| |
| |||||||
Log-Analyse und Auswertung: 50 Euro VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
30.03.2012, 13:23
| #1 |
| |  50 Euro Virus Hi zusammen, Ich bin noch neu hier, habe folgenden Virus, der auch in einem anderen Thread beschrieben wird: Normaler Systemstart - sofortige Einblendung eines Fensters, in dem ich darauf hingewiesen werde, das ich zuviel pronografische Inhalte geladen hätte etc. und eine Schaltfläche bezahlen, dazu Logos von Microsoft, Kaspersky, McAfee - Taskmanager funktioniert wie alles andere auch nicht. Ich kam dann auf dieses Forum, habe mir die otl heruntergeladen und laufen lassen. Hier sind die Inhalte der Extras.txt sowie otl.txt OTL.txt OTL logfile created on: 30.03.2012 13:55:46 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Pedda\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 85,49% Memory free 5,93 Gb Paging File | 5,52 Gb Available in Paging File | 93,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 453,04 Gb Total Space | 320,05 Gb Free Space | 70,65% Space Free | Partition Type: NTFS Drive I: | 14,94 Gb Total Space | 3,86 Gb Free Space | 25,81% Space Free | Partition Type: FAT32 Computer Name: PEDDA-PC | User Name: Pedda | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.30 13:47:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Pedda\Downloads\OTL.exe PRC - [2012.03.30 13:31:52 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2011.11.22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2011.10.18 15:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2012.03.30 13:31:52 | 000,159,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2012.01.13 16:33:28 | 000,250,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TwonkyMedia\twonkywebdav.exe -- (TwonkyWebDav) SRV - [2012.01.13 16:33:22 | 000,512,840 | ---- | M] (PacketVideo) [Auto | Stopped] -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe -- (TwonkyMedia) SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.10.18 17:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2011.10.18 15:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV - [2011.10.18 15:28:18 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.23 15:35:34 | 001,086,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.07.22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.06 11:50:48 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2009.06.26 12:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.06.26 12:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.06.11 14:54:08 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2009.01.24 11:31:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.01.08 00:10:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2008.04.15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SPR3322K.sys -- (SPR3322K) DRV - [2012.03.30 13:31:52 | 000,475,704 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2012.03.30 13:31:52 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.11.01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2011.10.15 14:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2011.10.15 14:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2011.10.15 14:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2011.10.15 14:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2011.10.15 14:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk) DRV - [2011.10.15 14:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2011.10.15 14:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2010.03.04 17:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP) DRV - [2010.03.04 17:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap) DRV - [2009.12.30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt) DRV - [2009.12.05 11:28:03 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.12.05 11:28:01 | 009,789,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.11.26 15:28:52 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2009.09.08 08:13:44 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.02.20 20:09:16 | 000,044,032 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB) DRV - [2008.11.25 00:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2008.11.19 02:08:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2008.11.06 02:10:52 | 000,055,696 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr_cfs.sys -- (JMCR_CFS) DRV - [2008.10.23 02:02:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk) DRV - [2008.10.23 02:02:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT IE - HKLM\..