Trojaner-Board - auch sirefef.o auf dem Computer

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - auch sirefef.o auf dem Computer (https://www.trojaner-board.de/104511-sirefef-o-computer.html)

auch sirefef.o auf dem Computer

Hallo liebes trojaner-board

wurde auch vom sirefef.o infiziert. hab schon combofix angewendet. wollte euch zum überprüben die log datei schicken. Das internet scheint zu gehen, aber die AV software (inmeinem Fall SOphos) funktioniert nicht und lässt sich auch nicht mehr installierern. was machen?

Combofix Logfile:

Code:

ComboFix 11-10-26.03 - s.chaitidou 26.10.2011  12:51:22.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3068.2218 [GMT 2:00]

ausgeführt von:: c:\users\s.chaitidou\Desktop\ComboFix.exe

AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}

SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini

c:\users\s.chaitidou\AppData\Local\9a0a5ba7

c:\users\s.chaitidou\AppData\Local\9a0a5ba7\@

c:\users\s.chaitidou\AppData\Local\9a0a5ba7\U\80000000.@

c:\users\s.chaitidou\AppData\Local\9a0a5ba7\U\800000cb.@

c:\users\s.chaitidou\AppData\Local\9a0a5ba7\X

c:\windows\$NtUninstallKB15954$

c:\windows\$NtUninstallKB15954$\2584370087\@

c:\windows\$NtUninstallKB15954$\2584370087\L\qnbwvoto

c:\windows\$NtUninstallKB15954$\2584370087\loader.tlb

c:\windows\$NtUninstallKB15954$\2584370087\U\@00000001

c:\windows\$NtUninstallKB15954$\2584370087\U\@000000c0

c:\windows\$NtUninstallKB15954$\2584370087\U\@000000cb

c:\windows\$NtUninstallKB15954$\2584370087\U\@000000cf

c:\windows\$NtUninstallKB15954$\2584370087\U\@80000000

c:\windows\$NtUninstallKB15954$\2584370087\U\@800000c0

c:\windows\$NtUninstallKB15954$\2584370087\U\@800000cb

c:\windows\$NtUninstallKB15954$\2584370087\U\@800000cf

c:\windows\$NtUninstallKB15954$\3807079136

c:\windows\logboot_26.10.2011.tureg.log

c:\windows\system32\ 

c:\windows\system32\c_34734.nls

c:\windows\system32\drivers\ 

c:\windows\system32\Thumbs.db

c:\windows\unin0407.exe

.

Infizierte Kopie von c:\windows\system32\drivers\netbt.sys wurde gefunden und desinfiziert 

Kopie von - The cat found it :) wurde wiederhergestellt 

Infizierte Kopie von c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe wurde gefunden und desinfiziert 

Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Adobe!Photoshop Elements 6.0!PhotoshopElementsFileAgent.exe wurde wiederhergestellt 

.

Infizierte Kopie von c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe wurde gefunden und desinfiziert 

Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!Apple!Mobile Device Support!AppleMobileDeviceService.exe wurde wiederhergestellt 

.

Infizierte Kopie von c:\program files\Bonjour\mDNSResponder.exe wurde gefunden und desinfiziert 

Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Bonjour!mDNSResponder.exe wurde wiederhergestellt 

.

Infizierte Kopie von c:\windows\system32\nvvsvc.exe wurde gefunden und desinfiziert 

Kopie von - c:\windows\System32\DriverStore\FileRepository\nvszq.inf_7b40d7be\nvvsvc.exe wurde wiederhergestellt 

.

Infizierte Kopie von c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe wurde gefunden und desinfiziert 

Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Sophos!Sophos Anti-Virus!SAVAdminService.exe wurde wiederhergestellt 

.

Infizierte Kopie von c:\program files\Sophos\AutoUpdate\ALsvc.exe wurde gefunden und desinfiziert 

Kopie von - c:\windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.5.7\ALsvc.exe wurde wiederhergestellt 

.

Infizierte Kopie von c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe wurde gefunden und desinfiziert 

Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!TuneUp Utilities 2011!TuneUpUtilitiesService32.exe wurde wiederhergestellt 

.

Infizierte Kopie von c:\program files\Sony\VAIO Event Service\VESMgr.exe wurde gefunden und desinfiziert 

Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Sony!VAIO Event Service!VESMgr.exe wurde wiederhergestellt 

.

Infizierte Kopie von c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe wurde gefunden und desinfiziert 

Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Cisco!Cisco AnyConnect Secure Mobility Client!vpnagent.exe wurde wiederhergestellt 

.

Infizierte Kopie von c:\windows\system32\DRIVERS\xaudio.exe wurde gefunden und desinfiziert 

Kopie von - c:\windows\Drivers\EXE\Modem Driver (Conexant)\xaudio.exe wurde wiederhergestellt 

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_AFPANSI

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-09-26 bis 2011-10-26  ))))))))))))))))))))))))))))))

.

.

2011-10-26 11:09 . 2011-10-26 11:09        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{169226B9-4222-411F-BE88-593589126A5E}\offreg.dll

2011-10-26 11:07 . 2011-10-26 11:07        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-10-26 10:45 . 2009-04-11 04:45        185856        ----a-w-        c:\windows\system32\drivers\netbt.sys

2011-10-26 10:03 . 2011-10-26 10:03        --------        d-sh--w-        c:\windows\system32\%APPDATA%

2011-10-26 09:37 . 2011-10-26 09:37        --------        d-----w-        c:\program files\SmartTweak Software

2011-10-26 09:12 . 2011-10-26 09:59        --------        d-----w-        c:\program files\FixMyRegistry

2011-10-26 09:11 . 2011-10-26 09:11        --------        d-----w-        c:\users\s.chaitidou\AppData\Local\PackageAware

2011-10-26 07:02 . 2011-08-13 04:43        6144        ----a-w-        c:\program files\Internet Explorer\iecompat.dll

2011-10-25 13:00 . 2011-10-25 13:00        --------        d-----w-        c:\program files\Guitar Pro 5

2011-10-25 06:39 . 2011-10-07 03:48        6668624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{169226B9-4222-411F-BE88-593589126A5E}\mpengine.dll

2011-10-22 12:07 . 2011-10-22 12:36        --------        d-----w-        c:\users\s.chaitidou\AppData\Local\memocard

2011-10-22 12:06 . 2011-10-22 12:42        --------        d-----w-        c:\program files\MemoCard

2011-10-22 12:06 . 2011-10-22 12:42        --------        d-----w-        c:\windows\uninstall

2011-10-22 10:44 . 2011-10-22 10:48        --------        d-----w-        c:\users\s.chaitidou\AppData\Roaming\.anki

2011-10-20 22:36 . 2011-10-20 22:36        --------        d-----w-        c:\users\s.chaitidou\AppData\Roaming\vlc

2011-10-13 19:18 . 2011-10-26 10:47        --------        d-----w-        c:\program files\Spybot - Search & Destroy 2

2011-10-13 18:58 . 2011-08-25 16:15        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll

2011-10-13 18:58 . 2011-08-25 16:14        238080        ----a-w-        c:\windows\system32\oleacc.dll

2011-10-13 18:58 . 2011-08-25 16:14        563712        ----a-w-        c:\windows\system32\oleaut32.dll

2011-10-13 18:58 . 2011-08-25 13:31        4096        ----a-w-        c:\windows\system32\oleaccrc.dll

2011-10-12 13:19 . 2011-10-12 13:19        --------        d-----w-        c:\program files\iPod

2011-10-12 13:19 . 2011-10-12 13:21        --------        d-----w-        c:\program files\iTunes

2011-10-12 13:11 . 2011-10-26 11:06        --------        d-----w-        c:\program files\Bonjour

2011-10-12 09:13 . 2011-10-26 09:06        --------        d-----w-        c:\program files\Ask.com

2011-10-12 09:05 . 2011-10-12 09:05        --------        d-----w-        c:\program files\proSoft24

2011-10-12 09:05 . 2011-10-12 09:48        --------        d-----w-        c:\programdata\ProSoft24

2011-10-12 09:04 . 2011-10-12 09:49        --------        d-----w-        c:\users\s.chaitidou\AppData\Local\Conduit

2011-10-10 12:08 . 2011-10-10 12:08        123680        ----a-w-        c:\windows\system32\drivers\savonaccess.sys

2011-09-30 15:49 . 2011-09-16 14:44        21312        ----a-w-        c:\windows\system32\authuitu.dll

2011-09-30 15:49 . 2011-09-16 14:44        29504        ----a-w-        c:\windows\system32\uxtuneup.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-26 09:03 . 2011-06-03 11:39        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-16 14:52 . 2011-05-19 16:55        31552        ----a-w-        c:\windows\system32\TURegOpt.exe

2011-09-12 05:15 . 2011-03-18 18:06        30744        ----a-w-        c:\windows\system32\SophosBootTasks.exe

2011-09-12 05:14 . 2011-09-12 05:14        24312        ----a-w-        c:\windows\system32\drivers\sdcfilter.sys

2011-09-12 05:14 . 2011-09-12 05:14        31736        ----a-w-        c:\windows\system32\drivers\skmscan.sys

2011-09-12 05:14 . 2011-09-12 05:14        131824        ----a-w-        c:\windows\system32\sdccoinstaller.dll

2011-09-09 16:10 . 2011-09-09 16:10        10704        ----a-w-        c:\windows\system32\vpncategories.dll

2011-09-09 16:10 . 2011-09-09 16:10        33232        ----a-w-        c:\windows\system32\vpnevents.dll

2011-09-09 16:00 . 2011-09-09 16:00        23464        ----a-w-        c:\windows\system32\drivers\vpnva.sys

2011-09-09 15:59 . 2011-09-09 15:59        57000        ----a-r-        c:\windows\system32\drivers\acsmux.sys

2011-09-09 15:59 . 2011-09-09 15:59        38440        ----a-r-        c:\windows\system32\drivers\acsint.sys

2011-08-30 21:05 . 2011-08-30 21:05        83816        ----a-w-        c:\windows\system32\dns-sd.exe

2011-08-30 21:05 . 2011-08-30 21:05        73064        ----a-w-        c:\windows\system32\dnssd.dll

2011-09-30 06:50 . 2011-07-01 16:08        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-08-25 13:24        1515496        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-25 1515496]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-25 1515496]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\s.chaitidou\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\s.chaitidou\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\s.chaitidou\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-27 262144]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-06-23 6111232]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1295656]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]

"Skytel"="Skytel.exe" [2008-06-23 1826816]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-07 13539872]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-07 92704]

"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-09-12 494616]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]

"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-25 886760]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

.

c:\users\s.chaitidou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\s.chaitidou\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-1 768552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2008-07-15 16:04        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

@="service"

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ehTray.exe"=c:\windows\ehome\ehTray.exe

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe"

"MarketingTools"=c:\program files\Sony\Marketing Tools\MarketingTools.exe

"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2011-09-12 99864]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2011-09-12 24312]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-06-27 299008]

R4 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-20 103712]

R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-20 353568]

R4 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-20 62752]

R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2010-03-02 22536]

R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-19 411488]

R4 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]

R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-11 337184]

R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-11 83232]

S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2011-10-10 123680]

S1 SKMScan;SKMScan;c:\windows\system32\DRIVERS\skmscan.sys [2011-09-12 31736]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]

S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-09-12 167960]

S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-10-10 1543704]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-09-16 1526080]

S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]

S3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [2011-09-09 38440]

S3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [2011-09-09 57000]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-05 29736]

S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Inhalt des "geplante Tasks" Ordners

.

2011-10-25 c:\windows\Tasks\ParetoLogic Registration.job

- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

.

2011-10-23 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

.

2011-10-26 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

- c:\windows\system32\msfeedssync.exe [2011-10-13 21:29]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

mStart Page = hxxp://de.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\s.chaitidou\AppData\Roaming\Mozilla\Firefox\Profiles\ucs85htw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=13

FF - prefs.js: network.proxy.type - 2

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-UpdateMyDrivers - c:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe

HKCU-Run-FixMyRegistry - c:\program files\FixMyRegistry\FixMyRegistry.exe

AddRemove-PC-Bibliothek Express - c:\windows\unin0407.exe

.

.

.

**************************************************************************

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(3816)

c:\users\s.chaitidou\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\btncopy.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\WLANExt.exe

c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Sophos\AutoUpdate\ALsvc.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

c:\windows\system32\conime.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-10-26  13:19:52 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-10-26 11:19

.

Vor Suchlauf: 15 Verzeichnis(se), 148.187.463.680 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 148.204.830.720 Bytes frei

.

- - End Of File - - 43DB5CD5E45B516F8DB9B097180513D5

--- --- ---

Warum führst du auf eigene Faust Combofix aus? Sind die Hinweise hier so leicht zu übersehen?!

http://www.trojaner-board.de/images/icons/icon4.gif Einen ganz klaren Hinweis gibt es zu http://www.trojaner-board.de/95175-combofix.html http://www.trojaner-board.de/images/icons/icon4.gif

Zitat:

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hallo Arne,

Dein Hinweis ist auf jeden Fall richtig, was mach ich jetzt am besten?
Computer formatieren? Der Windows Defender zeigt kein Problem mehr an. Was zurückgebliben ist, ist eine veränderte Schriftart (betrifft symbole, menus, internet, eigentlich alles) und dass ich die AV software nicht mehr instellieren kann

Zitat:

wurde auch vom sirefef.o infiziert.

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Das erste ist ' Installer besitzt keine ausreichende Berechtigungen, um diese Datei zu verändern: C:\Programm Files\Sophos\Sophos Anti-virus\SanServices.exe'

Das zweite 'Typbibliothek für Datei C:\Programm Files\Sophos\Sophos Anti-virus\SanServices.exe konnte nicht registriert werden. Bitte setzen Sie sich mir ihrem Supportpersonal in Verbindung.

und das dritte 'Sophos Antivirus konnte nicht installiert werden (Fehler 0x80041f09). Wenden sie sich an ihren Netzewrk Administrator'

dabei bin ich als Administrator angemeldet.

Soweit ich verstanden habe für sowieso nix an einer Formatierung vorbei oder? von dem her macht es ein Sinn noch zu versuchen das genze hin zu bekommen?

Zitat:

Soweit ich verstanden habe für sowieso nix an einer Formatierung vorbei oder?

Wenn man garantiert sich sein will - eine Bereinigung ist "nur" ein Kompromiss.
Was willst du jetzt? Neuinstallation oder Bereinigung?

Na ja, bereinigung wäre natürlich lieber, folgendem link ' hxxp://www.sophos.com/support/knowledgebase/article/13418.html
' kann man entnehmen dass wohl an den Berechtigungen in der Registrierung was verändert seien könnte

Ok, dann Bereinigung.
Dann poste auch bitte das Log über die Funde, vorhin hast du nur die Berechtigungsfehlermeldungen gepostet.

Ja, also dazu gibt es leider kein Log, diese Meldungen waren die einzigen, log wurde keins erstellt. mitlerweile denke ich werde alles formatieren um einfach sicher zu sein und alles richtig wieder herzustellen.
Was mich sehr beschäftigt ist folgendes. Kann ich jetzt davon ausgehen das nach anwendung von combofix der trojaner eliminiert wurde? Ich meine Windows defender der als erster den Trojaner erkannte gibt keine warnmeldung mehr und SPybot auch nicht.

