebd3cf6c65944368150f66b) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:51:14.0485 2052 rimsptsk - ok
22:51:14.0579 2052 risdptsk (1be6c42767a7c67ba31ae32b293b37a3) C:\Windows\system32\DRIVERS\risdptsk.sys
22:51:14.0610 2052 risdptsk - ok
22:51:14.0688 2052 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:51:14.0735 2052 rspndr - ok
22:51:14.0797 2052 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:51:14.0829 2052 sbp2port - ok
22:51:14.0985 2052 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
22:51:15.0078 2052 sdbus - ok
22:51:15.0141 2052 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:51:15.0250 2052 secdrv - ok
22:51:15.0343 2052 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:51:15.0421 2052 Serenum - ok
22:51:15.0484 2052 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:51:15.0577 2052 Serial - ok
22:51:15.0671 2052 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:51:15.0733 2052 sermouse - ok
22:51:15.0843 2052 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
22:51:15.0889 2052 SFEP - ok
22:51:15.0952 2052 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:51:16.0045 2052 sffdisk - ok
22:51:16.0139 2052 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:51:16.0201 2052 sffp_mmc - ok
22:51:16.0264 2052 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:51:16.0311 2052 sffp_sd - ok
22:51:16.0389 2052 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
22:51:16.0435 2052 sfloppy - ok
22:51:16.0545 2052 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:51:16.0576 2052 sisagp - ok
22:51:16.0638 2052 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:51:16.0669 2052 SiSRaid2 - ok
22:51:16.0716 2052 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:51:16.0747 2052 SiSRaid4 - ok
22:51:16.0841 2052 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:51:16.0903 2052 Smb - ok
22:51:16.0997 2052 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:51:17.0028 2052 spldr - ok
22:51:17.0309 2052 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
22:51:17.0309 2052 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
22:51:17.0309 2052 sptd ( LockedFile.Multi.Generic ) - warning
22:51:17.0309 2052 sptd - detected LockedFile.Multi.Generic (1)
22:51:17.0418 2052 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:51:17.0449 2052 srv - ok
22:51:17.0574 2052 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:51:17.0621 2052 srv2 - ok
22:51:17.0761 2052 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:51:17.0824 2052 srvnet - ok
22:51:18.0027 2052 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:51:18.0058 2052 ssmdrv - ok
22:51:18.0120 2052 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:51:18.0136 2052 swenum - ok
22:51:18.0214 2052 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:51:18.0229 2052 Symc8xx - ok
22:51:18.0292 2052 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:51:18.0370 2052 Sym_hi - ok
22:51:18.0432 2052 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:51:18.0448 2052 Sym_u3 - ok
22:51:18.0510 2052 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
22:51:18.0541 2052 SynTP - ok
22:51:18.0713 2052 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:51:18.0900 2052 Tcpip - ok
22:51:19.0087 2052 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:51:19.0134 2052 Tcpip6 - ok
22:51:19.0243 2052 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:51:19.0321 2052 tcpipreg - ok
22:51:19.0462 2052 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:51:19.0524 2052 TDPIPE - ok
22:51:19.0602 2052 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:51:19.0696 2052 TDTCP - ok
22:51:19.0867 2052 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:51:19.0914 2052 tdx - ok
22:51:20.0023 2052 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:51:20.0055 2052 TermDD - ok
22:51:20.0179 2052 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:51:20.0242 2052 tssecsrv - ok
22:51:20.0304 2052 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:51:20.0335 2052 tunmp - ok
22:51:20.0413 2052 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:51:20.0476 2052 tunnel - ok
22:51:20.0523 2052 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:51:20.0569 2052 uagp35 - ok
22:51:20.0725 2052 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:51:20.0772 2052 udfs - ok
22:51:20.0850 2052 UIUSys - ok
22:51:20.0928 2052 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:51:20.0975 2052 uliagpkx - ok
22:51:21.0100 2052 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:51:21.0131 2052 uliahci - ok
22:51:21.0209 2052 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:51:21.0240 2052 UlSata - ok
22:51:21.0303 2052 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:51:21.0334 2052 ulsata2 - ok
22:51:21.0365 2052 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:51:21.0412 2052 umbus - ok
22:51:21.0505 2052 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
22:51:21.0552 2052 USBAAPL - ok
22:51:21.0708 2052 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:51:21.0771 2052 usbccgp - ok
22:51:21.0880 2052 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:51:21.0973 2052 usbcir - ok
22:51:22.0083 2052 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:51:22.0129 2052 usbehci - ok
22:51:22.0239 2052 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:51:22.0301 2052 usbhub - ok
22:51:22.0379 2052 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:51:22.0488 2052 usbohci - ok
22:51:22.0613 2052 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:51:22.0660 2052 usbprint - ok
22:51:22.0738 2052 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:51:22.0800 2052 usbscan - ok
22:51:22.0925 2052 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:51:23.0003 2052 USBSTOR - ok
22:51:23.0050 2052 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:51:23.0128 2052 usbuhci - ok
22:51:23.0253 2052 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:51:23.0331 2052 usbvideo - ok
22:51:23.0409 2052 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
22:51:23.0471 2052 usb_rndisx - ok
22:51:23.0643 2052 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:51:23.0721 2052 vga - ok
22:51:23.0767 2052 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:51:23.0814 2052 VgaSave - ok
22:51:23.0923 2052 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:51:23.0939 2052 viaagp - ok
22:51:23.0986 2052 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:51:24.0033 2052 ViaC7 - ok
22:51:24.0111 2052 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:51:24.0142 2052 viaide - ok
22:51:24.0251 2052 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:51:24.0282 2052 volmgr - ok
22:51:24.0391 2052 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:51:24.0438 2052 volmgrx - ok
22:51:24.0594 2052 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:51:24.0641 2052 volsnap - ok
22:51:24.0735 2052 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:51:24.0766 2052 vsmraid - ok
22:51:24.0859 2052 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:51:24.0937 2052 WacomPen - ok
22:51:25.0031 2052 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:51:25.0078 2052 Wanarp - ok
22:51:25.0109 2052 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:51:25.0140 2052 Wanarpv6 - ok
22:51:25.0265 2052 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:51:25.0296 2052 Wd - ok
22:51:25.0359 2052 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:51:25.0421 2052 Wdf01000 - ok
22:51:25.0530 2052 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
22:51:25.0561 2052 WimFltr - ok
22:51:25.0702 2052 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:51:25.0795 2052 winachsf - ok
22:51:25.0998 2052 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:51:26.0107 2052 WmiAcpi - ok
22:51:26.0185 2052 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:51:26.0232 2052 ws2ifsl - ok
22:51:26.0357 2052 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:51:26.0419 2052 WUDFRd - ok
22:51:26.0482 2052 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
22:51:26.0529 2052 XAudio - ok
22:51:26.0653 2052 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
22:51:26.0747 2052 yukonwlh - ok
22:51:26.0809 2052 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:51:27.0075 2052 \Device\Harddisk0\DR0 - ok
22:51:27.0075 2052 Boot (0x1200) (4f9c9023db902c05a6414596105d8046) \Device\Harddisk0\DR0\Partition0
22:51:27.0090 2052 \Device\Harddisk0\DR0\Partition0 - ok
22:51:27.0090 2052 ============================================================
22:51:27.0090 2052 Scan finished
22:51:27.0090 2052 ============================================================
22:51:27.0106 1144 Detected object count: 1
22:51:27.0106 1144 Actual detected object count: 1
22:54:26.0646 1144 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:54:26.0646 1144 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
Die Eigenen Dateien und Dokumente sind zum Glück alle sichtbar