\SearchScopes\{79249744-4B12-4251-B15E-033052423734}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?brand=SNYT&bmod=EU01 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYK_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7SNYK_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{79249744-4B12-4251-B15E-033052423734}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {fd639891-5cc6-45ae-9055-a7a6abb5a7a9}:1.2.11.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.02.29 22:45:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.03.30 13:32:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_8.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_8.0 [2012.02.20 21:24:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.25 00:33:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.24 17:51:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.24 19:38:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.08.24 17:51:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_8.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_8.0 [2012.02.20 21:24:23 | 000,000,000 | ---D | M] [2010.02.28 23:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pedda\AppData\Roaming\mozilla\Extensions [2009.12.20 10:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pedda\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.03.25 19:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pedda\AppData\Roaming\mozilla\Firefox\Profiles\pmd17pmw.default\extensions [2010.06.10 09:43:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pedda\AppData\Roaming\mozilla\Firefox\Profiles\pmd17pmw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.27 12:40:53 | 000,000,000 | ---D | M] (SEB Chipcard Plugin) -- C:\Users\Pedda\AppData\Roaming\mozilla\Firefox\Profiles\pmd17pmw.default\extensions\{fd639891-5cc6-45ae-9055-a7a6abb5a7a9} [2012.02.15 22:02:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.10.08 08:08:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011.10.28 15:51:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012.03.30 13:32:03 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE [2012.02.29 22:45:30 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2012.02.20 21:24:20 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION_8.0 [2011.11.25 00:33:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.07.20 17:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll [2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111222205713.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O4 - HKCU..\Run: [SkypePM] C:\Users\Pedda\AppData\Local\Skype\SkypePM.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: seb.de ([www] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: seb-bank.de ([karte] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{532CF8CA-6081-4E58-98D0-0A80CB1BA370}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\VAIO 08 img6 Wallpaper 1680x945.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\VAIO 08 img6 Wallpaper 1680x945.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7647e9e8-9c28-11e0-8eea-002433d3be6a}\Shell - "" = AutoRun O33 - MountPoints2\{7647e9e8-9c28-11e0-8eea-002433d3be6a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{c1ca3b24-cafa-11de-aaeb-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c1ca3b24-cafa-11de-aaeb-806e6f6e6963}\Shell\AutoRun\command - "" = F:\FSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Twonky Tray Control.lnk - C:\Program Files\TwonkyMedia\twonkymediaserverconfig.exe - (PacketVideo) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk - - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk - C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe - () MsConfig - StartUpFolder: C:^Users^Pedda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Audio Filter.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Pedda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cgs8h0.exe.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Pedda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) MsConfig - StartUpReg: Comcenter Easy - hkey= - key= - File not found MsConfig - StartUpReg: SHTtray.exe - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.03.30 13:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.03.30 13:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\stinger [2012.03.30 08:39:18 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{8B1D772E-B7BA-402D-A2FD-C4BB78687C0E} [2012.03.29 16:33:01 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{F747006F-159F-4E38-A963-8DAC2777160B} [2012.03.28 15:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Programm für die Prozessorerkennung [2012.03.28 15:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation [2012.03.28 11:43:00 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{BBD0E606-92FD-4875-A733-26C1DA5450F2} [2012.03.28 11:42:49 