Trojaner-Board - "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" (https://www.trojaner-board.de/107910-sicherheitsgruenden-wurde-windowssystem-blockiert.html)

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"

Hallo miteinander,

leider bin ich - wie, wahrscheinlich viele hier - ziemlich unerfahren was Viren angeht.

Ich habe vor ca. einer Woche das erste Mal die Meldung bekommen "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" und weiter unten ist ein Button auf dem steht: Bezahlen und runterladen.

Das Bild erscheint ca. 20 min nachdem ich meinen Computer hochfahre und eine Verbindung mit dem Internet herstelle.

Dieses Otl habe ich zwar runtergeladen, aber weiß nicht so recht, was ich da jetzt genau hier rein kopieren muss.
Bitte um Rat und Hilfe.

Danke schon mal im voraus.

Lg Sony

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Code:

 Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.11.06
 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Vivian :: VIVIAN-VAIO [Administrator]
 

11.01.2012 21:12:59

mbam-log-2012-01-11 (21-12-59).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 188959

Laufzeit: 2 Minute(n), 43 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\Vivian\AppData\Local\Temp\ICReinstall\MovConverterSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

 Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.11.06
 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Vivian :: VIVIAN-VAIO [Administrator]
 

11.01.2012 21:58:25

mbam-log-2012-01-11 (21-58-25).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 188921

Laufzeit: 3 Minute(n), 57 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

 Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.11.06
 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Vivian :: VIVIAN-VAIO [Administrator]
 

12.01.2012 16:17:06

mbam-log-2012-01-12 (16-17-06).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 188953

Laufzeit: 4 Minute(n), 33 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

 ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=977200808b070e4baf9da4b3b0dc2158

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-11 11:29:55

# local_time=2012-01-12 12:29:55 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=5121 16776573 100 82 178896 78685980 0 0

# compatibility_mode=5893 16776574 66 85 59379858 77949882 0 0

# compatibility_mode=8192 67108863 100 0 5276 5276 0 0

# scanned=196394

# found=9

# cleaned=0

# scan_time=4562

C:\Users\Vivian\AppData\Local\Temp\jar_cache5831071218264847875.tmp        Java/Exploit.CVE-2011-3544.U trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\Local\Temp\jar_cache6749330812500825252.tmp        Java/Exploit.CVE-2010-0840.AG trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\Local\Temp\is1972027439\MyBabylonTB.exe        a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\43296140-48953afe        a variant of Java/TrojanDownloader.Agent.ME trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-160890db        Java/Exploit.CVE-2010-4452.A trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\23669837-662ae6be        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\66be8c7c-58540273        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-45d85659        a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-72060844        a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not read file from internet.ESETSmartInstaller@High as downloader log:

Can not read file from internet.# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=977200808b070e4baf9da4b3b0dc2158

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-12 06:20:28

# local_time=2012-01-12 07:20:28 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=5121 16776573 100 82 246615 78753699 0 0

# compatibility_mode=5893 16776574 66 85 59447577 78017601 0 0

# compatibility_mode=8192 67108863 100 0 72995 72995 0 0

# scanned=197083

# found=9

# cleaned=0

# scan_time=4678

C:\Users\Vivian\AppData\Local\Temp\jar_cache5831071218264847875.tmp        Java/Exploit.CVE-2011-3544.U trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\Local\Temp\jar_cache6749330812500825252.tmp        Java/Exploit.CVE-2010-0840.AG trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\Local\Temp\is1972027439\MyBabylonTB.exe        a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\43296140-48953afe        a variant of Java/TrojanDownloader.Agent.ME trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-160890db        Java/Exploit.CVE-2010-4452.A trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\23669837-662ae6be        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\66be8c7c-58540273        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-45d85659        a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-72060844        a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I

Danke für die schnelle Antwort!!

Mein Laptop wurde allerdings am Sonntag, auf den Stand von Dezember, zurückgesetzt. Seitdem habe ich die Meldung zwar nicht mehr bekommen, aber der Trojaner müsste trotzdem noch da sein oder?
Beim ersten Scan von Malware wurde ja auch etwas gefunden, könnte das der Trojaner sein?
Der Laptop arbeitet auch von Tag zu Tag langsamer..

