Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BUNDESTROJANER eingefangen! Was nun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.08.2012, 00:44   #1
Queeny89
 
BUNDESTROJANER eingefangen! Was nun? - Standard

BUNDESTROJANER eingefangen! Was nun?



Hallo,

ich hab mich grad so sehr erschrocken , als mein Laptop gesperrt wurde. Habe ganz normale auf meinem Laptop gearbeitet und bei Google "Bildrückwärtssuche" gemacht, da mir ein Bild sehr komisch vorkam. Durch ein Klick auf einen Link hab mir diesen Bundestrojaner "GUV" eingefangen.

Befinde mich jetzt im "abgesichterten Modus". Wo kann ich OTL runterladen? und welche Schritte muss ich weiter gehen?

Bitte um Hilfe. Habe wichtige Daten auf meinem Laptop.

Betriebssystem: Vista


Lg Queeny

SCAN von OTL

Ergebnis OTL.txt
Code:
ATTFilter
OTL logfile created on: 07.08.2012 02:23:26 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Jodi Jean\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 81,76% Memory free
6,19 Gb Paging File | 5,87 Gb Available in Paging File | 94,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,71 Gb Total Space | 155,00 Gb Free Space | 53,87% Space Free | Partition Type: NTFS
 
Computer Name: BEBI-PC | User Name: Jodi Jean | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.07 01:49:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jodi Jean\Desktop\OTL.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.06 13:40:00 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.18 21:21:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.06 17:29:06 | 000,392,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2012.03.06 17:29:06 | 000,093,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2012.03.06 17:29:06 | 000,076,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2012.03.06 17:29:04 | 000,122,008 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2012.03.06 17:29:04 | 000,072,856 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2012.01.13 10:53:48 | 000,939,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Stopped] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.05.21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.09.16 14:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.09.08 19:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009.07.21 15:49:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.05.21 15:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.05.21 14:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.04.02 01:15:30 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2009.03.05 19:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009.03.05 19:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.03.05 19:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.03.05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.01.24 10:31:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.01.19 13:49:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008.12.21 22:55:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008.12.19 14:02:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- c:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2011.09.08 17:49:26 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011.09.08 17:49:24 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2011.08.09 15:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011.08.04 10:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011.08.04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.07.21 19:16:00 | 009,558,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.06.29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.05.28 23:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2009.04.09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.01.07 22:17:28 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.11.24 23:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008.11.19 02:08:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008.10.23 02:02:26 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008.10.23 02:02:05 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008.04.24 15:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2004.04.01 17:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
IE - HKLM\..\SearchScopes\{FEF36E3B-F768-4A7E-A590-DF7B1E9380CA}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {9AAA0826-24E7-4DCA-BFCB-F57B8961C97E}
IE - HKCU\..\SearchScopes\{9AAA0826-24E7-4DCA-BFCB-F57B8961C97E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7SNYK_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.14 02:01:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.02.08 16:34:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.28 13:48:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.12.29 03:06:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:21:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.01.28 18:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Extensions
[2012.01.28 18:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.08.06 13:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Firefox\Profiles\rdhpyawi.default\extensions
[2012.05.18 21:35:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Firefox\Profiles\rdhpyawi.default\extensions\ich@maltegoetz.de
[2011.12.21 20:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.18 21:21:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 15:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.28 15:19:39 | 000,000,859 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1                   activate.adobe.com
O1 - Hosts: 127.0.0.1                   practivate.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - Reg Error: Value error. File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DD30EF4-3D03-4B91-B3D1-BFEDBAE01B50}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{400A0307-6EF0-4B69-96D8-4BE8BD574F68}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E27893-A70E-43A1-B92D-33895DB60DE1}: DhcpNameServer = 20.20.20.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB0F77C7-90D8-4930-A204-89945BF863BC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8C57B21-055C-4100-B24B-AB84EE0BFB4B}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Jodi Jean\AppData\Roaming\msconfig.dat) - C:\Users\Jodi Jean\AppData\Roaming\msconfig.dat ()