Ich benutze das Safewallet als passwort manager. Ich habe aber keine passwörter eingegeben und auch gleich nach der installation vom trojaner was unternommen. Kann es sein in dieser kurzen Zeit das er wichtige daten weitergesendet hat?
Ist es würklich ein so gefährlicher trojaner? der macht sich sehr schnell bemerkbar im system und dass ist nicht von Vorteil für die Malware.

Und bevor ich es vergesse... Danke für die promte unterstützung! finde ich super!

Zitat:

Ja, also dazu gibt es leider kein Log, diese Meldungen waren die einzigen, log wurde keins erstellt.

Kann nicht sein, JEDER Virenscanner protokolliert die Funde!

Zitat:

Kann ich jetzt davon ausgehen das nach anwendung von combofix der trojaner eliminiert wurde?

Nein. 100% Sicherheit gibt es nicht.

Ah ok, dazu muss ich sagen der virenscanner hat den trojaner gar nicht erkannt, er wurde gleich außer Gefecht gesetzt. Danach( also nach combofix) hat der antivirus auch nicht funktioniert. Und jetzt läßt er sich nicht mehr installieren.

Zitat:

der virenscanner hat den trojaner gar nicht erkannt, er wurde gleich außer Gefecht gesetzt.

Diese Aussage ist ein Widerspruch in sich.
Wenn der Virenscanner ihn nicht erkannt hätte, wäre er auch nicht außer Gefecht gesetzt worden.
Der Virenscanner MUSS ihn gefunden haben, wer hat dir denn den Schädlingsnamen sonst verraten? :balla:

Windows defender hat ihn erkannt

Die entscheidene Frage ist wo. Und dass der Windows-Defender das war, hättest du auch mal ruhig eher erwähnen können. AFAIK steht das im Ereignisprotokoll was der Defender gefunden hat.

Es folgt das Log vom Defender

Fehler:
Code 0x80508017. Einige Aktionen konnten auf potenziell schädliche Elemente nicht angewendet werden. Die Elemente sind möglicherweise in einem schreibgeschützten Pfad gespeichert. Löschen Sie die Dateien oder Ordner, in denen die Elemente gespeichert sind, oder suchen Sie nach Informationen zum Entfernen des Schreibschutzes unter "Hilfe und Support".

Kategorie:
Trojaner

Beschreibung:
Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.

Empfehlung:
Entfernen Sie diese Software unverzüglich.

Ressourcen:
process:
pid:14300

regkey:
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\9a0a5ba7

file:
C:\Windows\2807761562:1710597208.exe

Online weitere Informationen über dieses Element anzeigen

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

es folgt schon mal das log von malewarebytes, eset dauert noch ein bisschen.
soll ich die 3 dateien mit malewarebytes entfernen?

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8028

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

27.10.2011 12:52:35
mbam-log-2011-10-27 (12-52-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|)
Durchsuchte Objekte: 463655
Laufzeit: 3 Stunde(n), 36 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Qoobox\quarantine\C\Users\s.chaitidou\AppData\Local\9a0a5ba7\X.vir (Backdoor.0Access) -> No action taken.
c:\Qoobox\quarantine\C\Users\s.chaitidou\AppData\Local\9a0a5ba7\U\80000000.@.vir (Spyware.Agent) -> No action taken.
c:\Qoobox\quarantine\C\Users\s.chaitidou\AppData\Local\9a0a5ba7\U\800000cb.@.vir (Backdoor.0Access) -> No action taken.

Ja kann weg.

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

es folgt die log datei nach der entfernung, andere gibt es nicht.

als nächstes werde ich mich mit eset befassen.

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8028

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

27.10.2011 14:34:59
mbam-log-2011-10-27 (14-34-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|)
Durchsuchte Objekte: 463655
Laufzeit: 3 Stunde(n), 36 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Qoobox\quarantine\C\Users\s.chaitidou\AppData\Local\9a0a5ba7\X.vir (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\s.chaitidou\AppData\Local\9a0a5ba7\U\80000000.@.vir (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\s.chaitidou\AppData\Local\9a0a5ba7\U\800000cb.@.vir (Backdoor.0Access) -> Quarantined and deleted successfully.

Ok, mach bitte mit ESET weiter

und das ist das log von eset. wie fahre ich am besten weiter?

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7af2ea47af861742ba1d0ffc3aa5898d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-27 04:09:49
# local_time=2011-10-27 06:09:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 1663 157253446 0 0
# compatibility_mode=8192 67108863 100 0 213 213 0 0
# compatibility_mode=8449 16774142 33 2 1672 19622087 0 0
# scanned=298734
# found=13
# cleaned=0
# scan_time=11071
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Bonjour\mDNSResponder.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Sony\VAIO Event Service\VESMgr.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Sophos\AutoUpdate\ALsvc.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\system32\nvvsvc.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\xaudio.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\s.chaitidou\Downloads\SoftonicDownloader_fuer_daxa-chart.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

was noch komisch ist, im papierkorb befinden sich dateien die ICH NICHT gelöscht habe, die aber auch noch im original zu finden sind. ist es eine Nebenwirkung vom Trojaner oder vom Combofix?

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

und jetzt otl...OTL Logfile:

Code:

OTL logfile created on: 27.10.2011 21:35:44 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\s.chaitidou\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19154)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,01% Memory free

6,19 Gb Paging File | 5,01 Gb Available in Paging File | 81,04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289,21 Gb Total Space | 135,69 Gb Free Space | 46,92% Space Free | Partition Type: NTFS

Drive G: | 298,02 Gb Total Space | 212,15 Gb Free Space | 71,19% Space Free | Partition Type: FAT32

 

Computer Name: SOUCHAITIDOU | User Name: s.chaitidou | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.10.27 21:32:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\s.chaitidou\Desktop\OTL.exe

PRC - [2011.10.05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe

PRC - [2011.10.05 15:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe

PRC - [2011.10.05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe

PRC - [2011.10.05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe

PRC - [2011.09.16 16:51:28 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

PRC - [2011.09.16 16:48:46 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

PRC - [2011.09.09 18:09:37 | 000,523,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

PRC - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2008.07.15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe

PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.10.05 13:53:06 | 000,576,000 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl

MOD - [2004.09.08 13:45:58 | 000,368,128 | ---- | M] () -- C:\Programme\Filzip\fzshext.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (gusvc)

SRV - [2011.10.05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)

SRV - [2011.10.05 15:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService)

SRV - [2011.10.05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)

SRV - [2011.10.05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)

SRV - [2011.09.16 16:48:46 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011.09.16 16:44:28 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2008.07.28 14:55:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008.07.15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2008.06.27 21:01:36 | 000,299,008 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)

SRV - [2008.06.20 08:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)

SRV - [2008.06.19 19:53:20 | 000,411,488 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

SRV - [2008.06.19 08:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)

SRV - [2008.06.11 23:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)

SRV - [2008.06.11 23:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)

SRV - [2008.05.22 14:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)

SRV - [2008.05.22 14:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)

SRV - [2008.05.20 19:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)

SRV - [2008.05.20 19:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)

SRV - [2008.05.20 19:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)

SRV - [2008.05.20 01:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

SRV - [2008.05.20 01:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2008.05.20 01:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.10.05 15:45:46 | 000,038,504 | ---- | M] () [Kernel | System | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDHookDrv32.sys -- (SDHookDriver)

DRV - [2011.09.12 07:14:39 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)

DRV - [2011.09.09 18:00:05 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)

DRV - [2011.09.09 17:59:19 | 000,057,000 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux)

DRV - [2011.09.09 17:59:19 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acsint.sys -- (acsint)

DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)

DRV - [2011.02.10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV - [2008.07.11 16:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)

DRV - [2008.07.04 02:04:22 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2008.06.20 02:03:46 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)

DRV - [2008.06.20 02:03:15 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2008.06.07 02:12:59 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008.06.07 02:03:46 | 007,478,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008.03.10 13:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)

DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo!

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=13"

FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.2

FF - prefs.js..network.proxy.autoconfig_url: "hxxp://pac.lrz.de/"

FF - prefs.js..network.proxy.type: 2

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )

FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.30 08:50:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.13 10:43:57 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008.12.16 01:28:05 | 000,000,000 | ---D | M]

 

[2011.02.02 13:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\s.chaitidou\AppData\Roaming\mozilla\Extensions

[2011.10.26 11:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\s.chaitidou\AppData\Roaming\mozilla\Firefox\Profiles\ucs85htw.default\extensions

[2011.10.16 18:18:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\s.chaitidou\AppData\Roaming\mozilla\Firefox\Profiles\ucs85htw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.10.25 10:03:14 | 000,000,000 | ---D | M] (SBSH SafeWallet FireFox Extension) -- C:\Users\s.chaitidou\AppData\Roaming\mozilla\Firefox\Profiles\ucs85htw.default\extensions\sbshsafewallet@sbsh.net

[2011.07.02 13:28:43 | 000,002,399 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Roaming\Mozilla\Firefox\Profiles\ucs85htw.default\searchplugins\askcom.xml

[2011.09.27 13:41:08 | 000,000,925 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Roaming\Mozilla\Firefox\Profiles\ucs85htw.default\searchplugins\conduit.xml

[2011.08.13 09:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.04.03 21:34:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.08.13 09:39:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCS85HTW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2009.09.02 07:18:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.09.30 08:50:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.09.30 08:50:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.09.30 08:50:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.09.30 08:50:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.09.30 08:50:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.09.30 08:50:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.09.30 08:50:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.10.27 10:30:53 | 000,433,294 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1        localhost

O1 - Hosts: 127.0.0.1        007guard.com - 007guard and Free Antivirus

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        Free Spyware | Cash Advance | Debt Consolidation | Insurance | Cell Phones at 0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 14939 more lines...

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)

O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)

O4 - Startup: C:\Users\s.chaitidou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\s.chaitidou\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube Download - C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A99D5DC5-A0E5-4BA5-B946-AA9DECB81D95}: DhcpNameServer = 193.189.244.225 193.189.244.206

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA1E672A-8DF7-4313-8E7A-D0EFDB9324B8}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)

O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found

O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (sdnclean.exe)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt -  File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt -  File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.dvsd - C:\Programme\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.10.27 21:32:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\s.chaitidou\Desktop\OTL.exe

[2011.10.27 15:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011.10.27 14:59:30 | 002,322,184 | ---- | C] (ESET) -- C:\Users\s.chaitidou\Desktop\esetsmartinstaller_enu.exe

[2011.10.27 09:11:44 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Roaming\Malwarebytes

[2011.10.27 09:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.10.27 09:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.10.27 09:11:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.10.27 09:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.10.27 09:09:28 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\s.chaitidou\Desktop\mbam-setup-1.51.2.1300.exe

[2011.10.26 16:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

[2011.10.26 16:52:03 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe

[2011.10.26 16:00:05 | 000,000,000 | ---D | C] -- C:\savw_97_sa

[2011.10.26 15:11:29 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\Documents\Backups

[2011.10.26 15:10:40 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Roaming\Priotecs

[2011.10.26 14:21:50 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Roaming\PeerNetworking

[2011.10.26 13:19:54 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Local\temp

[2011.10.26 13:10:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011.10.26 13:07:12 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011.10.26 12:41:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011.10.26 12:41:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011.10.26 12:41:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011.10.26 12:40:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011.10.26 12:35:37 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011.10.26 12:34:59 | 004,275,391 | R--- | C] (Swearware) -- C:\Users\s.chaitidou\Desktop\ComboFix.exe

[2011.10.26 12:03:40 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

[2011.10.26 11:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\SmartTweak Software

[2011.10.26 11:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\FixMyRegistry

[2011.10.26 11:11:36 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Local\PackageAware

[2011.10.25 15:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5

[2011.10.25 15:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 5

[2011.10.22 14:07:53 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Local\memocard

[2011.10.22 14:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\MemoCard

[2011.10.22 14:06:44 | 000,000,000 | ---D | C] -- C:\Windows\uninstall

[2011.10.22 12:44:16 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Roaming\.anki

[2011.10.21 00:36:14 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Roaming\vlc

[2011.10.21 00:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011.10.19 15:08:20 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2011.10.13 21:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2

[2011.10.12 15:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.10.12 15:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011.10.12 15:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011.10.12 15:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011.10.12 11:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\proSoft24

[2011.10.12 11:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ProSoft24

[2011.10.12 11:04:16 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Local\Conduit

[2011.10.05 19:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

[2011.09.30 17:49:40 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll

[2011.09.30 17:49:40 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[1 C:\Users\s.chaitidou\Desktop\*.tmp files -> C:\Users\s.chaitidou\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.10.27 21:32:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\s.chaitidou\Desktop\OTL.exe

[2011.10.27 20:37:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.10.27 20:37:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.10.27 18:00:05 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2011.10.27 14:59:34 | 002,322,184 | ---- | M] (ESET) -- C:\Users\s.chaitidou\Desktop\esetsmartinstaller_enu.exe

[2011.10.27 14:41:23 | 000,057,769 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011.10.27 14:38:56 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job

[2011.10.27 14:38:29 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2011.10.27 14:38:16 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2011.10.27 14:38:07 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job

[2011.10.27 14:37:39 | 000,057,769 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011.10.27 14:37:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.10.27 14:37:28 | 3218,059,264 | -HS- | M] () -- C:\hiberfil.sys

[2011.10.27 14:36:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011.10.27 14:35:48 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job

[2011.10.27 10:30:53 | 000,433,294 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011.10.27 09:11:38 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.10.27 09:09:35 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\s.chaitidou\Desktop\mbam-setup-1.51.2.1300.exe

[2011.10.26 16:52:07 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2011.10.26 16:06:44 | 000,036,176 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\3.jpg

[2011.10.26 16:05:41 | 000,038,295 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\2.jpg

[2011.10.26 16:03:05 | 000,038,140 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\1.jpg

[2011.10.26 14:38:15 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.10.26 14:38:15 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.10.26 14:38:15 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.10.26 14:38:15 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.10.26 14:21:50 | 000,025,773 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Roaming\UserTile.png

[2011.10.26 13:42:51 | 086,714,064 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\savw_97_sa_sfx.exe

[2011.10.26 13:22:56 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

[2011.10.26 13:10:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111027-103053.backup

[2011.10.26 12:41:09 | 004,275,391 | R--- | M] (Swearware) -- C:\Users\s.chaitidou\Desktop\ComboFix.exe

[2011.10.26 12:08:58 | 000,419,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.10.26 11:04:04 | 000,000,082 | ---- | M] () -- C:\Windows\System32\lexiko.ini

[2011.10.26 10:21:35 | 000,001,875 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\POLYLEX - Verknüpfung.lnk

[2011.10.25 15:01:07 | 000,000,741 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\Guitar Pro 5.lnk

[2011.10.23 10:34:13 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job

[2011.10.22 17:20:53 | 000,000,927 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.10.21 00:36:00 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011.10.16 18:18:09 | 000,001,191 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\Free YouTube to MP3 Converter.lnk