LG Sony

Zitat:

Art des Suchlaufs: Quick-Scan

Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

Ups, hatte ich falsch verstanden, sorry!
Hier der Vollscan:

Code:

 Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.13.02
 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Vivian :: VIVIAN-VAIO [Administrator]
 

13.01.2012 09:19:58

mbam-log-2012-01-13 (09-19-58).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 370551

Laufzeit: 1 Stunde(n), 5 Minute(n), 23 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 14.01.2012 02:48:05 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Vivian\Downloads

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,86 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 61,08% Memory free

7,71 Gb Paging File | 5,77 Gb Available in Paging File | 74,85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 455,14 Gb Total Space | 380,43 Gb Free Space | 83,58% Space Free | Partition Type: NTFS

Drive H: | 15,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive J: | 7,45 Gb Total Space | 1,11 Gb Free Space | 14,93% Space Free | Partition Type: FAT32

 

Computer Name: VIVIAN-VAIO | User Name: Vivian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.01.14 02:43:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vivian\Downloads\OTL.exe

PRC - [2011.02.14 12:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe

PRC - [2011.01.29 04:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe

PRC - [2010.06.10 05:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe

PRC - [2010.06.10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe

PRC - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe

PRC - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe

PRC - [2010.03.24 14:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe

PRC - [2010.02.23 09:15:43 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe

PRC - [2010.02.19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

PRC - [2010.01.08 15:59:24 | 000,540,672 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\Mobile Partner.exe

PRC - [2009.12.14 21:06:24 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2009.12.14 21:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2009.12.01 22:03:52 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe

PRC - [2009.11.21 00:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2009.11.21 00:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2009.10.27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe

PRC - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

PRC - [2009.10.15 16:34:36 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe

PRC - [2009.10.15 16:34:36 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

PRC - [2009.10.15 16:34:34 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

PRC - [2009.10.15 16:34:34 | 000,099,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe

PRC - [2009.10.15 16:34:34 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe

PRC - [2009.10.15 14:17:10 | 000,072,192 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Media Gallery\ElbServer.exe

PRC - [2009.10.02 12:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe

PRC - [2009.09.14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

PRC - [2009.09.14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

PRC - [2009.09.04 22:35:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2009.09.01 21:42:00 | 000,361,840 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

PRC - [2009.08.26 19:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe

PRC - [2009.07.08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe

PRC - [2009.07.07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe

PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.01.12 03:26:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll

MOD - [2011.10.15 15:17:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\cabd75d4716ede2fed948cbff94dcc38\System.ServiceProcess.ni.dll

MOD - [2011.10.15 15:16:56 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll

MOD - [2011.10.15 15:16:47 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll

MOD - [2011.10.15 15:16:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll

MOD - [2011.10.15 15:16:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll

MOD - [2011.10.15 15:16:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll

MOD - [2011.10.15 15:16:22 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll

MOD - [2011.10.15 15:16:11 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll

MOD - [2010.11.17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2010.03.04 11:27:44 | 000,139,264 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\LocaleMgrPlugin.dll

MOD - [2010.03.04 11:27:08 | 000,163,840 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\SMSPlugin.dll

MOD - [2010.03.04 11:26:24 | 000,032,768 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\NotifyServicePlugin.dll

MOD - [2010.03.04 11:24:40 | 000,057,344 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\ConfigFilePlugin.dll

MOD - [2010.03.04 11:23:36 | 000,114,688 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\DeviceMgrPlugin.dll

MOD - [2010.03.04 11:21:30 | 000,147,456 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\NetInfoPlugin.dll

MOD - [2010.03.04 11:19:18 | 000,090,112 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\DialUpPlugin.dll

MOD - [2010.03.04 11:18:20 | 000,245,760 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\DeviceMgrUIPlugin.dll

MOD - [2010.03.04 11:00:52 | 000,991,232 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\NDISAPI.dll

MOD - [2010.02.23 17:48:42 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010.01.15 14:53:34 | 000,598,016 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\atcomm.dll

MOD - [2010.01.15 14:53:34 | 000,167,936 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\DetectDev.dll

MOD - [2010.01.15 14:53:34 | 000,090,112 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\FileManager.dll

MOD - [2010.01.15 14:53:34 | 000,061,440 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\XCodec.dll

MOD - [2010.01.15 14:53:34 | 000,061,440 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\DeviceOperate.dll

MOD - [2010.01.15 14:53:34 | 000,014,848 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\isaputrace.dll

MOD - [2010.01.08 15:59:24 | 000,540,672 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\Mobile Partner.exe

MOD - [2009.06.09 19:52:36 | 000,495,616 | ---- | M] () -- C:\Programme\Sony\VAIO Personalization Manager\sqlite3.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.09.23 14:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)

SRV:64bit: - [2011.02.14 12:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)

SRV:64bit: - [2011.01.29 04:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)

SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010.02.19 19:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)

SRV:64bit: - [2010.02.19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)

SRV:64bit: - [2010.01.27 21:10:56 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.11.30 19:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

SRV:64bit: - [2009.11.25 19:06:06 | 000,821,760 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)

SRV:64bit: - [2009.09.01 21:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)

SRV - [2011.08.10 10:53:46 | 000,102,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010.06.10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010.02.24 12:16:08 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2010.02.17 15:45:16 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Paused] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2010.02.17 14:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)

SRV - [2009.12.14 21:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2009.12.14 21:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2009.11.21 00:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)

SRV - [2009.10.27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2009.10.15 16:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)

SRV - [2009.10.15 16:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)

SRV - [2009.10.15 16:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)

SRV - [2009.10.15 16:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)

SRV - [2009.10.15 16:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)

SRV - [2009.10.02 12:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)

SRV - [2009.09.14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)

SRV - [2009.09.14 19:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)

SRV - [2009.09.14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)

SRV - [2009.09.04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2009.08.31 01:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)

SRV - [2009.08.31 01:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)

SRV - [2009.07.08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy)

SRV - [2009.07.07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe -- (McNASvc)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.09.22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010.07.15 14:18:22 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)

DRV:64bit: - [2010.02.17 15:52:42 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2010.02.17 15:52:42 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2010.02.17 15:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)

DRV:64bit: - [2010.02.17 15:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)

DRV:64bit: - [2010.01.27 21:10:59 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009.12.16 21:03:59 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)

DRV:64bit: - [2009.12.16 21:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009.12.16 05:04:17 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009.12.16 03:49:48 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2009.12.14 21:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)

DRV:64bit: - [2009.12.07 19:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2009.12.07 19:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)

DRV:64bit: - [2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009.11.18 05:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009.11.18 05:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2009.11.18 05:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2009.11.18 05:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2009.11.18 05:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2009.11.13 21:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009.11.12 21:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009.11.12 21:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009.11.06 21:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)

DRV:64bit: - [2009.10.12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)

DRV:64bit: - [2009.10.09 03:47:00 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009.09.15 21:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)

DRV:64bit: - [2009.08.19 21:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)

DRV:64bit: - [2009.05.20 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKLM\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "data:text/plain,browser.startup.homepage=hxxp://de.search.yahoo.com/firefox/?fr=ffbr-sfp"

FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="

FF - prefs.js..browser.search.defaultthis.engineName: "ClipGrab Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2536373&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ClipGrab Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2536373&SearchSource=13"

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {e36df325-3f4b-476f-8f89-123bc5d51a30}:3.4.1.0

FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Users\Vivian\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.01.09 22:44:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Users\Vivian\Mozilla Firefox\components [2012.01.09 22:32:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Users\Vivian\Mozilla Firefox\plugins [2012.01.09 22:32:25 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Users\Vivian\Mozilla Firefox\components [2012.01.09 22:32:25 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Users\Vivian\Mozilla Firefox\plugins [2012.01.09 22:32:25 | 000,000,000 | ---D | M]

 

[2010.07.21 22:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vivian\AppData\Roaming\Mozilla\Extensions

[2012.01.14 00:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions

[2010.08.21 12:37:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.05.23 09:48:03 | 000,000,000 | ---D | M] (ClipGrab Community Toolbar) -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}

[2011.05.18 15:31:32 | 000,000,919 | ---- | M] () -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\searchplugins\conduit.xml

[2012.01.09 22:44:52 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR

[2010.07.21 21:20:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}

[2010.08.13 21:38:44 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL ()

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll ()

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)

O2 - BHO: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (ClipGrab Toolbar) - {E36DF325-3F4B-476F-8F89-123BC5D51A30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [McENUI] C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide File not found

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe (Sony Corporation)

O4 - HKCU..\Run: [ICQ] C:\Users\Vivian\Icq7\ICQ7.2\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vivian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vivian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Users\Vivian\Icq7\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Users\Vivian\Icq7\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37DEE150-B1AD-46B7-BA1E-68FDC81E4E86}: NameServer = 193.189.244.225 193.189.244.206

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - H:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2010.03.11 01:26:10 | 000,000,047 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{03bd265c-16ef-11e1-88e2-5442490fae68}\Shell - "" = AutoRun

O33 - MountPoints2\{03bd265c-16ef-11e1-88e2-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{243dae4b-095d-11e1-8c64-5442490fae68}\Shell - "" = AutoRun