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Jodi Jean\Pictures\Wallpaper\angelina_jolie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jodi Jean\Pictures\Wallpaper\angelina_jolie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{08f22909-299f-11e1-b1b5-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{08f22909-299f-11e1-b1b5-001e101f79c9}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{63b86b71-0f06-11e1-a51a-001dba76ce7b}\Shell - "" = AutoRun
O33 - MountPoints2\{63b86b71-0f06-11e1-a51a-001dba76ce7b}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{63b86b81-0f06-11e1-a51a-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{63b86b81-0f06-11e1-a51a-001e101f2500}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= -  File not found
MsConfig - StartUpReg: AutoKMS - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MarketingTools - hkey= - key= - C:\Programme\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
MsConfig - StartUpReg: MobileConnect - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.07 01:49:01 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jodi Jean\Desktop\OTL.exe
[2012.08.06 13:37:15 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012.08.01 23:17:34 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\Desktop\Ca_sandro
[2012.07.31 10:50:28 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\Desktop\sandro 2
[2012.07.28 00:12:57 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\Desktop\CASANDRO Web
[2012.07.28 00:09:14 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\Desktop\DANNY
[2012.07.28 00:06:52 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\Desktop\BLOG EDIT
[2012.07.21 19:53:06 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\Desktop\Sandro_Photo
[2012.07.20 23:00:51 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\AppData\Local\ESET
[2012.07.12 21:21:01 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\AppData\Local\{6379D574-0B30-4640-8F71-AE8446A624B8}
[2012.07.12 21:20:39 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\AppData\Local\{DBC834F1-EF45-4D31-953A-70061A2DC1C7}
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.07 01:49:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jodi Jean\Desktop\OTL.exe
[2012.08.07 01:40:16 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.07 01:40:15 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.07 01:40:15 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.07 01:40:15 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.07 01:33:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.07 01:32:25 | 000,000,045 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Roaming\msconfig.ini
[2012.08.07 01:32:19 | 000,246,032 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.08.07 01:32:18 | 000,246,032 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.08.07 00:40:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.07 00:40:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.07 00:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.06 20:58:02 | 000,001,680 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012.08.06 15:07:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.06 13:35:54 | 000,000,768 | ---- | M] () -- C:\Users\Jodi Jean\Documents\Settings.ini
[2012.08.02 13:52:59 | 000,176,608 | ---- | M] () -- C:\Users\Jodi Jean\Desktop\Bewerbungsfoto_Rufina_Neumann.jpg
[2012.08.02 02:20:24 | 000,000,161 | ---- | M] () -- C:\Windows\AutoKMS.ini
[2012.08.02 02:20:04 | 000,077,824 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2012.08.01 21:25:19 | 000,034,304 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.31 12:28:59 | 056,666,006 | ---- | M] () -- C:\Users\Jodi Jean\Desktop\cas_map.psd
[2012.07.31 01:09:01 | 000,311,430 | ---- | M] () -- C:\Users\Jodi Jean\Desktop\moodyclub_flyer_800x402.jpg
[2012.07.31 00:58:40 | 000,446,546 | ---- | M] () -- C:\Users\Jodi Jean\Desktop\moodyclub_flyer.jpg
[2012.07.31 00:58:27 | 005,930,562 | ---- | M] () -- C:\Users\Jodi Jean\Desktop\moddyclub_flyer.psd
[2012.07.24 13:58:58 | 001,053,136 | ---- | M] () -- C:\Users\Jodi Jean\Desktop\pia.jpg
[2012.07.21 20:47:21 | 000,000,132 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.07.12 16:00:31 | 000,202,872 | ---- | M] () -- C:\Users\Jodi Jean\Desktop\skizze.jpg
[2012.07.11 16:14:00 | 003,767,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.08.07 01:20:33 | 000,000,045 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Roaming\msconfig.ini
[2012.08.06 13:35:54 | 000,000,768 | ---- | C] () -- C:\Users\Jodi Jean\Documents\Settings.ini
[2012.08.06 13:35:27 | 026,835,456 | ---- | C] () -- C:\Users\Jodi Jean\Documents\Microsoft Toolkit.exe
[2012.08.02 13:52:57 | 000,176,608 | ---- | C] () -- C:\Users\Jodi Jean\Desktop\Bewerbungsfoto_Rufina_Neumann.jpg
[2012.08.02 02:20:04 | 000,077,824 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2012.07.31 12:28:58 | 056,666,006 | ---- | C] () -- C:\Users\Jodi Jean\Desktop\cas_map.psd
[2012.07.31 01:09:00 | 000,311,430 | ---- | C] () -- C:\Users\Jodi Jean\Desktop\moodyclub_flyer_800x402.jpg
[2012.07.30 22:30:39 | 000,446,546 | ---- | C] () -- C:\Users\Jodi Jean\Desktop\moodyclub_flyer.jpg
[2012.07.30 22:13:11 | 005,930,562 | ---- | C] () -- C:\Users\Jodi Jean\Desktop\moddyclub_flyer.psd
[2012.07.24 11:53:30 | 001,053,136 | ---- | C] () -- C:\Users\Jodi Jean\Desktop\pia.jpg
[2012.07.12 16:00:29 | 000,202,872 | ---- | C] () -- C:\Users\Jodi Jean\Desktop\skizze.jpg
[2012.06.22 19:22:37 | 000,010,567 | R--- | C] () -- C:\Windows\hpwscr19.dat
[2012.06.22 19:17:08 | 000,203,129 | ---- | C] () -- C:\Windows\hpwins19.dat
[2012.06.08 00:58:25 | 000,000,132 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012.01.23 22:36:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012.01.19 19:51:33 | 000,126,976 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Roaming\msconfig.dat
[2012.01.15 10:06:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.12.27 22:49:10 | 000,001,680 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011.12.12 22:43:58 | 000,246,032 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.12.12 22:43:58 | 000,246,032 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.12.02 19:52:55 | 000,000,132 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.01 00:31:58 | 000,034,304 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.20 21:10:51 | 000,001,356 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Local\d3d9caps.dat
[2011.11.19 20:12:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.11.19 20:12:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.11.16 01:36:02 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011.11.14 23:08:02 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== LOP Check ==========
 