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{E298DA3E-57B5-4274-85B5-2FB714A1771C} [2012.03.28 09:18:38 | 000,069,120 | R--- | C] (AVM Berlin) -- C:\Windows\System32\avmadd32.dll [2012.03.28 09:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box [2012.03.28 09:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\FRITZ!Box [2012.03.27 23:14:24 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{E933B745-B384-42EE-A835-8F72C96BB809} [2012.03.27 23:14:13 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{629EE346-A2D3-461A-8E29-2427BDEB28C4} [2012.03.27 10:57:47 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{12A7DEF7-2467-48B7-9CC1-C95BE5B2B2F8} [2012.03.27 10:57:36 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{D5F1B6A7-2C0E-463E-A625-4413E3A8C2E9} [2012.03.26 12:33:40 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{6706A738-C4C1-4DF4-9026-5AF7493449C0} [2012.03.26 12:33:29 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{25E01F07-F610-41DF-A74A-EAE1D2F07C24} [2012.03.25 12:00:00 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{D52BEDB6-5B40-4739-A932-C606C62CC49A} [2012.03.25 11:59:45 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{CE07411A-B3F8-4B8A-AE10-D69DB4CFD061} [2012.03.25 11:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player [2012.03.24 19:26:35 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{F9EAB989-3D2C-426E-B712-3A1821B5B162} [2012.03.24 19:26:23 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{0F799769-D56D-443B-ADE8-76AF24FBBB89} [2012.03.22 15:18:53 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{00D2E205-2534-4CFF-9A96-2F9FFF613EF0} [2012.03.22 15:18:42 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{4E7DFD52-366A-4674-B544-1D41423D70D5} [2012.03.20 17:23:24 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{AE4937F5-2AB4-43EF-8599-86043A10D054} [2012.03.20 17:23:12 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{E7D31A28-7E37-451D-B0D2-889D4D845A51} [2012.03.18 23:24:36 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\Apps [2012.03.15 22:56:00 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{F753E57A-6387-425C-93CC-96CE614B77E8} [2012.03.15 22:55:48 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{79B049D6-8281-4A7E-97CD-80EB25700A32} [2012.03.14 17:39:43 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{C02C741F-CF87-483E-A0C0-BB168771BA4A} [2012.03.14 17:39:31 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{7C7CFB4C-1CB8-40C8-B669-1DC31C2CC638} [2012.03.10 15:44:16 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{6DC2DD26-246B-47F8-907F-FBB9F87BA46B} [2012.03.10 15:44:04 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{3F94CC50-0DE0-428B-B065-1F8906333855} [2012.03.03 14:32:17 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{753471B2-501A-4F7F-A676-63441C6F79BB} [2012.03.03 14:32:06 | 000,000,000 | ---D | C] -- C:\Users\Pedda\AppData\Local\{E4956A51-7B1C-4FFD-80DE-3D29BA36EC55} ========== Files - Modified Within 30 Days ========== [2012.03.30 13:57:57 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk [2012.03.30 13:51:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.30 13:50:53 | 2390,011,904 | -HS- | M] () -- C:\hiberfil.sys [2012.03.30 13:31:52 | 000,475,704 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys [2012.03.30 13:31:52 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe [2012.03.30 13:31:52 | 000,087,656 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys [2012.03.30 13:22:10 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.30 12:22:12 | 000,701,310 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.30 12:22:12 | 000,663,192 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.30 12:22:12 | 000,147,918 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.30 12:22:12 | 000,124,308 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.30 11:47:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.30 07:44:32 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.30 07:44:32 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.21 20:25:50 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012.03.19 22:10:08 | 000,377,790 | ---- | M] () -- C:\Users\Pedda\Desktop\unitymedia.jpg [2012.03.15 19:59:57 | 000,374,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.03 09:45:33 | 000,000,741 | ---- | M] () -- C:\Windows\wiso.ini ========== Files Created - No Company Name ========== [2012.03.25 11:57:43 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012.03.19 22:10:07 | 000,377,790 | ---- | C] () -- C:\Users\Pedda\Desktop\unitymedia.jpg [2012.02.21 00:12:14 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6 [2012.02.15 21:52:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.06.21 