[2011.10.13 23:13:45 | 339,646,871 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.10.13 11:31:02 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2011.10.12 15:21:16 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.10.11 23:06:18 | 000,085,504 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.04 12:25:55 | 000,043,330 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\Doktorarbeit Sarkome.enl

[2011.10.04 09:31:20 | 000,001,356 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Local\d3d9caps.dat

[2011.09.30 09:12:04 | 000,002,192 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\FileMaker Pro - Verknüpfung.lnk

[1 C:\Users\s.chaitidou\Desktop\*.tmp files -> C:\Users\s.chaitidou\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.10.27 09:11:38 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.10.26 16:52:17 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job

[2011.10.26 16:52:16 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job

[2011.10.26 16:52:16 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job

[2011.10.26 16:52:07 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

[2011.10.26 16:52:07 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2011.10.26 16:06:44 | 000,036,176 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\3.jpg

[2011.10.26 16:05:41 | 000,038,295 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\2.jpg

[2011.10.26 16:03:05 | 000,038,140 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\1.jpg

[2011.10.26 14:21:50 | 000,025,773 | ---- | C] () -- C:\Users\s.chaitidou\AppData\Roaming\UserTile.png

[2011.10.26 13:40:47 | 086,714,064 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\savw_97_sa_sfx.exe

[2011.10.26 12:41:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011.10.26 12:41:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011.10.26 12:41:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011.10.26 12:41:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011.10.26 12:41:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011.10.26 10:21:05 | 000,001,875 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\POLYLEX - Verknüpfung.lnk

[2011.10.25 15:01:07 | 000,000,741 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\Guitar Pro 5.lnk

[2011.10.22 17:20:53 | 000,000,927 | ---- | C] () -- C:\Users\s.chaitidou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.10.21 00:36:00 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011.10.16 18:18:09 | 000,001,191 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\Free YouTube to MP3 Converter.lnk

[2011.10.13 23:13:45 | 339,646,871 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011.10.12 15:21:16 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.05.19 19:03:09 | 000,140,388 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2011.01.20 20:51:14 | 000,004,096 | -H-- | C] () -- C:\Users\s.chaitidou\AppData\Local\keyfile3.drm

[2010.10.24 23:00:24 | 000,000,082 | ---- | C] () -- C:\Windows\System32\lexiko.ini

[2010.10.20 20:07:08 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2010.10.20 20:07:07 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7030.DAT

[2010.10.20 19:01:35 | 000,000,111 | ---- | C] () -- C:\Windows\telephon.ini

[2010.08.13 23:09:42 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI

[2010.04.23 10:51:06 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2010.04.23 10:42:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010.04.23 10:40:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.03.09 14:59:19 | 000,000,118 | ---- | C] () -- C:\Users\s.chaitidou\AppData\Roaming\wklnhst.dat

[2009.01.15 20:34:36 | 000,085,504 | ---- | C] () -- C:\Users\s.chaitidou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.12.02 04:06:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.11.29 18:40:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008.11.23 13:27:02 | 000,001,356 | ---- | C] () -- C:\Users\s.chaitidou\AppData\Local\d3d9caps.dat

[2008.10.12 02:42:35 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI

[2008.10.12 02:34:49 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll

[2008.10.12 02:10:58 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2008.07.28 21:59:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008.07.28 12:57:50 | 000,057,769 | ---- | C] () -- C:\ProgramData\nvModes.001

[2008.07.28 12:57:48 | 000,057,769 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2008.07.28 12:48:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2008.01.21 09:15:58 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.01.21 09:15:58 | 000,127,464 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007.04.16 03:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,419,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2004.08.09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI

[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

 
 ========== LOP Check ==========

 

[2011.10.22 12:48:04 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\.anki

[2009.05.21 11:56:34 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DriverCure

[2011.10.27 14:44:14 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Dropbox

[2011.10.16 18:18:34 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoft

[2011.06.26 21:40:47 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.05.01 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\EndNote

[2010.08.04 18:06:59 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\FileMaker

[2010.08.29 23:33:18 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\gtk-2.0

[2011.10.26 14:21:50 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\PeerNetworking

[2011.10.26 15:10:40 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Priotecs

[2011.05.06 19:36:09 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\SBSH SafeWallet

[2011.09.19 11:56:09 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Sync App Settings

[2009.03.09 14:59:22 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Template

[2011.05.20 07:09:32 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\TuneUp Software

[2011.10.27 14:38:56 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job

[2011.10.27 18:00:05 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job

[2011.10.23 10:34:13 | 000,000,428 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job

[2011.10.27 14:35:48 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

[2011.10.27 14:38:07 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job

[2011.10.27 14:36:12 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.10.26 13:22:56 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.10.22 12:48:04 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\.anki

[2010.10.21 20:18:24 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Adobe

[2011.08.13 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Apple Computer

[2008.12.02 20:13:37 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\ArcSoft

[2010.10.24 12:52:19 | 000,000,000 | R--D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Brother

[2010.01.26 21:53:29 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DivX

[2009.05.21 11:56:34 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DriverCure

[2011.10.27 14:44:14 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Dropbox

[2011.10.16 18:18:34 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoft

[2011.06.26 21:40:47 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.05.01 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\EndNote

[2010.08.04 18:06:59 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\FileMaker

[2008.11.29 18:05:51 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Google

[2010.08.29 23:33:18 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\gtk-2.0

[2008.01.21 03:43:07 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Identities

[2008.10.12 02:06:53 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\InstallShield

[2009.04.07 16:41:05 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Intel

[2008.10.12 02:25:12 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Macromedia

[2011.10.27 09:11:44 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Media Center Programs

[2011.09.19 22:53:50 | 000,000,000 | --SD | M] -- C:\Users\s.chaitidou\AppData\Roaming\Microsoft

[2011.02.02 13:35:13 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Mozilla

[2011.10.26 14:21:50 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\PeerNetworking

[2011.10.26 15:10:40 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Priotecs

[2011.05.06 19:36:09 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\SBSH SafeWallet

[2011.01.25 22:52:16 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Skype

[2011.01.25 22:51:27 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\skypePM

[2010.08.05 16:40:04 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Sony Corporation

[2011.09.19 11:56:09 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Sync App Settings

[2009.03.09 14:59:22 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Template

[2011.05.20 07:09:32 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\TuneUp Software

[2011.10.21 00:36:29 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\vlc

[2008.12.16 01:28:17 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Yahoo!

 
 < %APPDATA%\*.exe /s >

[2011.05.25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\s.chaitidou\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2011.05.25 22:07:18 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\s.chaitidou\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2010.08.05 16:22:42 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\s.chaitidou\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2008.10.12 02:18:36 | 000,010,134 | R--- | M] () -- C:\Users\s.chaitidou\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys

[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys

[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

SRV - File not found [On_Demand | Stopped] --  -- (gusvc)

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo!

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2736476&SearchSource=13"

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749

FF - prefs.js..network.proxy.autoconfig_url: "http://pac.lrz.de/"

FF - prefs.js..network.proxy.type: 2

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

[2011.10.26 16:00:05 | 000,000,000 | ---D | C] -- C:\savw_97_sa

:Files

C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

C:\Users\s.chaitidou\Downloads\SoftonicDownloader_fuer_daxa-chart.exe

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

mir ist aufgefallen dass OTL gestern beim ersten Lauf eine 2. Log datei erstellt hat die ich gestern nicht gepostet habe. Für den Fall dass diese Datei wichtige Infos enthällt warte ich mit dem fix bist du sie überprüft hast. Tut mir leid dass ich es gestern übersehen habe.
Es folg die 2. log datei von OTL:OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 27.10.2011 21:35:44 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\s.chaitidou\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19154)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,01% Memory free

6,19 Gb Paging File | 5,01 Gb Available in Paging File | 81,04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289,21 Gb Total Space | 135,69 Gb Free Space | 46,92% Space Free | Partition Type: NTFS

Drive G: | 298,02 Gb Total Space | 212,15 Gb Free Space | 71,19% Space Free | Partition Type: FAT32

 

Computer Name: SOUCHAITIDOU | User Name: s.chaitidou | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)

"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)

"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)

"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)

"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)

"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)

"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)

"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)

"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)

"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)

"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)

"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)

"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)

"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)

"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)

"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp

"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)

"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)

"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)

"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)

"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)

"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)

"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)

"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)

"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)

"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)

"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)

"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)

"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)

"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)

"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)

"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp

"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01116938-7A80-4256-B225-71D417FE0163}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{0D4F14EB-70E9-4B69-94E9-54B275BCB73E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{117446E7-6B44-4990-BC9E-8245A6C8169B}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{1F2850E5-B542-4842-A126-47FE8668B58C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{2ED2620F-3904-41A9-A391-D46CA9A321F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{3E4774BF-9A78-430C-B9BE-4101D391E57B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 

"{3E4A6BDB-00EC-4C60-9A44-4902DA251AA5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{51742C59-B4F9-4684-990A-FD6048953FF4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{582F18E0-B10F-4C8B-BB6C-1F842F990C48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{6926FFAD-D90D-411B-939B-4EDC495F4F43}" = rport=2869 | protocol=6 | dir=out | app=system | 

"{722A8259-614A-4D8D-ABC9-83AEDF62B0FC}" = lport=138 | protocol=17 | dir=in | app=system | 

"{74F94760-17B6-4646-ABBB-F3A184BA4643}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{7598E14A-E722-4D33-99A7-D55C7F3A7E91}" = rport=137 | protocol=17 | dir=out | app=system | 

"{7F70C0F2-9D9B-48CF-AF49-DB5056433988}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{8AB4373E-6693-4109-AFDF-4F252459AD9E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{9B64F3EF-F4A8-4007-9F71-34F32B370C48}" = lport=137 | protocol=17 | dir=in | app=system | 

"{AF78C12F-4810-4565-B4E7-9CC7DEE243FE}" = lport=445 | protocol=6 | dir=in | app=system | 

"{AFF271A7-6EF1-46A2-8C99-DF8FA33E1371}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{B2CD8249-BD9B-4C85-8392-ADD66F1A3053}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{C0DD3B5A-6FC3-4317-9BF8-DE90B271823E}" = rport=139 | protocol=6 | dir=out | app=system | 

"{C133BF0C-B963-4DB4-968D-618E8FEF41E9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{C574F5FE-BBFC-4722-9170-F3F38CFD8130}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{C7DB25D5-CD8A-44EA-95A8-B013E0F20663}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{CA80781B-D48C-472B-8B50-3C121EFA51A0}" = rport=445 | protocol=6 | dir=out | app=system | 

"{D3723D8F-0B0B-444C-B078-C33779D437D3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{E9B37C03-C112-4261-8577-A97C81DC0792}" = lport=139 | protocol=6 | dir=in | app=system | 

"{FF9919DE-4319-4C02-88F8-5AB4B48CB762}" = rport=138 | protocol=17 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{11FAB305-F963-4A0F-ABF5-100FE5C78525}" = protocol=6 | dir=in | app=c:\users\s.chaitidou\appdata\roaming\dropbox\bin\dropbox.exe | 

"{14FD2E54-2222-4A66-9C15-967F39A1AE1D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{1F4F2894-E9D8-4319-9C94-DBD694D5274F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{2A781A93-C7F1-468A-A937-56AB256C19EE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{316528CE-5917-4D5A-89CE-E2DFE76473AD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{39742E22-CDF9-4031-801B-CD57F3FF25A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{484211B2-3DFF-472F-A959-0DC7CCD88A00}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{4B912493-BAE2-4C6D-9B67-CD12C5078B2B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{51A774DA-D4FA-4B85-AB7D-A194C5BAF073}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{61DCB444-7E42-4377-A175-7DBD4E48BFF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{75DC91AF-4437-4672-AC69-8784D7FF75A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{7AC71C8F-9FFC-4B98-B127-823DC10C16E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{7C251DDD-DCBD-4AC2-97B7-F6043141876F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{82A168EB-C275-4181-81F9-20D302DB4659}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{91307CEA-D1BC-4CC4-94B7-81539C65D4BC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{9428C7CD-998F-4F66-8820-4938453F4544}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 

"{9A99A7F8-3806-433A-9468-F69DA477A5C9}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"{9EA872F7-1EB4-41B6-9225-7665E979D7CB}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"{A13FFB03-D596-4246-9984-34BFC3447FE8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{AA81AF89-A5D2-4BE7-B626-7F60414B3481}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{ACC805AB-1C89-4358-A31F-9FAACD9C46DF}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe | 

"{BD2A821B-6CBD-4F4E-AA24-782044292105}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{BD3734E9-A84D-469F-9088-97B27BF44C5D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{C2A21A92-29C1-4EDF-887E-BA1E461EE588}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe | 

"{DE5392F8-1CD5-4EC2-8E3D-C005B32FC14C}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe | 

"{E77A6D84-EF95-40D0-83EC-908C252B21E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{E95472C1-907F-4405-8CD3-576D72FEFC84}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{EAAB725D-E5EB-40B0-B5DA-ECC691B5B867}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{FAF8EAAF-4B51-4778-A7B7-3FCBD877ECCF}" = protocol=17 | dir=in | app=c:\users\s.chaitidou\appdata\roaming\dropbox\bin\dropbox.exe | 

"TCP Query User{1F1BB199-C3D2-4BD1-889F-14A0431A5ADA}C:\combofix\combofix-download.3xe" = protocol=6 | dir=in | app=c:\combofix\combofix-download.3xe | 

"TCP Query User{2A3D07A5-B8BB-4BC7-949B-B1124F68891B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{384AA211-71C8-4A4E-ACE3-10FC979CC873}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe | 

"TCP Query User{3DAF8A3B-D288-4464-A172-69B36056B530}C:\program files\spybot - search & destroy 2\sdwelcome.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdwelcome.exe | 

"TCP Query User{5BC53344-9135-4FF5-89D4-773493BFF365}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{66E0E402-0590-409A-8639-216309B25DB9}C:\program files\spybot - search & destroy 2\sdtray.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdtray.exe | 

"TCP Query User{B94904FF-C354-4AA2-97F9-CA8511AEF649}C:\program files\windows defender\msascui.exe" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe | 

"TCP Query User{D0AE2A1C-4CC3-452F-B4FE-FA40762DB474}C:\program files\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdupdate.exe | 

"TCP Query User{D17123E4-C566-47F8-9B4D-EE24D492A66A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{DEA9DF74-35AF-4728-BC42-3FCF18393993}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"UDP Query User{2C4275F1-EFF7-4602-BC4B-170873DAB41D}C:\program files\spybot - search & destroy 2\sdwelcome.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdwelcome.exe | 

"UDP Query User{48C8BE3E-0835-43A6-85C7-45437249EDBD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{5D2FAF3F-863B-4EDD-8982-D9496182A8F4}C:\combofix\combofix-download.3xe" = protocol=17 | dir=in | app=c:\combofix\combofix-download.3xe | 

"UDP Query User{621D1F77-7732-42E4-BBB7-26E8CFD01F24}C:\program files\spybot - search & destroy 2\sdtray.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdtray.exe | 

"UDP Query User{6C6EAEFB-78D3-4086-B3BD-0E3408581E42}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe | 