[2011.11.15 00:39:30 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Bytemobile
[2012.03.26 16:38:39 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.11.29 23:46:40 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012.08.01 03:00:19 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\FileZilla
[2012.08.07 00:34:37 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\ICQ
[2012.02.05 03:22:12 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Image-Line
[2011.12.02 18:20:01 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.11.15 23:02:40 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Thunderbird
[2012.01.28 18:43:28 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\TomTom
[2011.11.15 00:39:30 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Vodafone
[2011.11.15 00:45:29 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Vodafone Mobile Connect
[2012.06.29 20:28:03 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Wacom
[2012.06.29 20:30:15 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2012.08.06 15:07:26 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.20 19:45:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.11.19 20:51:10 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.08.06 18:45:00 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2011.11.14 23:15:24 | 000,000,000 | ---D | M] -- C:\Documentation
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.11.15 00:24:56 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.20 14:40:41 | 000,000,000 | ---D | M] -- C:\Intel
[2012.01.28 13:50:40 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.11.20 22:22:18 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.06.29 20:27:13 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.06.29 20:27:54 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.11.15 00:24:56 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.08.07 01:21:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.04.21 14:36:13 | 000,000,000 | ---D | M] -- C:\Temp
[2012.04.06 18:38:47 | 000,000,000 | ---D | M] -- C:\Update
[2012.03.20 19:44:48 | 000,000,000 | R--D | M] -- C:\Users
[2012.08.07 01:33:31 | 000,000,000 | ---D | M] -- C:\Windows
[2011.11.14 23:15:24 | 000,000,000 | ---D | M] -- C:\_FS_SWRINFO
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.06.29 20:27:55 | 000,000,002 | ---- | M] () -- C:\Users\Jodi Jean\.bdockinstall.log
[2012.08.07 02:15:23 | 003,670,016 | -HS- | M] () -- C:\Users\Jodi Jean\NTUSER.DAT
[2012.08.07 02:15:23 | 000,262,144 | -H-- | M] () -- C:\Users\Jodi Jean\ntuser.dat.LOG1
[2011.11.15 00:28:22 | 000,000,000 | -H-- | M] () -- C:\Users\Jodi Jean\ntuser.dat.LOG2
[2012.08.06 15:07:24 | 000,065,536 | -HS- | M] () -- C:\Users\Jodi Jean\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.08.06 15:07:24 | 000,524,288 | -HS- | M] () -- C:\Users\Jodi Jean\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2011.11.15 02:55:11 | 000,524,288 | -HS- | M] () -- C:\Users\Jodi Jean\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2011.11.15 00:28:23 | 000,000,020 | -HS- | M] () -- C:\Users\Jodi Jean\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D3A96964

< End of report >
         
Ergebnis Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 07.08.2012 02:23:26 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Jodi Jean\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 81,76% Memory free
6,19 Gb Paging File | 5,87 Gb Available in Paging File | 94,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,71 Gb Total Space | 155,00 Gb Free Space | 53,87% Space Free | Partition Type: NTFS
 