20:43:59 | 000,000,275 | ---- | C] () -- C:\Users\Pedda\AppData\Local\HamsterVideoConverterSettings.cfg [2011.04.14 22:48:41 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.04.14 17:51:58 | 000,007,625 | ---- | C] () -- C:\Users\Pedda\AppData\Local\Resmon.ResmonCfg [2011.04.14 16:38:00 | 000,000,030 | ---- | C] () -- C:\Users\Pedda\AppData\Roaming\urhtps.dat [2010.08.13 16:20:29 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi [2010.04.16 19:29:41 | 000,006,144 | ---- | C] () -- C:\Users\Pedda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.04 11:14:55 | 000,958,976 | ---- | C] () -- C:\Windows\System32\iPostCtl.dll [2010.04.04 11:14:54 | 001,411,584 | ---- | C] () -- C:\Windows\System32\iFaxCtrl.dll [2010.04.04 11:14:54 | 001,067,520 | ---- | C] () -- C:\Windows\System32\iFolderCtrl.dll ========== LOP Check ========== [2011.04.12 19:55:18 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\5015 [2009.11.28 15:26:25 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\Ashampoo [2011.08.06 10:01:33 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\Avery [2010.01.30 13:38:31 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\Buhl Data Service [2011.09.24 11:33:02 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\Canon [2009.11.28 15:26:25 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\CD-LabelPrint [2010.04.04 11:18:05 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\ComCenter [2009.12.06 16:12:26 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\GetRightToGo [2009.11.28 15:26:25 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\InterVideo [2011.04.12 19:55:06 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\kock [2012.02.20 21:25:00 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\Nokia [2011.09.24 13:59:45 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\Nokia Ovi Suite [2010.08.03 19:20:42 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\OpenOffice.org [2010.12.04 12:58:27 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\PC Suite [2012.02.19 00:56:40 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\Pegasys Inc [2009.12.13 21:20:35 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\phonostar GmbH [2011.08.06 13:40:35 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\r2 Studios [2012.03.29 23:41:36 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\SoftGrid Client [2009.12.19 08:09:07 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\Template [2009.12.20 10:47:00 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\Thunderbird [2011.08.09 21:08:14 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\TP [2009.12.14 00:31:34 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\Tunebite [2011.04.17 18:32:17 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\UAs [2012.02.15 22:05:21 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\VS Revo Group [2012.01.15 13:49:08 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\Windows Live Writer [2011.04.17 18:34:15 | 000,000,000 | ---D | M] -- C:\Users\Pedda\AppData\Roaming\xmldm [2012.03.30 13:04:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.08.03 18:23:21 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.02.27 13:20:26 | 000,000,000 | -HSD | M] -- C:\Boot [2011.05.21 12:02:30 | 000,000,000 | ---D | M] -- C:\Click to Disc [2012.03.28 15:38:59 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2010.04.10 12:59:02 | 000,000,000 | ---D | M] -- C:\dell [2012.02.19 00:48:23 | 000,000,000 | ---D | M] -- C:\divx [2009.04.16 11:45:06 | 000,000,000 | ---D | M] -- C:\Documentation [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.10.06 18:17:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.03.24 14:37:05 | 000,000,000 | ---D | M] -- C:\Intel [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.03.30 13:31:00 | 000,000,000 | ---D | M] -- C:\Program Files [2012.02.21 00:12:25 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.10.06 18:17:17 | 000,000,000 | -HSD | M] -- C:\Programme [2009.11.28 15:52:14 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.03.28 15:38:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.11.29 10:37:17 | 000,000,000 | ---D | M] -- C:\TEMP [2011.12.01 19:49:18 | 000,000,000 | ---D | M] -- C:\Update [2009.11.29 10:15:59 | 000,000,000 | ---D | M] -- C:\Upgrade [2009.11.28 15:27:31 | 000,000,000 | R--D | M] -- C:\Users [2010.01.05 19:41:25 | 000,000,000 | ---D | M] -- C:\VAIO Entertainment [2011.07.14 20:29:24 | 000,000,000 | ---D | M] -- C:\ViewEXIF [2011.07.06 18:21:25 | 000,000,000 | ---D | M] -- C:\WALK THE LINE [2012.03.30 13:32:22 | 000,000,000 | ---D | M] -- C:\Windows [2011.07.06 18:20:59 | 000,000,000 | ---D | M] -- C:\WIR_WAREN_HELDEN [2009.04.16 11:45:06 | 000,000,000 | ---D | M] -- C:\_FS_SWRINFO < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2008.04.15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys [2008.04.22 02:32:06 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (RAID)\IaStor.sys [2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys [2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_2d2ec4fd9937ddb4\iaStor.sys [2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_950dad68cf8acc20\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < %USERPROFILE%\*.