"UDP Query User{8CBCC891-B82A-43B5-9F26-5310305C38BF}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"UDP Query User{9A6AB610-2CFD-4E3F-9A30-FB157E156066}C:\program files\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdupdate.exe | 

"UDP Query User{E23C5621-87F6-4762-AF1E-19DFB98E8D72}C:\program files\windows defender\msascui.exe" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe | 

"UDP Query User{F8421618-2661-46C6-9FA4-BCA6684E5374}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{FD0CCE4A-7320-4FCD-898F-BCA037D1E59D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library

"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data

"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud

"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie

"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus

"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo

"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting

"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26

"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes

"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6

"{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide

"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor

"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update

"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ

"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool

"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic

"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail

"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = 

"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)

"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari

"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio

"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc

"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform

"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager

"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23

"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting

"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer

"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4

"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials

"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 

"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music

"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform

"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting

"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat  8 Standard - English, Français, Deutsch

"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story

"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2

"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy

"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus

"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00

"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library

"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents

"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter

"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4100

"{E6A3770D-C87A-4505-B8C6-A4CF96AC395C}" = SonicStage Mastering Studio

"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core

"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync

"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}" = Dolby Control Center

"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0

"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager

"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home

"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting

"{FE6E1AF6-6B88-44FE-8101-84AE6A52B393}" = Windows Live Movie Maker-Betaversion

"Adobe Acrobat  8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.1.6 Standard

"Adobe Acrobat  8 Standard - English, Français, Deutsch_816" = Adobe Acrobat 8.1.6 - CPSID_49167

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0

"Allway Sync_is1" = Allway Sync version 11.4.0

"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_104D1700" = HDAUDIO Soft Data Fax Modem with SmartCP

"dt icon module" = 

"ESET Online Scanner" = ESET Online Scanner v3

"Filzip 3.0.6.93_is1" = Filzip 3.06

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4

"Free Studio_is1" = Free Studio version 5.2.0

"Free YouTube Download_is1" = Free YouTube Download 2.9

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923

"GCH Guitar academy" = GCH Guitar academy

"gtfirstboot Setting Request" = 

"Guitar Pro 5_is1" = Guitar Pro 5.2

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO

"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor

"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300

"MarketingTools" = VAIO Marketing Tools

"MFU Module" = 

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)

"NVIDIA Drivers" = NVIDIA Drivers

"Office14.SingleImage" = Microsoft Office Professional 2010

"ProInst" = Intel PROSet Wireless

"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper

"SafeWallet" = SBSH SafeWallet

"Squeezebox Server_is1" = Squeezebox Server 7.6.1

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TuneUp Utilities 2011" = TuneUp Utilities 2011

"Uninstall_is1" = Uninstall 1.0.0.1

"VAIO Help and Support" = 

"VLC media player" = VLC media player 1.1.11

"WinGimp-2.0_is1" = GIMP 2.6.10

"WinLiveSuite_Wave3" = Windows Live Essentials

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"PokerOffice5" = PokerOffice (remove only)

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 24.02.2011 08:48:45 | Computer Name = souchaitidou | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 51558986

 

Error - 24.02.2011 08:48:46 | Computer Name = souchaitidou | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 24.02.2011 08:48:46 | Computer Name = souchaitidou | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 51560203

 

Error - 24.02.2011 08:48:46 | Computer Name = souchaitidou | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 51560203

 

Error - 24.02.2011 08:48:47 | Computer Name = souchaitidou | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 24.02.2011 08:48:47 | Computer Name = souchaitidou | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 51561295

 

Error - 24.02.2011 08:48:47 | Computer Name = souchaitidou | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 51561295

 

Error - 24.02.2011 08:48:49 | Computer Name = souchaitidou | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 24.02.2011 08:48:49 | Computer Name = souchaitidou | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 51563136

 

Error - 24.02.2011 08:48:49 | Computer Name = souchaitidou | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 51563136

 

[ Cisco AnyConnect Secure Mobility Client Events ]

Error - 27.10.2011 15:01:23 | Computer Name = souchaitidou | Source = acvpnagent | ID = 67108866

Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp

Line:

 2626 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 27.10.2011 15:01:23 | Computer Name = souchaitidou | Source = acvpnagent | ID = 67108866

Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 

2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647

 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 27.10.2011 15:01:23 | Computer Name = souchaitidou | Source = acvpnagent | ID = 67108866

Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp

Line:

 2626 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 27.10.2011 15:01:23 | Computer Name = souchaitidou | Source = acvpnagent | ID = 67108866

Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 

2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647

 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 27.10.2011 15:01:23 | Computer Name = souchaitidou | Source = acvpnagent | ID = 67108866

Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp

Line:

 8524 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196

 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 27.10.2011 15:01:23 | Computer Name = souchaitidou | Source = acvpnagent | ID = 67108866

Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:

 6206 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196

 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 27.10.2011 15:01:23 | Computer Name = souchaitidou | Source = acvpnagent | ID = 67108866

Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5933

Invoked

 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:

 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 27.10.2011 15:01:23 | Computer Name = souchaitidou | Source = acvpnagent | ID = 67108866

Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5895

Invoked

 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:

 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 27.10.2011 15:01:23 | Computer Name = souchaitidou | Source = acvpnagent | ID = 67108866

Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp

Line:

 5649 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)

Description:

 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 27.10.2011 15:01:23 | Computer Name = souchaitidou | Source = acvpnagent | ID = 67108866

Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 

5584 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)

Description:

 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

[ System Events ]

Error - 26.10.2011 08:25:22 | Computer Name = souchaitidou | Source = Service Control Manager | ID = 7011

Description = 

 

Error - 26.10.2011 08:30:08 | Computer Name = souchaitidou | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 26.10.2011 10:05:50 | Computer Name = souchaitidou | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 26.10.2011 15:57:48 | Computer Name = souchaitidou | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 27.10.2011 08:38:23 | Computer Name = souchaitidou | Source = Service Control Manager | ID = 7011

Description = 

 

Error - 27.10.2011 08:39:23 | Computer Name = souchaitidou | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 27.10.2011 10:59:25 | Computer Name = souchaitidou | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 27.10.2011 13:48:08 | Computer Name = souchaitidou | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 27.10.2011 15:01:28 | Computer Name = souchaitidou | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 27.10.2011 15:01:29 | Computer Name = souchaitidou | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

 

< End of report >

--- --- ---

Schon ok, mach bitte den Fix

Also, paar minuten nach dem Starten des Fix kamm eine Meldung von Windows dass das Programm nicht richtig funktioniere und es wurde geschloßen. Danach war auf dem Bildschirm nix mehr zu sehen aus der Hintergrund. Nach einem Reboot sieht alles wieder normal aus. folgende Text Datei hab ich gefunden wahrscheinlich von OTL

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Wiederhol den Fix bitte

selbes Problem wie vorhin, jetzt auf dem Desktop halber Dutzend durchsichtige Dateien die mit ~$ anfangen und dort eigentlich nix zu suchen haben.

Internet seiten wie Wikipaedia oder Spiegel online sehen ganz ungewöhlich strukturiert aus, mit fehlenden bilden und rubriken

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Mach danach wieder ein neues OTL-Log.

Also wie schon erwähn das Antivirus (Sophos) hat bei mir nach dem Trojanerbefall nicht mehr funktioniert. Beim Versuch es zu deinstallieren bleiben manche Dateien üblrig die sich nicht löschen lassen. Das Programm lässt sich auch nicht neu installieren, angeblich Berechtigungsprobleme.
Die Zip datei habe ich hochgeladen und einen neuen Quickscan mit OTL durchgeführt.
Es folgt das Log:OTL Logfile:

Code:

OTL logfile created on: 28.10.2011 15:55:49 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\s.chaitidou\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19154)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,12% Memory free

6,19 Gb Paging File | 5,07 Gb Available in Paging File | 81,93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289,21 Gb Total Space | 137,47 Gb Free Space | 47,53% Space Free | Partition Type: NTFS

 

Computer Name: SOUCHAITIDOU | User Name: s.chaitidou | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.10.27 21:32:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\s.chaitidou\Desktop\OTL.exe

PRC - [2011.10.05 15:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe

PRC - [2011.10.05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe

PRC - [2011.10.05 15:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe

PRC - [2011.10.05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe

PRC - [2011.10.05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe

PRC - [2011.09.16 16:51:28 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

PRC - [2011.09.16 16:48:46 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

PRC - [2011.09.09 18:09:37 | 000,523,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

PRC - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.05.25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\s.chaitidou\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.07.15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe

PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.10.05 13:53:06 | 000,576,000 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl

MOD - [2011.04.20 12:39:12 | 000,565,827 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll

MOD - [2006.10.01 21:49:16 | 000,389,120 | ---- | M] () -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeXMP.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.10.05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)

SRV - [2011.10.05 15:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService)

SRV - [2011.10.05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)

SRV - [2011.10.05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)

SRV - [2011.09.16 16:48:46 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011.09.16 16:44:28 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2008.07.28 14:55:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008.07.15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2008.06.27 21:01:36 | 000,299,008 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)

SRV - [2008.06.20 08:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)

SRV - [2008.06.19 19:53:20 | 000,411,488 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

SRV - [2008.06.19 08:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)

SRV - [2008.06.11 23:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)

SRV - [2008.06.11 23:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)

SRV - [2008.05.22 14:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)

SRV - [2008.05.22 14:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)

SRV - [2008.05.20 19:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)

SRV - [2008.05.20 19:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)

SRV - [2008.05.20 19:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)

SRV - [2008.05.20 01:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

SRV - [2008.05.20 01:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2008.05.20 01:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.10.05 15:45:46 | 000,038,504 | ---- | M] () [Kernel | System | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDHookDrv32.sys -- (SDHookDriver)

DRV - [2011.09.12 07:14:39 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)

DRV - [2011.09.09 18:00:05 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)

DRV - [2011.09.09 17:59:19 | 000,057,000 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux)

DRV - [2011.09.09 17:59:19 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acsint.sys -- (acsint)

DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)

DRV - [2011.02.10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV - [2008.07.11 16:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)

DRV - [2008.07.04 02:04:22 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2008.06.20 02:03:46 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)

DRV - [2008.06.20 02:03:15 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2008.06.07 02:12:59 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008.06.07 02:03:46 | 007,478,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008.03.10 13:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)

DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: ""

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )

FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.30 08:50:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.13 10:43:57 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008.12.16 01:28:05 | 000,000,000 | ---D | M]

 

[2011.02.02 13:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\s.chaitidou\AppData\Roaming\mozilla\Extensions

[2011.10.26 11:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\s.chaitidou\AppData\Roaming\mozilla\Firefox\Profiles\ucs85htw.default\extensions

[2011.10.16 18:18:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\s.chaitidou\AppData\Roaming\mozilla\Firefox\Profiles\ucs85htw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.10.25 10:03:14 | 000,000,000 | ---D | M] (SBSH SafeWallet FireFox Extension) -- C:\Users\s.chaitidou\AppData\Roaming\mozilla\Firefox\Profiles\ucs85htw.default\extensions\sbshsafewallet@sbsh.net

[2011.07.02 13:28:43 | 000,002,399 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Roaming\Mozilla\Firefox\Profiles\ucs85htw.default\searchplugins\askcom.xml

[2011.09.27 13:41:08 | 000,000,925 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Roaming\Mozilla\Firefox\Profiles\ucs85htw.default\searchplugins\conduit.xml

[2011.08.13 09:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.04.03 21:34:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.08.13 09:39:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCS85HTW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2009.09.02 07:18:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.09.30 08:50:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.09.30 08:50:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.09.30 08:50:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.09.30 08:50:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.09.30 08:50:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.09.30 08:50:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.09.30 08:50:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.10.27 10:30:53 | 000,433,294 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1        localhost

O1 - Hosts: 127.0.0.1        007guard.com - 007guard and Free Antivirus

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        Scan | Free Anti Virus | Bitdefender | Malware | Avast | Avg | Spyware Removal | Adware at 0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 14939 more lines...

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)

O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)

O4 - Startup: C:\Users\s.chaitidou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\s.chaitidou\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube Download - C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B0FA6DF-2DBD-49AF-AA28-B4DA2BA7C1E2}: Domain = uni-muenchen.de

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B0FA6DF-2DBD-49AF-AA28-B4DA2BA7C1E2}: NameServer = 10.156.33.53,129.187.5.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A99D5DC5-A0E5-4BA5-B946-AA9DECB81D95}: DhcpNameServer = 193.189.244.225 193.189.244.206

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA1E672A-8DF7-4313-8E7A-D0EFDB9324B8}: DhcpNameServer = 138.245.16.100 138.245.175.249

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)

O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found

O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (sdnclean.exe)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt -  File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt -  File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.dvsd - C:\Programme\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.10.28 12:16:09 | 000,000,000 | ---D | C] -- C:\_OTL

[2011.10.27 21:32:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\s.chaitidou\Desktop\OTL.exe

[2011.10.27 15:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011.10.27 14:59:30 | 002,322,184 | ---- | C] (ESET) -- C:\Users\s.chaitidou\Desktop\esetsmartinstaller_enu.exe

[2011.10.27 09:11:44 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Roaming\Malwarebytes

[2011.10.27 09:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.10.27 09:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.10.27 09:11:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.10.27 09:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.10.27 09:09:28 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\s.chaitidou\Desktop\mbam-setup-1.51.2.1300.exe

[2011.10.26 16:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

[2011.10.26 16:52:03 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe

[2011.10.26 15:11:29 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\Documents\Backups

[2011.10.26 15:10:40 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Roaming\Priotecs

[2011.10.26 14:21:50 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Roaming\PeerNetworking

[2011.10.26 13:19:54 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Local\temp

[2011.10.26 13:10:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011.10.26 13:07:12 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011.10.26 12:41:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011.10.26 12:41:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011.10.26 12:41:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011.10.26 12:40:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011.10.26 12:35:37 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011.10.26 12:34:59 | 004,275,391 | R--- | C] (Swearware) -- C:\Users\s.chaitidou\Desktop\ComboFix.exe

[2011.10.26 12:03:40 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

[2011.10.26 11:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\SmartTweak Software

[2011.10.26 11:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\FixMyRegistry

[2011.10.26 11:11:36 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Local\PackageAware

[2011.10.25 15:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5

[2011.10.25 15:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 5

[2011.10.22 14:07:53 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Local\memocard

[2011.10.22 14:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\MemoCard

[2011.10.22 14:06:44 | 000,000,000 | ---D | C] -- C:\Windows\uninstall

[2011.10.22 12:44:16 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Roaming\.anki

[2011.10.21 00:36:14 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Roaming\vlc

[2011.10.21 00:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011.10.19 15:08:20 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2011.10.13 21:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2

[2011.10.12 15:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.10.12 15:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011.10.12 15:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011.10.12 15:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011.10.12 11:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\proSoft24

[2011.10.12 11:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ProSoft24

[2011.10.12 11:04:16 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Local\Conduit

[2011.10.05 19:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

[2011.09.30 17:49:40 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll

[2011.09.30 17:49:40 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[1 C:\Users\s.chaitidou\Desktop\*.tmp files -> C:\Users\s.chaitidou\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.10.28 15:46:43 | 000,057,769 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011.10.28 15:46:43 | 000,057,769 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011.10.28 15:46:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.10.28 15:00:33 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2011.10.28 14:57:04 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job