Computer Name: BEBI-PC | User Name: Jodi Jean | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C4ED415-0F85-4D4C-8A7F-BCBF9B07A3EE}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 | 
"{3738C42C-E768-4E6C-9C74-5C0C5232B784}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{53AE771F-D49F-4D86-BA68-751FE2299FF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8D5D6C98-5E5B-4ED2-8D6A-ECA7FCD16D39}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{96FAA392-C7C3-4DDD-BDA8-0A6B064DFD4B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\office14\outlook.exe | 
"{9FC3F338-C436-4523-B835-5F7203D9C080}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{AA9541B7-FDAA-4565-A254-ECB279E90361}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0044E32E-01FF-4DE3-9BF3-BFEAF18B7362}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\office14\groove.exe | 
"{0CC6F66B-B409-4BDF-BCA4-EECC7CA39AF8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{0F05F975-08BC-4884-9D08-A6DA7EC94D1C}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{13F2F5C3-866A-4E50-AE25-200F0DB73207}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{1802B28A-C564-4C7D-9422-BFF4AB63378E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{2A4C1F53-EA0F-4B39-9498-DA154F010034}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{3CDB3D3C-B736-4430-9AD6-1E4DA2243639}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\office14\onenote.exe | 
"{517A0A8E-7C9D-4938-9A87-E44C0231D9B7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{56855CF9-A2D0-4A42-B355-AC15933BDD96}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{5E175649-65CA-4380-87BB-F9E21BE493F7}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{6D490C3C-C131-4562-894D-AB7F537E1CAC}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe | 
"{8F896B79-33F0-4B7C-8289-ADED3906D175}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{902CA7B4-2EF0-43E7-8BAE-C200753B3E1E}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{92B62CEA-C758-4853-B2D3-1C2F4C04A179}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe | 
"{9975574C-3070-40C6-A2CF-296C3C679F10}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{9AB078B7-D63A-4DB8-B0BE-227BD2225F75}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\office14\groove.exe | 
"{9CF176B2-C783-47A1-A444-451BF3EEA6CF}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{9DBC9A07-1B5E-45A6-A03A-5D4F58CE7B18}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{AA3FF900-9842-404B-8FCE-A05C8F09336B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\office14\onenote.exe | 
"{B8A39A48-71CF-42F1-948E-D025F1AB5C4C}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{BEF3BF53-E059-4D5B-BE03-BBD3306C8CCD}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe | 
"{C5E665E9-C773-4B59-A72F-64225C092B05}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe | 
"{DB7CFEA5-068B-4963-AD28-144947B107E6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{DEFE2353-987F-4B40-AF46-0805230A582A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E23174F8-0222-4F3D-81BF-20369353656E}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{F36641DE-A581-483F-925D-19DF0DD839D3}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{F71CC117-0932-4C58-9DFA-49CABEF474DA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{FE5455D5-66EC-4C3F-91F0-2C357B4A010A}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"TCP Query User{042F74C2-0747-46C9-A08E-69E57311796E}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{14562E9F-77F1-4AA0-8161-99E5E12A3DC6}C:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{154BF3C6-2FD2-4403-96ED-380D75FEF058}C:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"TCP Query User{1A9B471F-8481-48EE-9ABB-2217E4227D45}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{1D01D2FC-24E5-4F3E-95E1-EB7DF0647352}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{3CA52080-A746-453A-81E4-BBBBEFA7ABEC}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{74DEBD6F-425F-44D7-B34E-3748FA79A747}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{7E2C4FB3-979A-46B3-999A-71303FCCEE21}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe | 
"TCP Query User{B3170B2C-9482-43FE-84D5-3CD612D848F8}C:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"TCP Query User{D9675B63-12B3-4BEF-8B1D-1949C2F10518}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe | 
"TCP Query User{E60490A2-FB83-4EE0-A347-35C8165466E9}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{E85B8223-A716-447C-A2A1-D411977E50D1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{10D51B2C-B929-4474-AC9D-8C224B8F2403}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{269CD265-452C-4F11-8EC9-076297A9058A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{3291EC49-47E3-46E0-8BC5-D2E6E0AF638D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{589A56C3-E66D-41F2-B89A-E48942CEB500}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{6BF2C26E-0FB5-4E98-BEC3-46AD3C8001B0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{791FC1A5-F3D7-48EF-AF9E-A09AD102F493}C:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"UDP Query User{A31B674C-D5D0-4880-8C40-C1B9FBF56779}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe | 
"UDP Query User{A7BE9C6F-4760-4D21-A2D8-E56CFD1CCB47}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{B9000F84-07F3-4D42-B93A-116319D00413}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe | 
"UDP Query User{BF0A41E5-D31C-4556-A081-803DB851515B}C:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"UDP Query User{BF2D3D0F-CB6C-4A57-8669-087EC86E4CDD}C:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{C8C76EEA-3C6D-4CC7-9DA1-D30BBE324C71}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1B47F7BA-7CF9-4F00-9340-099E3A004059}" = VAIO Update Merge Module x86
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi-Software
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"{AEF8B78C-4F3E-41F1-9C2D-88150D4BB3AD}" = Sony Home Network Library
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1991F22-4F93-4D11-9866-A7DFE551DF9E}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup aktivieren
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = WIDCOMM Bluetooth Software
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF872023-6648-42AF-9A07-1E6F55FE7291}" = ESET NOD32 Antivirus
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"Bamboo Dock" = Bamboo Dock
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dt icon module" = 
"EOS Utility" = Canon Utilities EOS Utility
"FileZilla Client" = FileZilla Client 3.5.3
"FL Studio 10" = FL Studio 10
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IL Download Manager" = IL Download Manager
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"MarketingTools" = VAIO Marketing Tools
"MFU Module" = 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pen Tablet Driver" = Bamboo
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.8.2.2264
"VAIO Help and Support" = 
"VLC media player" = VLC media player 2.0.1
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.07.2012 14:17:06 | Computer Name = Bebi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.07.2012 14:17:07 | Computer Name = Bebi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.07.2012 14:17:07 | Computer Name = Bebi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.07.2012 14:17:58 | Computer Name = Bebi-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 27.07.2012 14:18:14 | Computer Name = Bebi-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 28.07.2012 07:22:10 | Computer Name = Bebi-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 28.07.2012 07:22:11 | Computer Name = Bebi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.07.2012 07:23:41 | Computer Name = Bebi-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 28.07.2012 07:25:19 | Computer Name = Bebi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.07.2012 07:25:19 | Computer Name = Bebi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 21.11.2011 17:41:21 | Computer Name = Bebi-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 2.200.197.137 für die Netzwerkkarte mit der Netzwerkadresse
 001E101F82A7 wurde durch den DHCP-Server 2.205.218.142 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 21.11.2011 18:47:38 | Computer Name = Bebi-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 2.205.218.141 für die Netzwerkkarte mit der Netzwerkadresse
 001E101F82A7 wurde durch den DHCP-Server 77.25.224.29 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 21.11.2011 18:47:38 | Computer Name = Bebi-PC | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 2.205.218.141
 mit dem Computer mit der  Netzwerkhardwareadresse 02-50-F3-00-00-00 ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
Error - 24.11.2011 16:49:11 | Computer Name = Bebi-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 2.200.44.249 für die Netzwerkkarte mit der Netzwerkadresse
 001E101FB4DF wurde durch den DHCP-Server 77.24.254.238 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 28.11.2011 08:05:16 | Computer Name = Bebi-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 77.24.62.140 für die Netzwerkkarte mit der Netzwerkadresse
 001E101F2B52 wurde durch den DHCP-Server 2.205.7.33 abgelehnt (der DHCP-Server 
hat eine DHCPNACK-Meldung gesendet).
 