* > [2012.03.30 14:01:41 | 004,718,592 | ---- | M] () -- C:\Users\Pedda\ntuser.dat [2012.03.30 14:01:41 | 000,262,144 | -HS- | M] () -- C:\Users\Pedda\ntuser.dat.LOG1 [2009.11.28 15:09:10 | 000,000,000 | -HS- | M] () -- C:\Users\Pedda\ntuser.dat.LOG2 [2011.04.14 17:55:10 | 000,065,536 | -HS- | M] () -- C:\Users\Pedda\ntuser.dat{29d05489-66a3-11e0-a215-002433d3be6a}.TM.blf [2011.04.14 17:55:10 | 000,524,288 | -HS- | M] () -- C:\Users\Pedda\ntuser.dat{29d05489-66a3-11e0-a215-002433d3be6a}.TMContainer00000000000000000001.regtrans-ms [2011.04.14 17:55:10 | 000,524,288 | -HS- | M] () -- C:\Users\Pedda\ntuser.dat{29d05489-66a3-11e0-a215-002433d3be6a}.TMContainer00000000000000000002.regtrans-ms [2009.11.28 15:09:11 | 000,065,536 | -HS- | M] () -- C:\Users\Pedda\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2009.11.28 15:09:11 | 000,524,288 | -HS- | M] () -- C:\Users\Pedda\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2009.11.28 15:09:11 | 000,524,288 | -HS- | M] () -- C:\Users\Pedda\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2011.02.06 16:41:08 | 000,065,536 | -HS- | M] () -- C:\Users\Pedda\ntuser.dat{dc901b04-31f9-11e0-b7f7-002433d3be6a}.TM.blf [2011.02.06 16:41:08 | 000,524,288 | -HS- | M] () -- C:\Users\Pedda\ntuser.dat{dc901b04-31f9-11e0-b7f7-002433d3be6a}.TMContainer00000000000000000001.regtrans-ms [2011.02.06 16:41:08 | 000,524,288 | -HS- | M] () -- C:\Users\Pedda\ntuser.dat{dc901b04-31f9-11e0-b7f7-002433d3be6a}.TMContainer00000000000000000002.regtrans-ms [2009.11.28 15:52:37 | 000,000,020 | -HS- | M] () -- C:\Users\Pedda\ntuser.ini [2010.03.21 10:07:40 | 000,000,193 | ---- | M] () -- C:\Users\Pedda\popgefahr.txt [2010.02.28 08:27:11 | 000,000,419 | ---- | M] () -- C:\Users\Pedda\sieber.txt < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > EXTRAS.txt OTL Extras logfile created on: 30.03.2012 13:55:46 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Pedda\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 85,49% Memory free 5,93 Gb Paging File | 5,52 Gb Available in Paging File | 93,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 453,04 Gb Total Space | 320,05 Gb Free Space | 70,65% Space Free | Partition Type: NTFS Drive I: | 14,94 Gb Total Space | 3,86 Gb Free Space | 25,81% Space Free | Partition Type: FAT32 Computer Name: PEDDA-PC | User Name: Pedda | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F "{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher "{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1B47F7BA-7CF9-4F00-9340-099E3A004059}" = VAIO Update Merge Module x86 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACCUCHEK360) "{30406D09-0004-4CFA-AB4C-12E30D40C960}" = AudialsOne "{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3AF6EF15-5841-4FF8-A3FC-5B2400AB9145}" = Borland Data Engine "{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3e116348-5bec-4119-b3a0-30f2e0614eb3}" = Gigaset QuickSync "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc "{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library "{708F9BEF-2B8C-421D-813E-8CA9EA29B1B8}" = Napster 3.5 MP3 Encoder "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8CDFF5D2-89BF-4391-9D20-7D95C88DC98C}_is1" = Music Collector "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CAB7412-1612-41E2-8182-8F92814D93CD}" = VAIO Original Funktion Einstellungen "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für die Prozessorerkennung "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup aktivieren "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc "{D17D6E7A-DF1E-41E9-B8C2-0078110221A3}" = VAIO Update Merge Module x86 "{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = WIDCOMM Bluetooth Software "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents "{D64EA5EB-E3F0-40DF-AA3A-C3A30E827DD3}" = VAIO Original Function Settings "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime "{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4083807-2479-447E-807A-7F23A80D1B3E}" = ACCU-CHEK 360° "{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5 "{F88A7EB0-90F4-4012-9194-33AF2F1C5BF1}" = VAIO Movie Story 1.5 