O33 - MountPoints2\{243dae4b-095d-11e1-8c64-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{2a350baa-d2d3-11df-8544-5442490fae68}\Shell - "" = AutoRun

O33 - MountPoints2\{2a350baa-d2d3-11df-8544-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{73a86308-94fd-11df-901e-506313b20245}\Shell - "" = AutoRun

O33 - MountPoints2\{73a86308-94fd-11df-901e-506313b20245}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{73a8630e-94fd-11df-901e-506313b20245}\Shell - "" = AutoRun

O33 - MountPoints2\{73a8630e-94fd-11df-901e-506313b20245}\Shell\AutoRun\command - "" = I:\AutoRun.exe

O33 - MountPoints2\{a1ba04ee-c0d2-11df-b267-5442490fae68}\Shell - "" = AutoRun

O33 - MountPoints2\{a1ba04ee-c0d2-11df-b267-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{a1ba04fb-c0d2-11df-b267-5442490fae68}\Shell - "" = AutoRun

O33 - MountPoints2\{a1ba04fb-c0d2-11df-b267-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{abe4217c-0980-11e1-be6d-5442490fae68}\Shell - "" = AutoRun

O33 - MountPoints2\{abe4217c-0980-11e1-be6d-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: mcmscsvc - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SafeBootMin: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: mcmscsvc - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SafeBootNet: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SafeBootNet: Messenger - Service

SafeBootNet: MpfService - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 

ActiveX:64bit: >{DB562198-3A06-4B5D-86EF-D9ED5AD005BC} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.11 22:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.01.11 21:01:56 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Roaming\Malwarebytes

[2012.01.11 21:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.01.11 21:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.01.11 21:01:50 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.01.11 21:01:50 | 000,000,000 | ---D | C] -- C:\Users\Vivian\NeuerOrdner

[2012.01.09 22:20:45 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2011.12.27 14:49:55 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{E44FF127-FF31-4BD7-8479-F49D8016ABD8}

[2011.12.27 14:49:43 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{90BA516A-AFCB-4B68-93D1-3D22B73BC140}

[2011.12.27 14:39:19 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{5256D5D7-DD21-4227-BA78-5E4154F06A80}

[2011.12.27 14:39:06 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{C2196297-FB56-4AE6-B9CB-AD590C703EA7}

[2011.12.27 14:25:06 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{AED2575D-5889-4CCD-BD99-64763FB89A38}

[2011.12.27 14:24:54 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{666B9409-8FC0-49F9-902E-60DA42240239}

[2011.12.24 15:50:17 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{4A9D194F-221D-4655-9F52-4A83EE5A2517}

[2011.12.24 15:50:03 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{3AD3B5F4-4BC2-44F8-AEAE-81E720EACC7A}

[2011.12.24 00:53:04 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{F7890E45-80C8-43CD-A657-446A3E2F1778}

[2011.12.24 00:51:00 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{DEB0A233-37DD-4C96-A14B-5EFF509E705A}

[2011.12.24 00:50:45 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{5EDBA4D8-C8F3-4826-82A3-41021EB76493}

[2011.12.24 00:39:47 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{3E9BFDD6-91F7-40DB-BB05-A5A7E3338FE0}

[2011.12.24 00:39:30 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{5053AF3F-5B39-47DA-99F9-0002C9487BDD}

[2011.12.23 17:37:54 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{78240971-4C5C-45BA-BAFE-AA17B759EFBE}

[2011.12.23 17:37:43 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{288FD5DE-4C52-4124-806E-D2C9502A8A0D}

[2011.12.17 16:10:11 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{5E085598-2983-4E65-93DF-2CE5AE4FC5E6}

[2011.12.17 16:09:52 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{9F199859-65EC-4180-B28A-01435B8B23C1}

[2011.12.17 00:15:26 | 000,000,000 | ---D | C] -- C:\Users\Vivian\wecker

[6 C:\Users\Vivian\*.tmp files -> C:\Users\Vivian\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.14 01:56:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.01.14 00:45:36 | 000,024,096 | ---- | M] () -- C:\Windows\SysNative\Config.MPF

[2012.01.13 23:25:35 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.01.13 23:25:35 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.01.13 23:25:35 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.01.13 23:25:35 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.01.13 23:25:35 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.01.13 19:57:13 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.13 19:57:13 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.13 19:56:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.13 19:45:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.13 19:45:16 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.11 21:01:51 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.10 12:46:53 | 000,368,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.01.07 08:58:57 | 000,016,896 | ---- | M] () -- C:\Users\Vivian\trojaner forum.wps