Error - 28.11.2011 08:23:51 | Computer Name = Bebi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 28.11.2011 08:23:51 | Computer Name = Bebi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 28.11.2011 08:23:51 | Computer Name = Bebi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.11.2011 09:39:50 | Computer Name = Bebi-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 2.205.7.34 für die Netzwerkkarte mit der Netzwerkadresse
 001E101F2B52 wurde durch den DHCP-Server 77.24.229.46 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 30.11.2011 09:39:16 | Computer Name = Bebi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
 
< End of report >
         
EDIT: Es war der GVU 2.07 bei mir. Nachdem ich im abgesicherten Modus OTL durchführte und anschließend dann neugestartet, habe ich im normalen Modus nach der Prüfung im Taskmananer nach sämtlichen verdächtigen Prozesse den "Systemwiederherstellung" um 1 Tag zurück gemacht. Erneut wurde mein Laptop neugestartet und nun lasse ich ESET NOD32 Antivirus durchlaufen. Bis jetzt noch nichts gefunden. Bei der Prüfung der Prozesse war nichts auffälliges zu sehen.

Ob es nun weg ist? :-/

Alt 07.08.2012, 08:02   #2
Undertaker
/// Helfer-Team
 
BUNDESTROJANER eingefangen! Was nun? - Standard

BUNDESTROJANER eingefangen! Was nun?



Zitat:
Zitat von Queeny89 Beitrag anzeigen
Ob es nun weg ist? :-/
moin moin,
das mußt Du selbst entscheiden.
Unabhängig vom GVU-Trojaner kann man sich mit Keygens und Patches auch die Krätze an den Hals, sprich Schadsoftware auf den Rechner holen.
Denk mal drüber nach.

Volker
__________________

__________________

Alt 07.08.2012, 09:06   #3
Queeny89
 
BUNDESTROJANER eingefangen! Was nun? - Unglücklich

BUNDESTROJANER eingefangen! Was nun?



Zitat:
Zitat von Undertaker Beitrag anzeigen
moin moin,
das mußt Du selbst entscheiden.
Unabhängig vom GVU-Trojaner kann man sich mit Keygens und Patches auch die Krätze an den Hals, sprich Schadsoftware auf den Rechner holen.
Denk mal drüber nach.

Volker
@Volker: Was möchtest du mir damit jetzt sagen? Ich lade ganz sicher keine illegalen Sachen runter.


Wie bekomme ich jetzt den Trojaner weg?
__________________

Alt 07.08.2012, 14:40   #4
Undertaker
/// Helfer-Team
 
BUNDESTROJANER eingefangen! Was nun? - Standard

BUNDESTROJANER eingefangen! Was nun?



Dass Du illegale Software downloadest will ich garnicht sagen.
Mir ist nur folgendes aufgefallen:

Zitat:
Zitat von Auszug aus OTL-Logs
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection

O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
Und nun ein Textauszug aus einer Readme.txt
Zitat:
1. Install Adobe Master Collection software.
2. Use keygen to generate serial
3. When installation is finished... Execute Dis_Act_Wh!.cmd

NOTE: Dis_Act_Wh!.cmd enters 127.0.0.1 activate.adobe.com into HOSTS file, you may have to disable any Antispyware appz, as these may stop HOSTS file editing.
Findest Du das nicht auch komisch?

Volker
__________________
Das Board unterstützen

Datenrettung -->HIER!

Zitat der Woche: Die Gefahr, dass der Computer so wird wie der Mensch, ist nicht so groß wie die Gefahr, dass der Mensch so wird wie der Computer.

Alt 07.08.2012, 16:29   #5
Queeny89
 
BUNDESTROJANER eingefangen! Was nun? - Unglücklich

BUNDESTROJANER eingefangen! Was nun?



Zitat:
Zitat von Undertaker Beitrag anzeigen
Dass Du illegale Software downloadest will ich garnicht sagen.
Mir ist nur folgendes aufgefallen:



Und nun ein Textauszug aus einer Readme.txt
Findest Du das nicht auch komisch?