Upgrade "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21 "AVMFBox" = AVM FRITZ!Box Dokumentation "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module "CanonSolutionMenu" = Canon Utilities Solution Menu "Collectorz.com Music Collector" = Collectorz.com Music Collector "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DPP" = Canon Utilities Digital Photo Professional 3.10 "dt icon module" = "DVD Shrink_is1" = DVD Shrink 3.2 "EOS Utility" = Canon Utilities EOS Utility "EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "InstallShield_{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00 "InstallShield_{F4083807-2479-447E-807A-7F23A80D1B3E}" = ACCU-CHEK 360° "InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5 "McAfee Security Scan" = McAfee Security Scan Plus "MediaNavigation.CDLabelPrint" = CD-LabelPrint "MFU Module" = "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MozBackup" = MozBackup 1.4.9 "Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de) "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0) "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "MSC" = McAfee Internet Security "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "NAVIGON Fresh" = NAVIGON Fresh 3.3.2 "Nokia Suite" = Nokia Suite "NVIDIA Drivers" = NVIDIA Drivers "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "SynTPDeinstKey" = Synaptics Pointing Device Driver "TwonkyMediaTwonkyMedia" = TwonkyMedia "U.S. Robotics V.92 USB Modem" = U.S. Robotics V.92 USB Modem "VAIO Help and Support" = "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-Bit) "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 30.03.2012 05:46:14 | Computer Name = Pedda-PC | Source = WinMgmt | ID = 10 Description = Error - 30.03.2012 05:51:45 | Computer Name = Pedda-PC | Source = WinMgmt | ID = 10 Description = Error - 30.03.2012 06:13:28 | Computer Name = Pedda-PC | Source = WinMgmt | ID = 10 Description = Error - 30.03.2012 06:38:15 | Computer Name = Pedda-PC | Source = WinMgmt | ID = 10 Description = Error - 30.03.2012 07:05:51 | Computer Name = Pedda-PC | Source = WinMgmt | ID = 10 Description = Error - 30.03.2012 07:13:58 | Computer Name = Pedda-PC | Source = WinMgmt | ID = 10 Description = Error - 30.03.2012 07:27:00 | Computer Name = Pedda-PC | Source = WinMgmt | ID = 10 Description = Error - 30.03.2012 07:43:59 | Computer Name = Pedda-PC | Source = SignInAssistant | ID = 0 Description = Error - 30.03.2012 07:52:40 | Computer Name = Pedda-PC | Source = WinMgmt | ID = 10 Description = Error - 30.03.2012 07:57:05 | Computer Name = Pedda-PC | Source = System Restore | ID = 8193 Description = [ System Events ] Error - 30.03.2012 07:52:14 | Computer Name = Pedda-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 30.03.2012 07:52:14 | Computer Name = Pedda-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 30.03.2012 07:52:14 | Computer Name = Pedda-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 30.03.2012 07:52:14 | Computer Name = Pedda-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 30.03.2012 07:52:14 | Computer Name = Pedda-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 30.03.2012 07:52:16 | Computer Name = Pedda-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 30.03.2012 07:52:16 | Computer Name = Pedda-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 30.03.2012 07:52:16 | Computer Name = Pedda-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 30.03.2012 07:53:29 | Computer Name = Pedda-PC | Source = DCOM | ID = 10005 Description = Error - 30.03.2012 07:55:46 | Computer Name = Pedda-PC | Source = DCOM | ID = 10005 Description = < End of report > Was wäre jetzt zu tun? Schön, wenn ihr helfen könntet... McAfee Internet Security kanns nicht  |
|
30.03.2012, 15:23
| #2 |
| /// Malware-holic   | 50 Euro Virus hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [SkypePM] C:\Users\Pedda\AppData\Local\Skype\SkypePM.exe ()
:Files
C:\Users\Pedda\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
30.03.2012, 17:02
| #3 |
| | 50 Euro Virus Hi,
__________________So... hier isse ;-) |
|
30.03.2012, 17:08
| #4 |
| | 50 Euro Virus So, der Upload hat geklappt  |
|
30.03.2012, 17:23
| #5 | |
| /// Malware-holic | 50 Euro Virus danke für den upload. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.03.2012, 17:43
| #6 |
| | 50 Euro Virus Combofix Logfile: Code:
ATTFilter ComboFix 12-03-30.06 - Pedda 30.03.2012 18:31:23.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3039.2320 [GMT 2:00]
ausgeführt von:: c:\users\Pedda\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Pedda\AppData\Roaming\AcroIEHelpe.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-28 bis 2012-03-30 ))))))))))))))))))))))))))))))
.