[2011.10.28 14:55:55 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2011.10.28 14:55:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.10.28 14:55:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.10.28 14:55:35 | 3218,059,264 | -HS- | M] () -- C:\hiberfil.sys

[2011.10.28 14:54:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011.10.27 21:32:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\s.chaitidou\Desktop\OTL.exe

[2011.10.27 18:00:05 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2011.10.27 14:59:34 | 002,322,184 | ---- | M] (ESET) -- C:\Users\s.chaitidou\Desktop\esetsmartinstaller_enu.exe

[2011.10.27 14:38:07 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job

[2011.10.27 14:35:48 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job

[2011.10.27 10:30:53 | 000,433,294 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011.10.27 09:11:38 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.10.27 09:09:35 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\s.chaitidou\Desktop\mbam-setup-1.51.2.1300.exe

[2011.10.26 16:52:07 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2011.10.26 16:06:44 | 000,036,176 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\3.jpg

[2011.10.26 16:05:41 | 000,038,295 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\2.jpg

[2011.10.26 16:03:05 | 000,038,140 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\1.jpg

[2011.10.26 14:38:15 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.10.26 14:38:15 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.10.26 14:38:15 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.10.26 14:38:15 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.10.26 14:21:50 | 000,025,773 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Roaming\UserTile.png

[2011.10.26 13:42:51 | 086,714,064 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\savw_97_sa_sfx.exe

[2011.10.26 13:22:56 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

[2011.10.26 13:10:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111027-103053.backup

[2011.10.26 12:41:09 | 004,275,391 | R--- | M] (Swearware) -- C:\Users\s.chaitidou\Desktop\ComboFix.exe

[2011.10.26 12:08:58 | 000,419,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.10.26 11:04:04 | 000,000,082 | ---- | M] () -- C:\Windows\System32\lexiko.ini

[2011.10.26 10:21:35 | 000,001,875 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\POLYLEX - Verknüpfung.lnk

[2011.10.25 15:01:07 | 000,000,741 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\Guitar Pro 5.lnk

[2011.10.23 10:34:13 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job

[2011.10.22 17:20:53 | 000,000,927 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.10.21 00:36:00 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011.10.16 18:18:09 | 000,001,191 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\Free YouTube to MP3 Converter.lnk

[2011.10.13 23:13:45 | 339,646,871 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.10.13 11:31:02 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2011.10.12 15:21:16 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.10.11 23:06:18 | 000,085,504 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.04 12:25:55 | 000,043,330 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\Doktorarbeit Sarkome.enl

[2011.10.04 09:31:20 | 000,001,356 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Local\d3d9caps.dat

[2011.09.30 09:12:04 | 000,002,192 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\FileMaker Pro - Verknüpfung.lnk

[1 C:\Users\s.chaitidou\Desktop\*.tmp files -> C:\Users\s.chaitidou\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.10.27 09:11:38 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.10.26 16:52:17 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job

[2011.10.26 16:52:16 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job

[2011.10.26 16:52:16 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job

[2011.10.26 16:52:07 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

[2011.10.26 16:52:07 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2011.10.26 16:06:44 | 000,036,176 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\3.jpg

[2011.10.26 16:05:41 | 000,038,295 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\2.jpg

[2011.10.26 16:03:05 | 000,038,140 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\1.jpg

[2011.10.26 14:21:50 | 000,025,773 | ---- | C] () -- C:\Users\s.chaitidou\AppData\Roaming\UserTile.png

[2011.10.26 13:40:47 | 086,714,064 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\savw_97_sa_sfx.exe

[2011.10.26 12:41:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011.10.26 12:41:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011.10.26 12:41:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011.10.26 12:41:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011.10.26 12:41:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011.10.26 10:21:05 | 000,001,875 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\POLYLEX - Verknüpfung.lnk

[2011.10.25 15:01:07 | 000,000,741 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\Guitar Pro 5.lnk

[2011.10.22 17:20:53 | 000,000,927 | ---- | C] () -- C:\Users\s.chaitidou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.10.21 00:36:00 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011.10.16 18:18:09 | 000,001,191 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\Free YouTube to MP3 Converter.lnk

[2011.10.13 23:13:45 | 339,646,871 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011.10.12 15:21:16 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.05.19 19:03:09 | 000,140,388 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2011.01.20 20:51:14 | 000,004,096 | -H-- | C] () -- C:\Users\s.chaitidou\AppData\Local\keyfile3.drm

[2010.10.24 23:00:24 | 000,000,082 | ---- | C] () -- C:\Windows\System32\lexiko.ini

[2010.10.20 20:07:08 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2010.10.20 20:07:07 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7030.DAT

[2010.10.20 19:01:35 | 000,000,111 | ---- | C] () -- C:\Windows\telephon.ini

[2010.08.13 23:09:42 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI

[2010.04.23 10:51:06 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2010.04.23 10:42:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010.04.23 10:40:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.03.09 14:59:19 | 000,000,118 | ---- | C] () -- C:\Users\s.chaitidou\AppData\Roaming\wklnhst.dat

[2009.01.15 20:34:36 | 000,085,504 | ---- | C] () -- C:\Users\s.chaitidou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.12.02 04:06:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.11.29 18:40:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008.11.23 13:27:02 | 000,001,356 | ---- | C] () -- C:\Users\s.chaitidou\AppData\Local\d3d9caps.dat

[2008.10.12 02:42:35 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI

[2008.10.12 02:34:49 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll

[2008.10.12 02:10:58 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2008.07.28 21:59:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008.07.28 12:57:50 | 000,057,769 | ---- | C] () -- C:\ProgramData\nvModes.001

[2008.07.28 12:57:48 | 000,057,769 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2008.07.28 12:48:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2008.01.21 09:15:58 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.01.21 09:15:58 | 000,127,464 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007.04.16 03:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,419,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2004.08.09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI

[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

 
 ========== LOP Check ==========

 

[2011.10.22 12:48:04 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\.anki

[2009.05.21 11:56:34 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DriverCure

[2011.10.28 15:00:59 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Dropbox

[2011.10.16 18:18:34 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoft

[2011.06.26 21:40:47 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.05.01 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\EndNote

[2010.08.04 18:06:59 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\FileMaker

[2010.08.29 23:33:18 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\gtk-2.0

[2011.10.26 14:21:50 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\PeerNetworking

[2011.10.26 15:10:40 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Priotecs

[2011.05.06 19:36:09 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\SBSH SafeWallet

[2011.09.19 11:56:09 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Sync App Settings

[2009.03.09 14:59:22 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Template

[2011.05.20 07:09:32 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\TuneUp Software

[2011.10.28 14:57:04 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job

[2011.10.27 18:00:05 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job

[2011.10.23 10:34:13 | 000,000,428 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job

[2011.10.27 14:35:48 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

[2011.10.27 14:38:07 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job

[2011.10.28 14:54:33 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.10.26 13:22:56 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.10.22 12:48:04 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\.anki

[2010.10.21 20:18:24 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Adobe

[2011.08.13 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Apple Computer

[2008.12.02 20:13:37 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\ArcSoft

[2010.10.24 12:52:19 | 000,000,000 | R--D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Brother

[2010.01.26 21:53:29 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DivX

[2009.05.21 11:56:34 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DriverCure

[2011.10.28 15:00:59 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Dropbox

[2011.10.16 18:18:34 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoft

[2011.06.26 21:40:47 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.05.01 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\EndNote

[2010.08.04 18:06:59 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\FileMaker

[2008.11.29 18:05:51 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Google

[2010.08.29 23:33:18 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\gtk-2.0

[2008.01.21 03:43:07 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Identities

[2008.10.12 02:06:53 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\InstallShield

[2009.04.07 16:41:05 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Intel

[2008.10.12 02:25:12 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Macromedia

[2011.10.27 09:11:44 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Media Center Programs

[2011.09.19 22:53:50 | 000,000,000 | --SD | M] -- C:\Users\s.chaitidou\AppData\Roaming\Microsoft

[2011.02.02 13:35:13 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Mozilla

[2011.10.26 14:21:50 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\PeerNetworking

[2011.10.26 15:10:40 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Priotecs

[2011.05.06 19:36:09 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\SBSH SafeWallet

[2011.01.25 22:52:16 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Skype

[2011.01.25 22:51:27 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\skypePM

[2010.08.05 16:40:04 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Sony Corporation

[2011.09.19 11:56:09 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Sync App Settings

[2009.03.09 14:59:22 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Template

[2011.05.20 07:09:32 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\TuneUp Software

[2011.10.21 00:36:29 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\vlc

[2008.12.16 01:28:17 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Yahoo!

 
 < %APPDATA%\*.exe /s >

[2011.05.25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\s.chaitidou\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2011.05.25 22:07:18 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\s.chaitidou\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2010.08.05 16:22:42 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\s.chaitidou\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2008.10.12 02:18:36 | 000,010,134 | R--- | M] () -- C:\Users\s.chaitidou\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys

[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys

[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2008.01.21 04:24:47 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

 
 <           >
 

< End of report >

--- --- ---

Ich glaub die Datei war zu groß. Lad sie bitte mal hier hoch => File-Upload.net - Ihr kostenloser File Hoster! und verlink es hier

Datei wurde hochgeladen

download link: File-Upload.net - MovedFiles.zip

Das ist keine Verlinkung. Du musst den kompletten Link posten. Mach aus einem http ein hxxp bitte

[danke ich hab die Datei, mach den Link jetzt unkenntliche falls was Persönliches dabei sein sollte //cosinus ]

Kennst du diesen Ordner auf C: => savw_97_sa

Den hab ich versehentlich mitgelöscht, ich denke das ist was Legitimes.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

was du gelöscht hast ist nicht schlimm, das ist von sophos antivirus, was sich eh nicht installieren lässt

TDSS Killer Report:

10:09:58.0968 5768 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
10:10:00.0971 5768 ============================================================
10:10:00.0972 5768 Current date / time: 2011/10/29 10:10:00.0971
10:10:00.0972 5768 SystemInfo:
10:10:00.0972 5768
10:10:00.0972 5768 OS Version: 6.0.6002 ServicePack: 2.0
10:10:00.0972 5768 Product type: Workstation
10:10:00.0972 5768 ComputerName: SOUCHAITIDOU
10:10:00.0975 5768 UserName: s.chaitidou
10:10:00.0975 5768 Windows directory: C:\Windows
10:10:00.0975 5768 System windows directory: C:\Windows
10:10:00.0975 5768 Processor architecture: Intel x86
10:10:00.0975 5768 Number of processors: 2
10:10:00.0975 5768 Page size: 0x1000
10:10:00.0975 5768 Boot type: Normal boot
10:10:00.0975 5768 ============================================================
10:10:01.0649 5768 Initialize success
10:12:09.0475 2068 ============================================================
10:12:09.0475 2068 Scan started
10:12:09.0475 2068 Mode: Manual; SigCheck; TDLFS;
10:12:09.0475 2068 ============================================================
10:12:09.0880 2068 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:12:10.0068 2068 ACPI - ok
10:12:10.0520 2068 acsint (c0a9a0be382321a7a6adfcc4b305f062) C:\Windows\system32\DRIVERS\acsint.sys
10:12:10.0567 2068 acsint - ok
10:12:10.0692 2068 acsmux (9d4b043fa3a628c6f0d56954a71cd726) C:\Windows\system32\DRIVERS\acsmux.sys
10:12:10.0723 2068 acsmux - ok
10:12:10.0863 2068 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:12:10.0894 2068 adp94xx - ok
10:12:11.0394 2068 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:12:11.0425 2068 adpahci - ok
10:12:12.0158 2068 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:12:12.0174 2068 adpu160m - ok
10:12:13.0032 2068 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:12:13.0047 2068 adpu320 - ok
10:12:14.0014 2068 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:12:14.0155 2068 AFD - ok
10:12:14.0888 2068 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:12:14.0919 2068 agp440 - ok
10:12:15.0106 2068 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:12:15.0122 2068 aic78xx - ok
10:12:15.0309 2068 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:12:15.0325 2068 aliide - ok
10:12:15.0512 2068 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:12:15.0543 2068 amdagp - ok
10:12:15.0699 2068 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:12:15.0730 2068 amdide - ok
10:12:15.0886 2068 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:12:16.0058 2068 AmdK7 - ok
10:12:16.0386 2068 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:12:16.0479 2068 AmdK8 - ok
10:12:16.0729 2068 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:12:16.0744 2068 arc - ok
10:12:16.0916 2068 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:12:16.0932 2068 arcsas - ok
10:12:17.0119 2068 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:12:17.0212 2068 AsyncMac - ok
10:12:17.0446 2068 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
10:12:17.0478 2068 atapi - ok
10:12:17.0836 2068 athr (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys
10:12:17.0961 2068 athr - ok
10:12:18.0195 2068 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:12:18.0273 2068 Beep - ok
10:12:18.0476 2068 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:12:18.0554 2068 blbdrive - ok
10:12:18.0788 2068 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:12:18.0850 2068 bowser - ok
10:12:18.0975 2068 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:12:19.0116 2068 BrFiltLo - ok
10:12:19.0240 2068 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:12:19.0318 2068 BrFiltUp - ok
10:12:19.0365 2068 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:12:19.0615 2068 Brserid - ok
10:12:19.0818 2068 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:12:19.0974 2068 BrSerWdm - ok
10:12:20.0114 2068 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:12:20.0254 2068 BrUsbMdm - ok
10:12:20.0754 2068 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:12:20.0878 2068 BrUsbSer - ok
10:12:21.0159 2068 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
10:12:21.0222 2068 BthEnum - ok
10:12:21.0331 2068 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:12:21.0487 2068 BTHMODEM - ok
10:12:21.0783 2068 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
10:12:21.0877 2068 BthPan - ok
10:12:22.0173 2068 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
10:12:22.0267 2068 BTHPORT - ok
10:12:22.0438 2068 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
10:12:22.0485 2068 BTHUSB - ok
10:12:22.0688 2068 btwaudio (ed97cd06ef748004b8aac56c2d0aa5db) C:\Windows\system32\drivers\btwaudio.sys
10:12:22.0719 2068 btwaudio - ok
10:12:22.0875 2068 btwavdt (4871b5ed4757197135ff65be61da44b3) C:\Windows\system32\drivers\btwavdt.sys
10:12:22.0891 2068 btwavdt - ok
10:12:23.0062 2068 btwl2cap (6af9fd2aeebdc16a98d3e30e68440c5c) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:12:23.0078 2068 btwl2cap - ok
10:12:23.0203 2068 btwrchid (f5da7df99cf11fcb68e2bea12002f63a) C:\Windows\system32\DRIVERS\btwrchid.sys
10:12:23.0218 2068 btwrchid - ok
10:12:23.0234 2068 catchme - ok
10:12:23.0281 2068 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:12:23.0343 2068 cdfs - ok
10:12:23.0530 2068 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:12:23.0608 2068 cdrom - ok
10:12:23.0764 2068 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:12:23.0842 2068 circlass - ok
10:12:23.0967 2068 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:12:23.0983 2068 CLFS - ok
10:12:24.0186 2068 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:12:24.0264 2068 CmBatt - ok
10:12:24.0420 2068 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:12:24.0435 2068 cmdide - ok
10:12:24.0638 2068 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:12:24.0654 2068 Compbatt - ok
10:12:24.0794 2068 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:12:24.0810 2068 crcdisk - ok
10:12:24.0872 2068 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:12:24.0966 2068 Crusoe - ok
10:12:25.0059 2068 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
10:12:25.0106 2068 CVirtA - ok
10:12:25.0324 2068 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:12:25.0402 2068 DfsC - ok
10:12:25.0683 2068 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:12:25.0699 2068 disk - ok
10:12:25.0855 2068 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
10:12:25.0870 2068 DMICall - ok
10:12:26.0026 2068 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
10:12:26.0042 2068 DNE - ok
10:12:26.0260 2068 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:12:26.0354 2068 drmkaud - ok
10:12:26.0588 2068 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:12:26.0650 2068 DXGKrnl - ok
10:12:26.0760 2068 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:12:26.0838 2068 E1G60 - ok
10:12:26.0994 2068 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:12:27.0025 2068 Ecache - ok
10:12:27.0306 2068 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:12:27.0352 2068 elxstor - ok
10:12:27.0586 2068 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:12:27.0664 2068 ErrDev - ok
10:12:27.0820 2068 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:12:27.0945 2068 exfat - ok
10:12:28.0132 2068 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:12:28.0195 2068 fastfat - ok
10:12:28.0351 2068 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:12:28.0429 2068 fdc - ok
10:12:28.0585 2068 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:12:28.0616 2068 FileInfo - ok
10:12:28.0678 2068 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:12:28.0756 2068 Filetrace - ok
10:12:28.0944 2068 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:12:29.0006 2068 flpydisk - ok
10:12:29.0224 2068 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:12:29.0271 2068 FltMgr - ok
10:12:29.0474 2068 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:12:29.0536 2068 Fs_Rec - ok
10:12:29.0677 2068 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:12:29.0692 2068 gagp30kx - ok
10:12:29.0880 2068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:12:29.0895 2068 GEARAspiWDM - ok
10:12:30.0051 2068 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:12:30.0192 2068 HdAudAddService - ok
10:12:30.0535 2068 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:12:30.0706 2068 HDAudBus - ok
10:12:30.0894 2068 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:12:31.0018 2068 HidBth - ok
10:12:31.0252 2068 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:12:31.0330 2068 HidIr - ok
10:12:31.0455 2068 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:12:31.0533 2068 HidUsb - ok
10:12:31.0689 2068 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:12:31.0705 2068 HpCISSs - ok
10:12:32.0001 2068 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:12:32.0095 2068 HSFHWAZL - ok
10:12:32.0344 2068 HSF_DPV (888d170d7fe1f2ab09ed72da4cbd32d1) C:\Windows\system32\DRIVERS\HSX_DPV.sys
10:12:32.0454 2068 HSF_DPV - ok
10:12:32.0766 2068 HSXHWAZL (6734b167529a3542849ccdfeb49ee9f2) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
10:12:32.0812 2068 HSXHWAZL - ok
10:12:33.0015 2068 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:12:33.0109 2068 HTTP - ok
10:12:33.0296 2068 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:12:33.0327 2068 i2omp - ok
10:12:33.0655 2068 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:12:33.0717 2068 i8042prt - ok
10:12:33.0904 2068 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
10:12:33.0936 2068 iaStor - ok
10:12:34.0138 2068 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:12:34.0170 2068 iaStorV - ok
10:12:34.0341 2068 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:12:34.0372 2068 iirsp - ok
10:12:34.0840 2068 IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys
10:12:34.0965 2068 IntcAzAudAddService - ok
10:12:35.0199 2068 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:12:35.0215 2068 intelide - ok
10:12:35.0386 2068 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:12:35.0464 2068 intelppm - ok
10:12:35.0667 2068 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:12:35.0761 2068 IpFilterDriver - ok
10:12:36.0026 2068 IpInIp - ok
10:12:36.0244 2068 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:12:36.0307 2068 IPMIDRV - ok
10:12:36.0510 2068 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:12:36.0588 2068 IPNAT - ok
10:12:36.0775 2068 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:12:36.0853 2068 IRENUM - ok
10:12:37.0056 2068 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:12:37.0071 2068 isapnp - ok
10:12:37.0258 2068 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:12:37.0290 2068 iScsiPrt - ok
10:12:37.0477 2068 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:12:37.0492 2068 iteatapi - ok
10:12:37.0726 2068 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:12:37.0758 2068 iteraid - ok
10:12:37.0898 2068 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:12:37.0929 2068 kbdclass - ok
10:12:37.0960 2068 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
10:12:38.0038 2068 kbdhid - ok
10:12:38.0179 2068 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
10:12:38.0226 2068 KMWDFILTER - ok
10:12:38.0553 2068 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:12:38.0600 2068 KSecDD - ok
10:12:38.0865 2068 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:12:38.0974 2068 lltdio - ok
10:12:39.0146 2068 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:12:39.0177 2068 LSI_FC - ok
10:12:39.0193 2068 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:12:39.0208 2068 LSI_SAS - ok
10:12:39.0240 2068 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:12:39.0255 2068 LSI_SCSI - ok
10:12:39.0396 2068 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:12:39.0427 2068 luafv - ok
10:12:39.0739 2068 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
10:12:39.0754 2068 MBAMProtector - ok
10:12:39.0832 2068 MBAMSwissArmy - ok
10:12:39.0879 2068 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:12:39.0926 2068 mdmxsdk - ok
10:12:39.0973 2068 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:12:40.0004 2068 megasas - ok
10:12:40.0098 2068 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:12:40.0160 2068 MegaSR - ok
10:12:40.0222 2068 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:12:40.0300 2068 Modem - ok
10:12:40.0378 2068 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:12:40.0472 2068 monitor - ok
10:12:40.0519 2068 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:12:40.0550 2068 mouclass - ok
10:12:40.0612 2068 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:12:40.0690 2068 mouhid - ok
10:12:40.0722 2068 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:12:40.0753 2068 MountMgr - ok
10:12:40.0784 2068 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:12:40.0815 2068 mpio - ok
10:12:40.0862 2068 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:12:40.0909 2068 mpsdrv - ok
10:12:40.0987 2068 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:12:41.0002 2068 Mraid35x - ok
10:12:41.0080 2068 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:12:41.0143 2068 MRxDAV - ok
10:12:41.0221 2068 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:12:41.0299 2068 mrxsmb - ok
10:12:41.0392 2068 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:12:41.0439 2068 mrxsmb10 - ok
10:12:41.0517 2068 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:12:41.0564 2068 mrxsmb20 - ok
10:12:41.0673 2068 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
10:12:41.0673 2068 msahci - ok
10:12:41.0736 2068 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:12:41.0751 2068 msdsm - ok
10:12:41.0798 2068 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:12:41.0845 2068 Msfs - ok
10:12:41.0892 2068 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:12:41.0907 2068 msisadrv - ok
10:12:42.0001 2068 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:12:42.0063 2068 MSKSSRV - ok
10:12:42.0126 2068 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:12:42.0172 2068 MSPCLOCK - ok
10:12:42.0250 2068 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:12:42.0297 2068 MSPQM - ok
10:12:42.0375 2068 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:12:42.0391 2068 MsRPC - ok
10:12:42.0484 2068 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:12:42.0500 2068 mssmbios - ok
10:12:42.0562 2068 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:12:42.0625 2068 MSTEE - ok
10:12:42.0672 2068 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:12:42.0703 2068 Mup - ok
10:12:42.0781 2068 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:12:42.0828 2068 NativeWifiP - ok
10:12:42.0921 2068 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:12:42.0984 2068 NDIS - ok
10:12:43.0062 2068 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:12:43.0124 2068 NdisTapi - ok
10:12:43.0202 2068 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:12:43.0280 2068 Ndisuio - ok
10:12:43.0374 2068 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:12:43.0420 2068 NdisWan - ok
10:12:43.0514 2068 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:12:43.0561 2068 NDProxy - ok
10:12:43.0639 2068 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
10:12:43.0701 2068 Netaapl - ok
10:12:43.0779 2068 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:12:43.0842 2068 NetBIOS - ok
10:12:43.0966 2068 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:12:44.0029 2068 netbt - ok
10:12:44.0247 2068 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
10:12:44.0528 2068 NETw5v32 - ok
10:12:44.0653 2068 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:12:44.0668 2068 nfrd960 - ok
10:12:44.0715 2068 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:12:44.0762 2068 Npfs - ok
10:12:44.0887 2068 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:12:44.0949 2068 nsiproxy - ok
10:12:45.0027 2068 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:12:45.0074 2068 Ntfs - ok
10:12:45.0199 2068 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:12:45.0308 2068 ntrigdigi - ok
10:12:45.0355 2068 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:12:45.0448 2068 Null - ok
10:12:45.0745 2068 nvlddmkm (f5365b576e1f3ec9aec37b1aacada179) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:12:46.0072 2068 nvlddmkm - ok
10:12:46.0213 2068 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:12:46.0228 2068 nvraid - ok
10:12:46.0275 2068 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:12:46.0306 2068 nvstor - ok
10:12:46.0400 2068 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:12:46.0431 2068 nv_agp - ok
10:12:46.0447 2068 NwlnkFlt - ok
10:12:46.0462 2068 NwlnkFwd - ok
10:12:46.0509 2068 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:12:46.0540 2068 ohci1394 - ok
10:12:46.0696 2068 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:12:46.0821 2068 Parport - ok
10:12:46.0868 2068 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:12:46.0868 2068 partmgr - ok
10:12:46.0977 2068 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:12:47.0118 2068 Parvdm - ok
10:12:47.0164 2068 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:12:47.0180 2068 pci - ok
10:12:47.0289 2068 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
10:12:47.0305 2068 pciide - ok
10:12:47.0336 2068 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:12:47.0367 2068 pcmcia - ok
10:12:47.0445 2068 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:12:47.0664 2068 PEAUTH - ok
10:12:47.0788 2068 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:12:47.0866 2068 PptpMiniport - ok
10:12:47.0976 2068 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:12:48.0022 2068 Processor - ok
10:12:48.0147 2068 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:12:48.0210 2068 PSched - ok
10:12:48.0334 2068 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
10:12:48.0350 2068 PxHelp20 - ok
10:12:48.0428 2068 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:12:48.0522 2068 ql2300 - ok
10:12:48.0646 2068 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:12:48.0678 2068 ql40xx - ok
10:12:48.0709 2068 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:12:48.0771 2068 QWAVEdrv - ok
10:12:48.0865 2068 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:12:48.0927 2068 RasAcd - ok
10:12:48.0974 2068 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:12:49.0052 2068 Rasl2tp - ok
10:12:49.0177 2068 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:12:49.0239 2068 RasPppoe - ok
10:12:49.0270 2068 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:12:49.0302 2068 RasSstp - ok
10:12:49.0458 2068 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:12:49.0504 2068 rdbss - ok
10:12:49.0551 2068 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:12:49.0614 2068 RDPCDD - ok
10:12:49.0738 2068 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
10:12:49.0770 2068 rdpdr - ok
10:12:49.0816 2068 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:12:49.0863 2068 RDPENCDD - ok
10:12:49.0988 2068 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
10:12:50.0050 2068 RDPWD - ok
10:12:50.0113 2068 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
10:12:50.0144 2068 regi - ok
10:12:50.0269 2068 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
10:12:50.0316 2068 RFCOMM - ok
10:12:50.0378 2068 rimsptsk (d0c2a0ce1091e08efb7ccba6cea4c3f9) C:\Windows\system32\DRIVERS\rimsptsk.sys
10:12:50.0425 2068 rimsptsk - ok
10:12:50.0534 2068 risdptsk (c22e4e27ccdf9aa5fe8143104f28cde3) C:\Windows\system32\DRIVERS\risdptsk.sys
10:12:50.0565 2068 risdptsk - ok
10:12:50.0721 2068 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:12:50.0768 2068 rspndr - ok
10:12:50.0924 2068 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:12:50.0940 2068 sbp2port - ok
10:12:50.0986 2068 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
10:12:51.0064 2068 sdbus - ok
10:12:51.0189 2068 sdcfilter (30bde6ba44a5afeb63f78eda06c64866) C:\Windows\system32\DRIVERS\sdcfilter.sys
10:12:51.0205 2068 sdcfilter - ok
10:12:51.0345 2068 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
10:12:51.0361 2068 SDHookDriver - ok
10:12:51.0532 2068 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:12:51.0657 2068 secdrv - ok
10:12:51.0766 2068 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:12:51.0891 2068 Serenum - ok
10:12:51.0922 2068 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:12:52.0047 2068 Serial - ok
10:12:52.0188 2068 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:12:52.0266 2068 sermouse - ok
10:12:52.0328 2068 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
10:12:52.0375 2068 SFEP - ok
10:12:52.0468 2068 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:12:52.0515 2068 sffdisk - ok
10:12:52.0578 2068 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:12:52.0640 2068 sffp_mmc - ok
10:12:52.0718 2068 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:12:52.0812 2068 sffp_sd - ok
10:12:52.0905 2068 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
10:12:52.0936 2068 sfloppy - ok
10:12:53.0030 2068 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:12:53.0030 2068 sisagp - ok
10:12:53.0124 2068 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:12:53.0139 2068 SiSRaid2 - ok
10:12:53.0217 2068 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:12:53.0248 2068 SiSRaid4 - ok
10:12:53.0342 2068 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:12:53.0404 2068 Smb - ok
10:12:53.0514 2068 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:12:53.0545 2068 spldr - ok
10:12:53.0670 2068 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:12:53.0732 2068 srv - ok
10:12:53.0794 2068 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:12:53.0872 2068 srv2 - ok
10:12:53.0950 2068 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:12:53.0982 2068 srvnet - ok
10:12:54.0075 2068 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:12:54.0091 2068 swenum - ok
10:12:54.0169 2068 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:12:54.0184 2068 Symc8xx - ok
10:12:54.0262 2068 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:12:54.0294 2068 Sym_hi - ok
10:12:54.0356 2068 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:12:54.0372 2068 Sym_u3 - ok
10:12:54.0418 2068 SynTP (a04e767ea7c30eabb1bb8b4b57ede4f6) C:\Windows\system32\DRIVERS\SynTP.sys
10:12:54.0450 2068 SynTP - ok
10:12:54.0574 2068 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
10:12:54.0668 2068 Tcpip - ok
10:12:54.0871 2068 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
10:12:54.0933 2068 Tcpip6 - ok
10:12:55.0074 2068 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:12:55.0136 2068 tcpipreg - ok
10:12:55.0276 2068 TcUsb (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys
10:12:55.0292 2068 TcUsb - ok
10:12:55.0323 2068 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:12:55.0401 2068 TDPIPE - ok
10:12:55.0495 2068 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:12:55.0557 2068 TDTCP - ok
10:12:55.0588 2068 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:12:55.0635 2068 tdx - ok
10:12:55.0744 2068 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:12:55.0776 2068 TermDD - ok
10:12:55.0869 2068 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:12:55.0916 2068 tssecsrv - ok
10:12:55.0978 2068 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
10:12:55.0994 2068 TuneUpUtilitiesDrv - ok
10:12:56.0119 2068 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:12:56.0181 2068 tunmp - ok
10:12:56.0306 2068 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:12:56.0353 2068 tunnel - ok
10:12:56.0400 2068 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:12:56.0431 2068 uagp35 - ok
10:12:56.0556 2068 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:12:56.0602 2068 udfs - ok
10:12:56.0696 2068 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:12:56.0712 2068 uliagpkx - ok
10:12:56.0805 2068 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:12:56.0836 2068 uliahci - ok
10:12:56.0899 2068 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:12:56.0930 2068 UlSata - ok
10:12:57.0024 2068 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:12:57.0055 2068 ulsata2 - ok
10:12:57.0102 2068 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:12:57.0164 2068 umbus - ok
10:12:57.0226 2068 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
10:12:57.0273 2068 USBAAPL - ok
10:12:57.0382 2068 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:12:57.0445 2068 usbccgp - ok
10:12:57.0601 2068 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:12:57.0726 2068 usbcir - ok
10:12:57.0882 2068 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:12:57.0944 2068 usbehci - ok
10:12:58.0053 2068 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:12:58.0131 2068 usbhub - ok
10:12:58.0272 2068 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:12:58.0396 2068 usbohci - ok
10:12:58.0521 2068 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:12:58.0568 2068 usbprint - ok
10:12:58.0599 2068 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:12:58.0630 2068 usbscan - ok
10:12:58.0740 2068 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:12:58.0786 2068 USBSTOR - ok
10:12:58.0833 2068 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:12:58.0880 2068 usbuhci - ok
10:12:59.0020 2068 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
10:12:59.0098 2068 usbvideo - ok
10:12:59.0254 2068 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:12:59.0332 2068 vga - ok
10:12:59.0364 2068 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:12:59.0410 2068 VgaSave - ok
10:12:59.0520 2068 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:12:59.0535 2068 viaagp - ok
10:12:59.0551 2068 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:12:59.0598 2068 ViaC7 - ok
10:12:59.0707 2068 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:12:59.0722 2068 viaide - ok
10:12:59.0863 2068 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:12:59.0878 2068 volmgr - ok
10:12:59.0941 2068 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:12:59.0972 2068 volmgrx - ok
10:13:00.0097 2068 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:13:00.0144 2068 volsnap - ok
10:13:00.0222 2068 vpnva (0d8df4058901616a4e716ab67d472581) C:\Windows\system32\DRIVERS\vpnva.sys
10:13:00.0237 2068 vpnva - ok
10:13:00.0362 2068 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:13:00.0393 2068 vsmraid - ok
10:13:00.0440 2068 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:13:00.0565 2068 WacomPen - ok
10:13:00.0705 2068 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:13:00.0768 2068 Wanarp - ok
10:13:00.0768 2068 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:13:00.0814 2068 Wanarpv6 - ok
10:13:00.0955 2068 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:13:00.0970 2068 Wd - ok
10:13:01.0033 2068 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:13:01.0080 2068 Wdf01000 - ok
10:13:01.0251 2068 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
10:13:01.0282 2068 WimFltr - ok
10:13:01.0438 2068 winachsf (f1265727c078406299ff4b3b033e3132) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
10:13:01.0516 2068 winachsf - ok
10:13:01.0672 2068 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
10:13:01.0735 2068 WmiAcpi - ok
10:13:01.0860 2068 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
10:13:01.0906 2068 WpdUsb - ok
10:13:02.0047 2068 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:13:02.0125 2068 ws2ifsl - ok
10:13:02.0281 2068 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:13:02.0343 2068 WUDFRd - ok
10:13:02.0421 2068 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
10:13:02.0468 2068 XAudio - ok
10:13:02.0562 2068 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys
10:13:02.0624 2068 yukonwlh - ok
10:13:02.0686 2068 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:13:03.0763 2068 \Device\Harddisk0\DR0 - ok
10:13:03.0794 2068 Boot (0x1200) (4c44dc2b38ef2b91d41d3213cae7f39c) \Device\Harddisk0\DR0\Partition0
10:13:03.0794 2068 \Device\Harddisk0\DR0\Partition0 - ok
10:13:03.0794 2068 ============================================================
10:13:03.0794 2068 Scan finished
10:13:03.0794 2068 ============================================================
10:13:03.0810 5428 Detected object count: 0
10:13:03.0810 5428 Actual detected object count: 0