Volker
Hallo Volker,
im grunde verstehe ich was du meinst. Davon hab ich ehrlich gesagt nichts gewusst, da mein Ex mir die Programme für PS und Microsoft Office 2010 Professionell Plus drauf machte. Was er weiter angestellt hatte, wusste ich nicht, erst jetzt wo du es mir zeigst.
Ich hatte ja heute mit ihm telefoniert, aber am Telefon sagte er nichts von.
Was soll ich jetzt machen?

Ich hab auf dem Laptop sehr wichtige Design-Daten und Photographie drauf, möchte das alles nicht verlieren. Bin grad echt verzweifelt.

Queeny


Alt 07.08.2012, 16:43   #6
Undertaker
/// Helfer-Team
 
BUNDESTROJANER eingefangen! Was nun? - Standard

BUNDESTROJANER eingefangen! Was nun?



Nun, nachdem Du eine Systemwiederherstellung mit einer Kopie gemacht hast, die vor der Infektion lag und ESET auch nichts mehr findet (ich hoffe ESET ist aktuell), kannst Du nochmal einen Scan mit Malwarebytes machen.
Außerdem sichere vorsichtshalber alle Deine Daten.

Volker
__________________
--> BUNDESTROJANER eingefangen! Was nun?

Alt 07.08.2012, 17:02   #7
Queeny89
 
BUNDESTROJANER eingefangen! Was nun? - Standard

BUNDESTROJANER eingefangen! Was nun?



Zitat:
Zitat von Undertaker Beitrag anzeigen
Nun, nachdem Du eine Systemwiederherstellung mit einer Kopie gemacht hast, die vor der Infektion lag und ESET auch nichts mehr findet (ich hoffe ESET ist aktuell), kannst Du nochmal einen Scan mit Malwarebytes machen.
Außerdem sichere vorsichtshalber alle Deine Daten.

Volker
Also Systemwiederherstellung hab ich per Zeit gemacht, sprich auf ein Werktag zurück gesetzt, wo es noch nicht passierte. ESET ist aktuell ja.

Ok, dann sichere ich die Daten erstmal, aber im agesicherten Modus?
Dann lass ich den anderen scan drüber laufen.

Ich melde mich, soweit ich des habe. Muss ich vom Scan dann was posten?

Liebe Grüße und danke für die Hilfe
Queeny

Edit: achso.. die originelle Systemwiederherstellungs-Disk hab ich. Ja, die wurde ganz am Anfang beim einrichten des Laptops gemacht.

Edit 2: Wichtige Daten im abgesichteren Modus auf externe Festplatte gesichert. Malwarebytes durchlaufen lassen.

Ergebnis
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.07.09

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Jodi Jean :: BEBI-PC [Administrator]

Schutz: Deaktiviert

08.08.2012 01:11:49
mbam-log-2012-08-08 (01-11-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 472250
Laufzeit: 1 Stunde(n), 8 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Jodi Jean\AppData\Roaming\msconfig.dat (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 08.08.2012, 08:14   #8
Undertaker
/// Helfer-Team
 
BUNDESTROJANER eingefangen! Was nun? - Standard

BUNDESTROJANER eingefangen! Was nun?



moin moin,
das sieht doch garnicht schlecht aus.
Deine Daten hast Du gesichert.
Starte den Rechner mal normal, mal sehen ob er noch Auffälligkeiten zeigt.
Mache nochmal einen Scan mit OTL und poste das Logfile.

Volker
__________________
Das Board unterstützen

Datenrettung -->HIER!

Zitat der Woche: Die Gefahr, dass der Computer so wird wie der Mensch, ist nicht so groß wie die Gefahr, dass der Mensch so wird wie der Computer.

Alt 08.08.2012, 16:33   #9
Queeny89
 
BUNDESTROJANER eingefangen! Was nun? - Standard

BUNDESTROJANER eingefangen! Was nun?



Zitat:
Zitat von Undertaker Beitrag anzeigen
moin moin,
das sieht doch garnicht schlecht aus.
Deine Daten hast Du gesichert.
Starte den Rechner mal normal, mal sehen ob er noch Auffälligkeiten zeigt.
Mache nochmal einen Scan mit OTL und poste das Logfile.

Volker


Hallo Volker,
hier das Logfile von OTL (ich hoffe, dass ich es richtig gemacht habe?):
Code:
ATTFilter
OTL logfile created on: 08.08.2012 17:25:38 - Run 3
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Jodi Jean\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,26% Memory free
6,20 Gb Paging File | 4,85 Gb Available in Paging File | 78,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,71 Gb Total Space | 175,11 Gb Free Space | 60,86% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 442,95 Gb Free Space | 95,10% Space Free | Partition Type: NTFS
 