.
2012-03-30 15:48 . 2012-03-30 16:03 -------- d-----w- C:\_OTL
2012-03-30 14:51 . 2012-03-30 14:51 -------- d-----w- c:\program files\ESET
2012-03-30 14:11 . 2012-03-30 14:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-30 14:11 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:31 . 2012-03-30 11:48 -------- d-----w- c:\program files\stinger
2012-03-28 13:38 . 2012-03-28 13:38 -------- d-----w- c:\program files\Intel Corporation
2012-03-28 07:18 . 2006-12-14 12:42 69120 ----a-r- c:\windows\system32\avmadd32.dll
2012-03-28 07:18 . 2012-03-28 07:18 -------- d-----w- c:\program files\FRITZ!Box
2012-03-18 21:24 . 2012-03-18 21:24 -------- d-----w- c:\users\Pedda\AppData\Local\Apps
2012-03-14 20:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 20:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 15:11 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:11 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:11 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 15:11 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 15:11 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 15:11 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 15:11 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 15:11 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 11:31 . 2011-12-02 19:19 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-03-30 11:31 . 2011-12-02 19:14 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-30 11:31 . 2011-03-13 10:20 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-01-04 08:58 . 2012-02-14 20:31 442880 ----a-w- c:\windows\system32\ntshrui.dll
2010-12-10 13:27 . 2010-08-13 14:20 1456640 ----a-w- c:\program files\Common Files\Falk Navi-Manager.msi
2011-11-24 22:33 . 2011-08-10 14:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 . 2011-08-11 14:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2009-08-10 284592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2009-07-15 1101824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 13797920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-16 8120864]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"NapsterShell"="c:\program files\Napster\napster.exe" [2010-07-20 323280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
" Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-01-13 1081416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-08-04 07:58 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Twonky Tray Control.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Tray Control.lnk
backup=c:\windows\pss\Twonky Tray Control.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Pedda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Audio Filter.lnk]
path=c:\users\Pedda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk
backup=c:\windows\pss\Audio Filter.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Pedda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cgs8h0.exe.lnk]
path=c:\users\Pedda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cgs8h0.exe.lnk
backup=c:\windows\pss\cgs8h0.exe.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Pedda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Pedda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-25 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
R2 MSSQL$ACCUCHEK360;SQL Server (ACCUCHEK360);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2009-06-11 303104]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 TwonkyMedia;TwonkyMedia;c:\program files\TwonkyMedia\twonkymediaserverwatchdog.exe [2012-01-13 512840]
R2 TwonkyWebDav;TwonkyWebDav;c:\program files\TwonkyMedia\twonkywebdav.exe [2012-01-13 250696]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-07-06 415592]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-02-19 29736]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]
R3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\DRIVERS\GigasetGenericUSB.sys [2009-02-20 44032]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-25 136176]
R3 JMCR_CFS;JMCR_CFS;c:\windows\system32\DRIVERS\jmcr_cfs.sys [2008-11-06 55696]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-03-30 87656]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-12-05 66080]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-03-04 31848]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SPR3322K;SPRx3x USB SmartCard Reader;c:\windows\system32\DRIVERS\SPR3322K.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1086568]
R4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R4 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 165680]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 64880]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 160608]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-30 159608]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-09-08 4231680]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-03-04 31848]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-11-19 9344]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mferkdk
*Deregistered* - mfesmfk
*Deregistered* - MPFP
*Deregistered* - regi
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-25 23:05]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-25 23:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig?brand=SNYT&bmod=EU01
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: seb-bank.de\karte
Trusted Zone: seb.de\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Pedda\AppData\Roaming\Mozilla\Firefox\Profiles\pmd17pmw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Comcenter Easy - c:\program files\FAX.de\ComCenter\ComCenterEasy.exe
MSConfigStartUp-SHTtray - c:\program files\Common Files\Sony Shared\SOHLib\SHTtray.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\CHIPDRIVE\SOK\Config]
@DACL=(02 0000)
"SerialNumber"="88D8B4F33B7A8F6DED3C119E8270DF30A5F622D5CACA8071"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-30 18:37:36
ComboFix-quarantined-files.txt 2012-03-30 16:37
.