Ok, führ nochmal Combofix aus, lösch die alte combofix.exe vorher:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

combfiw log datei:
Combofix Logfile:

Code:

ComboFix 11-10-30.01 - s.chaitidou 30.10.2011  12:01:03.2.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3068.1819 [GMT 1:00]

ausgeführt von:: c:\users\s.chaitidou\Desktop\ComboFix.exe

SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-09-28 bis 2011-10-30  ))))))))))))))))))))))))))))))

.

.

2011-10-30 11:10 . 2011-10-30 11:10        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-10-29 08:24 . 2011-10-29 08:24        --------        d-----w-        C:\savw_97_sa

2011-10-28 12:55 . 2011-10-30 10:11        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{406D9907-C51E-40C7-9F60-1422731511EB}\offreg.dll

2011-10-28 10:16 . 2011-10-28 13:48        --------        d-----w-        C:\_OTL

2011-10-28 05:56 . 2011-10-07 03:48        6668624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{406D9907-C51E-40C7-9F60-1422731511EB}\mpengine.dll

2011-10-27 13:01 . 2011-10-27 13:01        --------        d-----w-        c:\program files\ESET

2011-10-27 07:11 . 2011-10-27 07:11        --------        d-----w-        c:\users\s.chaitidou\AppData\Roaming\Malwarebytes

2011-10-27 07:11 . 2011-10-27 07:11        --------        d-----w-        c:\programdata\Malwarebytes

2011-10-27 07:11 . 2011-10-27 07:11        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-10-27 07:11 . 2011-08-31 15:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-10-26 13:10 . 2011-10-26 13:10        --------        d-----w-        c:\users\s.chaitidou\AppData\Roaming\Priotecs

2011-10-26 12:21 . 2011-10-26 12:21        --------        d-----w-        c:\users\s.chaitidou\AppData\Roaming\PeerNetworking

2011-10-26 11:19 . 2011-10-30 11:10        --------        d-----w-        c:\users\s.chaitidou\AppData\Local\temp

2011-10-26 10:45 . 2009-04-11 04:45        185856        ----a-w-        c:\windows\system32\drivers\netbt.sys

2011-10-26 10:03 . 2011-10-26 10:03        --------        d-sh--w-        c:\windows\system32\%APPDATA%

2011-10-26 09:37 . 2011-10-26 09:37        --------        d-----w-        c:\program files\SmartTweak Software

2011-10-26 09:12 . 2011-10-26 09:59        --------        d-----w-        c:\program files\FixMyRegistry

2011-10-26 09:11 . 2011-10-26 09:11        --------        d-----w-        c:\users\s.chaitidou\AppData\Local\PackageAware

2011-10-26 07:02 . 2011-08-13 04:43        6144        ----a-w-        c:\program files\Internet Explorer\iecompat.dll

2011-10-25 13:00 . 2011-10-25 13:00        --------        d-----w-        c:\program files\Guitar Pro 5

2011-10-22 12:07 . 2011-10-22 12:36        --------        d-----w-        c:\users\s.chaitidou\AppData\Local\memocard

2011-10-22 12:06 . 2011-10-22 12:42        --------        d-----w-        c:\program files\MemoCard

2011-10-22 12:06 . 2011-10-22 12:42        --------        d-----w-        c:\windows\uninstall

2011-10-22 10:44 . 2011-10-22 10:48        --------        d-----w-        c:\users\s.chaitidou\AppData\Roaming\.anki

2011-10-20 22:36 . 2011-10-20 22:36        --------        d-----w-        c:\users\s.chaitidou\AppData\Roaming\vlc

2011-10-13 19:18 . 2011-10-30 10:58        --------        d-----w-        c:\program files\Spybot - Search & Destroy 2

2011-10-13 18:58 . 2011-08-25 16:15        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll

2011-10-13 18:58 . 2011-08-25 16:14        238080        ----a-w-        c:\windows\system32\oleacc.dll

2011-10-13 18:58 . 2011-08-25 16:14        563712        ----a-w-        c:\windows\system32\oleaut32.dll

2011-10-13 18:58 . 2011-08-25 13:31        4096        ----a-w-        c:\windows\system32\oleaccrc.dll

2011-10-12 13:19 . 2011-10-12 13:19        --------        d-----w-        c:\program files\iPod

2011-10-12 13:19 . 2011-10-12 13:21        --------        d-----w-        c:\program files\iTunes

2011-10-12 13:11 . 2011-10-26 11:06        --------        d-----w-        c:\program files\Bonjour

2011-10-12 09:05 . 2011-10-12 09:05        --------        d-----w-        c:\program files\proSoft24

2011-10-12 09:05 . 2011-10-12 09:48        --------        d-----w-        c:\programdata\ProSoft24

2011-10-12 09:04 . 2011-10-12 09:49        --------        d-----w-        c:\users\s.chaitidou\AppData\Local\Conduit

2011-09-30 15:49 . 2011-09-16 14:44        21312        ----a-w-        c:\windows\system32\authuitu.dll

2011-09-30 15:49 . 2011-09-16 14:44        29504        ----a-w-        c:\windows\system32\uxtuneup.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-26 09:03 . 2011-06-03 11:39        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-16 14:52 . 2011-05-19 16:55        31552        ----a-w-        c:\windows\system32\TURegOpt.exe

2011-09-12 05:14 . 2011-09-12 05:14        24312        ----a-w-        c:\windows\system32\drivers\sdcfilter.sys

2011-09-12 05:14 . 2011-09-12 05:14        131824        ----a-w-        c:\windows\system32\sdccoinstaller.dll

2011-09-09 16:10 . 2011-09-09 16:10        10704        ----a-w-        c:\windows\system32\vpncategories.dll

2011-09-09 16:10 . 2011-09-09 16:10        33232        ----a-w-        c:\windows\system32\vpnevents.dll

2011-09-09 16:00 . 2011-09-09 16:00        23464        ----a-w-        c:\windows\system32\drivers\vpnva.sys

2011-09-09 15:59 . 2011-09-09 15:59        57000        ----a-r-        c:\windows\system32\drivers\acsmux.sys

2011-09-09 15:59 . 2011-09-09 15:59        38440        ----a-r-        c:\windows\system32\drivers\acsint.sys

2011-08-30 21:05 . 2011-08-30 21:05        83816        ----a-w-        c:\windows\system32\dns-sd.exe

2011-08-30 21:05 . 2011-08-30 21:05        73064        ----a-w-        c:\windows\system32\dnssd.dll

2011-09-30 06:50 . 2011-07-01 16:08        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\s.chaitidou\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\s.chaitidou\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\s.chaitidou\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-27 262144]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-06-23 6111232]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1295656]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]

"Skytel"="Skytel.exe" [2008-06-23 1826816]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-07 13539872]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-07 92704]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]

"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\s.chaitidou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\s.chaitidou\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-1 768552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2008-07-15 16:04        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0sdnclean.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ehTray.exe"=c:\windows\ehome\ehTray.exe

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe"

"MarketingTools"=c:\program files\Sony\Marketing Tools\MarketingTools.exe

"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]

R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2011-09-12 24312]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-06-27 299008]

R4 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [x]

R4 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-20 103712]

R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-20 353568]

R4 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-20 62752]

R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-19 411488]

R4 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]

R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-11 337184]

R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-11 83232]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-09-16 1526080]

S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]

S3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [2011-09-09 38440]

S3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [2011-09-09 57000]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-05 29736]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]

S4 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Inhalt des "geplante Tasks" Ordners

.

2011-10-28 c:\windows\Tasks\ParetoLogic Registration.job

- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

.

2011-10-30 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

.

2011-10-26 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

- c:\windows\system32\msfeedssync.exe [2011-10-13 21:29]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

mStart Page = 

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\s.chaitidou\AppData\Roaming\Mozilla\Firefox\Profiles\ucs85htw.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - Google

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-10-30 12:10

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(7612)

c:\users\s.chaitidou\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

Zeit der Fertigstellung: 2011-10-30  12:14:54

ComboFix-quarantined-files.txt  2011-10-30 11:14

ComboFix2.txt  2011-10-26 11:19

.

Vor Suchlauf: 19 Verzeichnis(se), 147.243.175.936 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 147.203.850.240 Bytes frei

.

- - End Of File - - 6F54A651A561924F6344CB4A2F3F9B16

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

GMER log
GMER Logfile:

Code:

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover

Rootkit scan 2011-10-31 11:05:58

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01

Running: pgn8r2o2.exe; Driver: C:\Users\SE4A0~1.CHA\AppData\Local\Temp\fwlorfoc.sys
 
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text  C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                             section is writeable [0x8EC01340, 0x3E2047, 0xE8000020]
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [73CE7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [73D3A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [73CEBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [73CDF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [73CE75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [73CDE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73D18395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [73CEDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [73CDFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [73CDFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [73CD71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [73D6CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [73D0C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [73CDD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [73CD6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [73CD687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [73CE2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d02856f                          

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f499fe7                          

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f4edbf2                          

Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d02856f (not active ControlSet)      

Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214f499fe7 (not active ControlSet)      

Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214f4edbf2 (not active ControlSet)      
 

---- EOF - GMER 1.0.15 ----

--- --- ---

osam log
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 11:23:20 on 31.10.2011
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 7.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[AppInit DLLs]

-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----

"AppInit_DLLs" - "Sophos Limited" - C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll

"AppInit_DLLs" - "Sophos Limited" - C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - ? - sdnclean.exe  (File not found)
 

[Common]

-----( %SystemRoot%\Tasks )-----

"ParetoLogic Registration.job" - ? - C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll

"ParetoLogic Update Version2.job" - ? - C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL

"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"acsint" (acsint) - "Cisco Systems, Inc." - C:\Windows\System32\DRIVERS\acsint.sys

"acsmux" (acsmux) - "Cisco Systems, Inc." - C:\Windows\System32\DRIVERS\acsmux.sys

"catchme" (catchme) - ? - C:\Users\SE4A0~1.CHA\AppData\Local\Temp\catchme.sys  (File not found)

"fwlorfoc" (fwlorfoc) - ? - C:\Users\SE4A0~1.CHA\AppData\Local\Temp\fwlorfoc.sys  (Hidden registry entry, rootkit activity | File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys  (File not found)

"regi" (regi) - "InterVideo" - C:\Windows\system32\drivers\regi.sys

"sdcfilter" (sdcfilter) - "Sophos Plc" - C:\Windows\System32\DRIVERS\sdcfilter.sys

"Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys

"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} "Veoh Web Player Video Finder" - "Veoh Networks Inc" - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\s.chaitidou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\s.chaitidou\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe"                                                                                                                                                                                                                      

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"                                                                                                                                                                                                                

"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"Cisco AnyConnect Secure Mobility Agent for Windows" - "Cisco Systems, Inc." - "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll

"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Adobe Active File Monitor V6" (AdobeActiveFileMonitor6.0) - ? - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Cisco AnyConnect Secure Mobility Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
 

[Winlogon]

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"Sophos Web Intelligence LSP" - "Sophos Limited" - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

Und was ist mit aswMBR?