Computer Name: BEBI-PC | User Name: Jodi Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.08 16:53:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jodi Jean\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.01.17 11:36:08 | 001,015,912 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2012.01.13 10:53:48 | 000,939,624 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Update Common\VUAgent.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.27 05:45:40 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe
PRC - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.09.22 13:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe
PRC - [2011.09.08 17:48:34 | 003,281,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchUser.exe
PRC - [2011.09.08 17:48:34 | 001,485,176 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TabletUser.exe
PRC - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe
PRC - [2011.05.21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009.07.21 15:49:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.05.21 15:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2009.05.21 14:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.05 19:47:40 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009.03.05 19:47:40 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009.03.05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009.01.24 10:31:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.01.19 13:49:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Event Service\VESMgr.exe
PRC - [2009.01.19 13:49:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008.12.22 00:30:32 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Programme\sony\Network Utility\LANUtil.exe
PRC - [2008.12.21 22:55:06 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Programme\sony\Network Utility\NSUService.exe
PRC - [2008.12.19 14:02:08 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Power Management\SPMgr.exe
PRC - [2008.12.19 14:02:08 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Power Management\SPMService.exe
PRC - [2008.12.18 11:53:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Programme\sony\ISB Utility\ISBMgr.exe
PRC - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- c:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.18 12:26:16 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.15 23:27:29 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.15 23:27:20 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.12 16:57:44 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll
MOD - [2012.05.12 16:57:43 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
MOD - [2012.05.12 16:57:40 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
MOD - [2012.05.12 16:57:36 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
MOD - [2012.05.12 16:57:35 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7d5061292d80e6d0856b4d6fd4e88b64\System.ServiceModel.ni.dll
MOD - [2012.05.12 16:13:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.12 16:11:15 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.12 16:09:36 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.12 16:09:20 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.09.27 05:45:40 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe
MOD - [2011.09.08 17:48:36 | 000,962,936 | ---- | M] () -- C:\Programme\Tablet\Pen\libxml2.dll
MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.12.09 08:54:50 | 000,495,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll
MOD - [2009.04.02 12:13:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2009.04.02 12:13:44 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.07 04:40:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.18 21:21:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.06 17:29:06 | 000,392,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2012.03.06 17:29:06 | 000,093,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2012.03.06 17:29:06 | 000,076,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2012.03.06 17:29:04 | 000,122,008 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2012.03.06 17:29:04 | 000,072,856 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2012.01.13 10:53:48 | 000,939,624 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.05.21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.09.16 14:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.09.08 19:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009.07.21 15:49:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.05.21 15:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.05.21 14:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.04.02 01:15:30 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2009.03.05 19:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009.03.05 19:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.03.05 19:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.03.05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.01.24 10:31:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.01.19 13:49:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008.12.21 22:55:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008.12.19 14:02:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.08 17:49:26 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011.09.08 17:49:24 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2011.08.09 15:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011.08.04 10:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011.08.04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.07.21 19:16:00 | 009,558,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.06.29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.05.28 23:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2009.04.09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.01.07 22:17:28 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.11.24 23:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008.11.19 02:08:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008.10.23 02:02:26 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008.10.23 02:02:05 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008.04.24 15:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2004.04.01 17:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
IE - HKLM\..\SearchScopes\{FEF36E3B-F768-4A7E-A590-DF7B1E9380CA}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {9AAA0826-24E7-4DCA-BFCB-F57B8961C97E}
IE - HKCU\..\SearchScopes\{9AAA0826-24E7-4DCA-BFCB-F57B8961C97E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7SNYK_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.14 02:01:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.02.08 16:34:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.28 13:48:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.12.29 03:06:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:21:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.01.28 18:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Extensions
[2012.01.28 18:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.08.06 13:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Firefox\Profiles\rdhpyawi.default\extensions
[2012.05.18 21:35:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Firefox\Profiles\rdhpyawi.default\extensions\ich@maltegoetz.de
[2011.12.21 20:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.18 21:21:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 15:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.28 15:19:39 | 000,000,859 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1                   activate.adobe.com
O1 - Hosts: 127.0.0.1                   practivate.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - Reg Error: Value error. File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DD30EF4-3D03-4B91-B3D1-BFEDBAE01B50}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{400A0307-6EF0-4B69-96D8-4BE8BD574F68}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E27893-A70E-43A1-B92D-33895DB60DE1}: DhcpNameServer = 20.20.20.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB0F77C7-90D8-4930-A204-89945BF863BC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8C57B21-055C-4100-B24B-AB84EE0BFB4B}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.09.15 13:12:14 | 000,000,080 | -H-- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{08f22909-299f-11e1-b1b5-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{08f22909-299f-11e1-b1b5-001e101f79c9}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{63b86b71-0f06-11e1-a51a-001dba76ce7b}\Shell - "" = AutoRun
O33 - MountPoints2\{63b86b71-0f06-11e1-a51a-001dba76ce7b}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{63b86b81-0f06-11e1-a51a-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{63b86b81-0f06-11e1-a51a-001e101f2500}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.08 16:53:22 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jodi Jean\Desktop\OTL.exe
[2012.08.08 01:08:36 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\AppData\Roaming\Malwarebytes
[2012.08.08 01:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.08 01:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.08 01:08:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.08 01:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.06 13:37:15 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012.07.20 23:00:51 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\AppData\Local\ESET
[2012.07.12 21:21:01 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\AppData\Local\{6379D574-0B30-4640-8F71-AE8446A624B8}
[2012.07.12 21:20:39 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\AppData\Local\{DBC834F1-EF45-4D31-953A-70061A2DC1C7}
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.08 16:54:28 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.08 16:54:28 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.08 16:54:28 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.08 16:54:28 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.08 16:53:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jodi Jean\Desktop\OTL.exe
[2012.08.08 16:49:30 | 000,246,032 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.08.08 16:49:30 | 000,246,032 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.08.08 16:46:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.08 16:46:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.08 16:46:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.08 16:46:42 | 3218,055,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.08 02:55:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.08 02:40:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.08 01:08:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.08 00:46:44 | 000,001,356 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Local\d3d9caps.dat
[2012.08.06 20:58:02 | 000,001,680 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012.08.02 02:20:24 | 000,000,161 | ---- | M] () -- C:\Windows\AutoKMS.ini
[2012.08.01 21:25:19 | 000,034,304 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.21 20:47:21 | 000,000,132 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.07.11 16:14:00 | 003,767,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.08.08 02:36:57 | 3218,055,168 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.08 01:08:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.22 19:22:37 | 000,010,567 | R--- | C] () -- C:\Windows\hpwscr19.dat
[2012.06.22 19:17:08 | 000,203,129 | ---- | C] () -- C:\Windows\hpwins19.dat
[2012.06.08 00:58:25 | 000,000,132 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012.01.23 22:36:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012.01.15 10:06:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.12.27 22:49:10 | 000,001,680 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011.12.12 22:43:58 | 000,246,032 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.12.12 22:43:58 | 000,246,032 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.12.02 19:52:55 | 000,000,132 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.01 00:31:58 | 000,034,304 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.20 21:10:51 | 000,001,356 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Local\d3d9caps.dat
[2011.11.19 20:12:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.11.19 20:12:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.11.16 01:36:02 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011.11.14 23:08:02 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== LOP Check ==========
 