Vor Suchlauf: 20 Verzeichnis(se), 343.504.928.768 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 343.390.806.016 Bytes frei
.
- - End Of File - - A6EA4EED509ADA2E3641FDE2A30BCB45
|
|
30.03.2012, 19:50
| #7 |
| /// Malware-holic | 50 Euro Virus nutzt du das system für onlinebanking, einkäufe, sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.03.2012, 20:01
| #8 |
| | 50 Euro Virus Ja genau. Ich mache Online Banking damit (daher die alten, nicht mehr aktiven Einträge der SEB) und natürlich der eine oder andere Einkauf. Ich trau mich im Moment nicht, den Rechner wieder normal laufen zu lassen und warte lieber, bis ich von euch wieder lese ;-) |
|
31.03.2012, 17:08
| #9 |
| /// Malware-holic | 50 Euro Virus also, ich sehe hier nen trojan.banker. deswegen sicherheitshalber neue zugangsdaten von der bank senden lassen. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.04.2012, 06:56
| #10 |
| | 50 Euro Virus Hi, Also mein System läuft wieder ohne diese Störung. Ich hab das komplette System durch Malwarebytes prüfen lassen ebenso wie durch einen Komplettcheck durch McAfee. Es ist nichts mehr aufgetaucht. Das Online-Banking geschieht nicht mehr durch ein Chipkarten-Banking. Ich werde mir die Sicherungsmöglichkeiten später ansehen, weiss nicht genau ob ich eine Recovery-cd habe. Damals war Vista auf dem Rechner, dann habe ich das "kostenlose" Upgrade gekauft auf Win7 Home Premium. Wenn ich es neu aufsetze, bräuchte ich noch Tips zur Sicherung und Wiederherstellung von Emailkonten aus windows Live Mail sowie Mozilla Thunderbird. Aber ich melde mich dann wieder, habe über Ostern sehr viel beruflich zu tun. Bis später.... und ganz viel danke  Ach so.... noch was.... ich benutze auch kein Star Money oder sonstiges ;-) |
|
03.04.2012, 08:17
| #11 |
| /// Malware-holic | 50 Euro Virus wie kann man sich etwas kostenloses kaufen... der pc muss definitiv neu aufgesetzt werden, egal wie viele scans du laufen lässt. ja, dass du im moment kein chipcard reader und star money nutzt ist unschön, denn nur dies, bzw eine vergleichbare software, erlaubt sicheres online banking.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu 50 Euro Virus |
| autorun, bho, desktop, euro, firefox, format, google earth, home, install.exe, intranet, karte, kaspersky, logfile, mozilla thunderbird, mp3, nvstor.sys, phishing, programm, realtek, registry, required, revo uninstaller, rundll, scan, searchscopes, security, security scan, siteadvisor, software, sparbuch, taskmanager, virus, windows, wiso |