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-31 11:26:24
-----------------------------
11:26:24.705 OS Version: Windows 6.0.6002 Service Pack 2
11:26:24.705 Number of processors: 2 586 0x1706
11:26:24.720 ComputerName: SOUCHAITIDOU UserName: s.chaitidou
11:26:26.717 Initialize success
11:29:58.073 AVAST engine defs: 11103100
11:30:22.627 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:30:22.627 Disk 0 Vendor: TOSHIBA_ LV01 Size: 305245MB BusType: 3
11:30:22.627 Disk 1 \Device\Harddisk1\DR1 -> \Device\000000ac
11:30:22.643 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
11:30:22.643 Disk 2 \Device\Harddisk2\DR2 -> \Device\000000ad
11:30:22.643 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
11:30:22.970 Disk 0 MBR read successfully
11:30:22.970 Disk 0 MBR scan
11:30:22.970 Disk 0 Windows VISTA default MBR code
11:30:23.079 Disk 0 scanning sectors +625141760
11:30:23.891 Disk 0 scanning C:\Windows\system32\drivers
11:31:55.712 Service scanning
11:31:57.085 Modules scanning
11:33:42.338 Disk 0 trace - called modules:
11:33:42.447 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys PxHelp20.sys
11:33:42.463 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86976ac8]
11:33:42.479 3 CLASSPNP.SYS[8abaa8b3] -> nt!IofCallDriver -> [0x85ec9408]
11:33:42.479 5 acpi.sys[8068f6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84f95028]
11:33:43.945 AVAST engine scan C:\Windows
11:35:50.995 AVAST engine scan C:\Windows\system32
11:42:07.517 AVAST engine scan C:\Windows\system32\drivers
11:42:22.041 AVAST engine scan C:\Users\s.chaitidou
12:36:01.218 AVAST engine scan C:\ProgramData
12:44:35.301 Scan finished successfully
12:51:10.750 Disk 0 MBR has been saved successfully to "C:\Users\s.chaitidou\Desktop\MBR.dat"
12:51:10.766 The log file has been saved successfully to "C:\Users\s.chaitidou\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8046

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

31.10.2011 16:08:15
mbam-log-2011-10-31 (16-08-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 353628
Laufzeit: 2 Stunde(n), 12 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 10/31/2011 at 07:03 PM

Application Version : 5.0.1134

Core Rules Database Version : 7868
Trace Rules Database Version: 5680

Scan type : Complete Scan
Total Scan Time : 02:41:39

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 615
Memory threats detected : 0
Registry items scanned : 38684
Registry threats detected : 0
File items scanned : 178008
File threats detected : 91

Adware.Tracking Cookie
C:\USERS\S.CHAITIDOU\AppData\Roaming\Microsoft\Windows\Cookies\Low\s.chaitidou@find.in[1].txt [ Cookie:s.chaitidou@find.in.gr/ ]
C:\USERS\S.CHAITIDOU\AppData\Roaming\Microsoft\Windows\Cookies\Low\s.chaitidou@im.banner.t-online[1].txt [ Cookie:s.chaitidou@im.banner.t-online.de/ ]
C:\USERS\S.CHAITIDOU\AppData\Roaming\Microsoft\Windows\Cookies\Low\s.chaitidou@www.google[2].txt [ Cookie:s.chaitidou@www.google.com/accounts ]
C:\USERS\S.CHAITIDOU\AppData\Roaming\Microsoft\Windows\Cookies\Low\21VT1GE4.txt [ Cookie:s.chaitidou@accounts.google.com/ ]
C:\USERS\S.CHAITIDOU\AppData\Roaming\Microsoft\Windows\Cookies\Low\s.chaitidou@adfarm1.adition[2].txt [ Cookie:s.chaitidou@adfarm1.adition.com/ ]
C:\USERS\S.CHAITIDOU\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q95JW9XO.txt [ Cookie:s.chaitidou@www.google.de/accounts ]
C:\USERS\S.CHAITIDOU\AppData\Roaming\Microsoft\Windows\Cookies\Low\s.chaitidou@ad3.adfarm1.adition[2].txt [ Cookie:s.chaitidou@ad3.adfarm1.adition.com/ ]
C:\USERS\S.CHAITIDOU\AppData\Roaming\Microsoft\Windows\Cookies\Low\s.chaitidou@tradedoubler[7].txt [ Cookie:s.chaitidou@tradedoubler.com/ ]
C:\USERS\S.CHAITIDOU\AppData\Roaming\Microsoft\Windows\Cookies\Low\MB2OIJ16.txt [ Cookie:s.chaitidou@www.google.com/accounts ]
C:\USERS\S.CHAITIDOU\AppData\Roaming\Microsoft\Windows\Cookies\Low\s.chaitidou@media6degrees[2].txt [ Cookie:s.chaitidou@media6degrees.com/ ]
C:\USERS\S.CHAITIDOU\AppData\Roaming\Microsoft\Windows\Cookies\Low\XX6MM764.txt [ Cookie:s.chaitidou@google.com/accounts/ ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ADTECH[1].TXT [ /ADTECH ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@AD.DYNTRACKER[2].TXT [ /AD.DYNTRACKER ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@AD.ADNET[2].TXT [ /AD.ADNET ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@AD.ZANOX[2].TXT [ /AD.ZANOX ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@AD1.ADFARM1.ADITION[1].TXT [ /AD1.ADFARM1.ADITION ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@AD1.ADFARM1.ADITION[2].TXT [ /AD1.ADFARM1.ADITION ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@AD1.ADFARM1.ADITION[4].TXT [ /AD1.ADFARM1.ADITION ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@AD2.ADFARM1.ADITION[1].TXT [ /AD2.ADFARM1.ADITION ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@AD2.ADFARM1.ADITION[2].TXT [ /AD2.ADFARM1.ADITION ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@AD2.ADFARM1.ADITION[3].TXT [ /AD2.ADFARM1.ADITION ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@AD4.ADFARM1.ADITION[1].TXT [ /AD4.ADFARM1.ADITION ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ADFARM1.ADITION[3].TXT [ /ADFARM1.ADITION ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ADS.MED2CLICK[2].TXT [ /ADS.MED2CLICK ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ADS.BOERSE[2].TXT [ /ADS.BOERSE ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ADS.CREATIVE-SERVING[2].TXT [ /ADS.CREATIVE-SERVING ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ADSERVER.DOCCHECK[1].TXT [ /ADSERVER.DOCCHECK ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ADSERVER.DOCCHECK[2].TXT [ /ADSERVER.DOCCHECK ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ADSERVER.DOCCHECK[3].TXT [ /ADSERVER.DOCCHECK ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ADSERVER.DOCCHECK[5].TXT [ /ADSERVER.DOCCHECK ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ADTECH[3].TXT [ /ADTECH ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ADTECH[4].TXT [ /ADTECH ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ADTECH[5].TXT [ /ADTECH ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@APMEBF[1].TXT [ /APMEBF ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@COLLECTIVE-MEDIA[2].TXT [ /COLLECTIVE-MEDIA ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@EAS.APM.EMEDIATE[1].TXT [ /EAS.APM.EMEDIATE ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@EAS.APM.EMEDIATE[3].TXT [ /EAS.APM.EMEDIATE ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@EAS.APM.EMEDIATE[4].TXT [ /EAS.APM.EMEDIATE ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@FASTCLICK[1].TXT [ /FASTCLICK ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@FASTCLICK[2].TXT [ /FASTCLICK ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@FASTCLICK[3].TXT [ /FASTCLICK ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@HBXTRACKING.SUEDDEUTSCHE[2].TXT [ /HBXTRACKING.SUEDDEUTSCHE ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@IM.BANNER.T-ONLINE[3].TXT [ /IM.BANNER.T-ONLINE ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@KOMTRACK[1].TXT [ /KOMTRACK ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@KOMTRACK[2].TXT [ /KOMTRACK ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@MED2CLICK[1].TXT [ /MED2CLICK ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@MEDIAPLEX[3].TXT [ /MEDIAPLEX ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@NEXTAG[1].TXT [ /NEXTAG ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@NEXTAG[2].TXT [ /NEXTAG ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@SERVING-SYS[1].TXT [ /SERVING-SYS ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@TRAFFICTRACK[1].TXT [ /TRAFFICTRACK ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@TRACKING.QUISMA[1].TXT [ /TRACKING.QUISMA ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@TRADEDOUBLER[2].TXT [ /TRADEDOUBLER ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@TRADEDOUBLER[3].TXT [ /TRADEDOUBLER ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@TRADEDOUBLER[4].TXT [ /TRADEDOUBLER ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@TRADEDOUBLER[5].TXT [ /TRADEDOUBLER ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@TRAFFICTRACK[3].TXT [ /TRAFFICTRACK ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@WEBMASTERPLAN[1].TXT [ /WEBMASTERPLAN ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@WEBMASTERPLAN[2].TXT [ /WEBMASTERPLAN ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@WW251.SMARTADSERVER[1].TXT [ /WW251.SMARTADSERVER ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@WW251.SMARTADSERVER[2].TXT [ /WW251.SMARTADSERVER ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@WWW.ETRACKER[2].TXT [ /WWW.ETRACKER ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@WWW.GOOGLEADSERVICES[1].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@WWW.GOOGLEADSERVICES[6].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@WWW.GOOGLEADSERVICES[9].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ZANOX[2].TXT [ /ZANOX ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ZANOX-AFFILIATE[2].TXT [ /ZANOX-AFFILIATE ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ZANOX[1].TXT [ /ZANOX ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ZANOX[3].TXT [ /ZANOX ]
C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S.CHAITIDOU@ZANOX[4].TXT [ /ZANOX ]
accounts.youtube.com [ C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCS85HTW.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCS85HTW.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCS85HTW.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCS85HTW.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCS85HTW.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCS85HTW.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCS85HTW.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCS85HTW.DEFAULT\COOKIES.SQLITE ]
.sonyeurope.112.2o7.net [ C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCS85HTW.DEFAULT\COOKIES.SQLITE ]
.sonygs.112.2o7.net [ C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCS85HTW.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCS85HTW.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCS85HTW.DEFAULT\COOKIES.SQLITE ]

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7af2ea47af861742ba1d0ffc3aa5898d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-27 04:09:49
# local_time=2011-10-27 06:09:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 1663 157253446 0 0
# compatibility_mode=8192 67108863 100 0 213 213 0 0
# compatibility_mode=8449 16774142 33 2 1672 19622087 0 0
# scanned=298734
# found=13
# cleaned=0
# scan_time=11071
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Bonjour\mDNSResponder.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Sony\VAIO Event Service\VESMgr.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Sophos\AutoUpdate\ALsvc.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\system32\nvvsvc.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\xaudio.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\s.chaitidou\Downloads\SoftonicDownloader_fuer_daxa-chart.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7af2ea47af861742ba1d0ffc3aa5898d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-31 08:30:59
# local_time=2011-10-31 09:30:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 37103 157617735 0 0
# compatibility_mode=8192 67108863 100 0 364502 364502 0 0
# compatibility_mode=8449 16774142 33 2 119120 19986376 0 0
# scanned=198780
# found=18
# cleaned=0
# scan_time=8051
C:\Qoobox\Quarantine\C\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Bonjour\mDNSResponder.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Sony\VAIO Event Service\VESMgr.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Sophos\AutoUpdate\ALsvc.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\system32\nvvsvc.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\netbt.sys.vir a variant of Win32/Rootkit.Kryptik.EQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\netbt.sys.vir_ a variant of Win32/Rootkit.Kryptik.EQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\xaudio.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9C9WLXQ\index[1].htm JS/Kryptik.CZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys a variant of Win32/Rootkit.Kryptik.EQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\10282011_121721\C_Program Files\Sony\VAIO Event Service\VESMgrSub.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\10282011_121721\C_Users\s.chaitidou\Downloads\SoftonicDownloader_fuer_daxa-chart.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

Code:

:Files

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

:Commands

[emptytemp]

[resethosts]

All processes killed
========== FILES ==========
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9C9WLXQ folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAW3ECAA folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO1EUG7U folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0RYP44K folder moved successfully.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: s.chaitidou
->Temp folder emptied: 60212089 bytes
->Temporary Internet Files folder emptied: 52850340 bytes
->Java cache emptied: 97989 bytes
->FireFox cache emptied: 101089496 bytes
->Apple Safari cache emptied: 2297856 bytes
->Flash cache emptied: 58287 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50699 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 207,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11012011_081753

Files\Folders moved on Reboot...
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 folder moved successfully.

Registry entries deleted on Reboot...

Ok. Ansonsten nur Cookies. Die Überreste haben wir eben mit OTL unschädlich gemacht.
Rechner soweit wieder im Lot?

Nach soviel Medizin kein Wunder :-)

Beim wiederinstallieren vom Sophos gibt es probleme. von der alten installation ist noch eine Datei übrig unter c: Programme/sophos/sophos antivirus/ savservice.exe die sich nicht beseitigen lässt und das ist notwendig um die software wieder zu instellieren. Die kann ich auch manuell nicht löschen. Hast du da eine Idee? Ich dacht es könnte was mit der QUarantäne zu tun haben.

Code:

:Files

c:\Programme\sophos\sophos antivirus

:Commands

[emptytemp]

[resethosts]

All processes killed
========== FILES ==========
c:\Programme\sophos\Sophos Anti-Virus folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: s.chaitidou
->Temp folder emptied: 6807434 bytes
->Temporary Internet Files folder emptied: 14511810 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61469508 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1031 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54009 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 79,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11022011_103305

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Sophos müsste nun weg sein.
Bitte mal prüfen ob die Installation nun geht.

JA Super! Hat jetzt geklappt. Was noch anders ist am Rechner ist eine allgemein veränderte Schrifft, (also keine Windows Tahoma mehr) was mich aber wenig stört, und Probleme von Itunes die sich auch nach Reparatur nicht beheben lassen. Da müsste ich entl de- und neuinstallation versuchen. Was merkwürdig erscheint ist dass der Rechner ständigt beschäftig erscheint, die Festplatte arbeitet ununterbrochen und ich kann nicht verstehen welcher Prozess dafür verantwortlich ist. Hast du da eine Idee? Kann ich eigentliche die Programme die wir verwendet haben alle löschen? Welches würdest du empfehlen als Antimalwäre evtl zu behalten damit mit in Zukunft besser geschützt ist?

Das sind Probleme die man evtl. in einem anderen Strang lösen muss. Aber warte erst ab, mach mal erst alle Updates:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Ok, das werde ich alles erledigen. Vielen Dank für deine Mühe und Zeit, war einiges ein Aufwand was du erbracht hast. Eine Spende von mir für euer Trojaner-Board habt ihr auf jeden Fall verdient! Viel Erfolg noch für die Zukunft!
Gruß