[2011.11.15 00:39:30 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Bytemobile
[2012.03.26 16:38:39 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.11.29 23:46:40 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012.08.01 03:00:19 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\FileZilla
[2012.08.07 00:34:37 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\ICQ
[2012.02.05 03:22:12 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Image-Line
[2011.12.02 18:20:01 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.11.15 23:02:40 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Thunderbird
[2012.01.28 18:43:28 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\TomTom
[2011.11.15 00:39:30 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Vodafone
[2011.11.15 00:45:29 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Vodafone Mobile Connect
[2012.06.29 20:28:03 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Wacom
[2012.06.29 20:30:15 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2012.08.08 02:55:48 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D3A96964

< End of report >
         

Alt 22.08.2012, 20:41   #10
Queeny89
 
BUNDESTROJANER eingefangen! Was nun? - Frage

BUNDESTROJANER eingefangen! Was nun?



Hallo Volker,
bearbeitest du meinen Beitrag nicht mehr weiter oder wie soll ich das nun verstehen? Der Trojaner ist noch nicht weg :-/ wenn ich Email versende, dann bekommen die Leute es als "SPAM" zugeordnet, obwohl es davor so nicht war.

Was nun??

Lg Queeny

Antwort

Themen zu BUNDESTROJANER eingefangen! Was nun?
32 bit, abgesichterten, autokms, bundes, bundestrojaner, bundestrojaner eingefangen, daten, document, eingefangen, eset nod32, gefangen, gen, gesperrt, install.exe, ip-adresse, jdownloader, laptop, laptop gesperrt, modus, msiinstaller, nvidia update, nvstor.sys, officejet, required, runterladen, schritte, tablet, visual studio, vodafone, wichtige, wichtige daten



Ähnliche Themen: BUNDESTROJANER eingefangen! Was nun?


  1. Windows 8: Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2015 (13)
  2. Neuster bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 17.09.2013 (9)
  3. Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (10)
  4. Bundestrojaner eingefangen...
    Log-Analyse und Auswertung - 30.08.2013 (3)
  5. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 21.06.2013 (11)
  6. Bundestrojaner heute eingefangen
    Log-Analyse und Auswertung - 11.06.2013 (12)
  7. Bundestrojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (11)
  8. Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (21)
  9. Bundestrojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (2)
  10. Bundestrojaner eingefangen :-(
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (7)
  11. Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (19)
  12. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 16.07.2012 (1)
  13. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 13.07.2012 (9)
  14. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 13.03.2012 (11)
  15. Bundestrojaner eingefangen - 100€ zahlen?
    Log-Analyse und Auswertung - 08.03.2012 (1)
  16. Bundestrojaner heute eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (1)
  17. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 28.08.2011 (4)

Zum Thema BUNDESTROJANER eingefangen! Was nun? - Hallo, ich hab mich grad so sehr erschrocken , als mein Laptop gesperrt wurde. Habe ganz normale auf meinem Laptop gearbeitet und bei Google "Bildrückwärtssuche" gemacht, da mir ein Bild - BUNDESTROJANER eingefangen! Was nun?...
Archiv
Du betrachtest: BUNDESTROJANER eingefangen! Was nun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.