Antwort

Themen zu "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung
adblock, aus sicherheitsgründen wurde ihr windowssystem blockiert, autorun, avira, bho, bildschirm, blockiert, bonjour, c:\windows\system32\rundll32.exe, converter, defender, excel.exe, explorer, fehler, firefox, format, google chrome, home, install.exe, intranet, microsoft office word, mp3, netzwerk, nicht gefunden, office 2007, realtek, registry, required, rundll, sched.exe, secunia psi, security, security update, senden, siteadvisor, software, svchost.exe, trojaner, trojaner eingefangen, version=1.0, vista, windowssystem blockiert, wurde ihr, zahlungsaufforderung



Ähnliche Themen: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung


  1. Virus: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert", OTL ausgeführt, was nun?
    Log-Analyse und Auswertung - 08.04.2012 (5)
  2. Schwarzer Bildschirm, Deutschlandflagge, "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 04.04.2012 (9)
  3. Meldung: "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert", wie bei anderen.
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (2)
  4. BKA-Trojaner: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 04.03.2012 (6)
  5. "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" - Virus, nun auch bei mir!
    Log-Analyse und Auswertung - 13.02.2012 (22)
  6. Zahlungsaufforderung durch Avira Virenscanner, "Ihr Windowssystem wurde blockiert"
    Log-Analyse und Auswertung - 10.02.2012 (3)
  7. Zusatzproblem mit Virus: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 09.02.2012 (5)
  8. "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert!" - svb DANKT
    Log-Analyse und Auswertung - 06.02.2012 (23)
  9. "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert!" OTLogfile im Anhang
    Log-Analyse und Auswertung - 26.01.2012 (1)
  10. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem Blockiert, "Bezahlen nd Downloaden"
    Log-Analyse und Auswertung - 23.01.2012 (3)
  11. Windows 7 blockiert! Achtung! "Aus Sicherheitsgründen wurde ihr windowssystem blockiert"
    Log-Analyse und Auswertung - 17.01.2012 (8)
  12. Trojaner: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 09.01.2012 (24)
  13. TROJANER - "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 06.01.2012 (11)
  14. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert ... "bezahlen und runterladen"
    Log-Analyse und Auswertung - 05.01.2012 (9)
  15. "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" logfile mbam-log-2011-12-08 (08-08-36).tx
    Log-Analyse und Auswertung - 08.12.2011 (1)
  16. roter Bildschirm "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" Hilfe
    Plagegeister aller Art und deren Bekämpfung - 01.12.2011 (18)
  17. roter Bildschirm "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 24.10.2011 (47)

Zum Thema "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung - Hallo liebe Forenuser, meine Freundin hat sich gestern den Trojaner eingefangen, von dem hier in den letzten Tagen schon mehrfach berichtet worden ist. Nach dem Hochfahren des Laptops wird der - "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung...
Archiv
Du betrachtest: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" & Zahlungsaufforderung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.