[2012.01.07 08:58:57 | 000,001,146 | ---- | M] () -- C:\Users\Vivian\AppData\Roaming\wklnhst.dat

[2012.01.06 09:16:43 | 000,000,000 | ---- | M] () -- C:\Users\Vivian\defogger_reenable

[2011.12.24 16:23:11 | 000,049,074 | ---- | M] () -- C:\Users\Vivian\Geschenk.wlmp

[2011.12.23 13:33:58 | 000,016,384 | ---- | M] () -- C:\Users\Vivian\geschenk2.wps

[2011.12.18 13:06:32 | 000,016,384 | ---- | M] () -- C:\Users\Vivian\erinnrung.wps

[6 C:\Users\Vivian\*.tmp files -> C:\Users\Vivian\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.01.11 21:01:51 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.07 08:52:21 | 000,016,896 | ---- | C] () -- C:\Users\Vivian\trojaner forum.wps

[2012.01.06 09:16:43 | 000,000,000 | ---- | C] () -- C:\Users\Vivian\defogger_reenable

[2011.12.23 13:33:58 | 000,016,384 | ---- | C] () -- C:\Users\Vivian\geschenk2.wps

[2011.12.18 13:06:32 | 000,016,384 | ---- | C] () -- C:\Users\Vivian\erinnrung.wps

[2011.02.12 19:56:38 | 000,001,146 | ---- | C] () -- C:\Users\Vivian\AppData\Roaming\wklnhst.dat

[2010.08.13 21:46:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.07.21 23:23:29 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml

[2010.02.23 09:03:32 | 000,002,119 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat

[2010.01.29 23:21:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010.01.29 21:36:40 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2010.01.29 21:36:40 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010.01.29 21:36:40 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010.01.29 21:36:40 | 000,050,036 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2010.01.29 21:36:39 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2010.01.29 21:36:34 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat

[2010.01.29 21:36:34 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

 
 ========== LOP Check ==========

 

[2011.12.14 13:08:50 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\DVDVideoSoft

[2011.04.25 12:17:33 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.08.12 17:14:51 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\gtk-2.0

[2011.02.12 19:56:49 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Template

[2011.08.25 12:46:22 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Windows Live Writer

[2011.06.15 00:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job

[2011.05.01 00:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job

[2011.09.03 23:25:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.07.21 20:46:34 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Adobe

[2011.02.26 15:17:52 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Apple Computer

[2010.07.24 20:17:19 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\ArcSoft

[2010.07.21 20:35:15 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\ATI

[2011.12.14 13:08:50 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\DVDVideoSoft

[2011.04.25 12:17:33 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.07.21 20:55:06 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Google

[2011.08.12 17:14:51 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\gtk-2.0

[2010.07.21 20:34:45 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Identities

[2011.02.17 00:15:40 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\InstallShield

[2010.07.21 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Intel Corporation

[2010.07.21 20:57:12 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Macromedia

[2012.01.11 21:01:56 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Malwarebytes

[2010.01.30 01:45:13 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Media Center Programs

[2012.01.09 22:28:02 | 000,000,000 | --SD | M] -- C:\Users\Vivian\AppData\Roaming\Microsoft

[2010.07.21 22:20:32 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Mozilla

[2011.02.18 10:31:16 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Roxio

[2012.01.09 22:28:05 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Skype

[2011.12.23 21:55:57 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\skypePM

[2010.09.15 20:47:32 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Sony Corporation

[2011.02.12 19:56:49 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Template

[2011.08.25 12:46:22 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Windows Live Writer

 
 < %APPDATA%\*.exe /s >

[2011.06.19 12:40:40 | 003,082,400 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Vivian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\drivers\iaStor.sys

[2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys

[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll

[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys

[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll

[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll

[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Users\Vivian\NeuerOrdner\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

--- --- ---

Erledigt! :)

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKLM\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

FF - prefs.js..browser.startup.homepage: "data:text/plain,browser.startup.homepage=http://de.search.yahoo.com/firefox/?fr=ffbr-sfp"

FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="

FF - prefs.js..browser.search.defaultthis.engineName: "ClipGrab Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2536373&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ClipGrab Customized Web Search"

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2536373&SearchSource=13"

[2010.08.21 12:37:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.05.23 09:48:03 | 000,000,000 | ---D | M] (ClipGrab Community Toolbar) -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}

[2011.05.18 15:31:32 | 000,000,919 | ---- | M] () -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\searchplugins\conduit.xml

[2010.07.21 21:20:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)

O2 - BHO: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (ClipGrab Toolbar) - {E36DF325-3F4B-476F-8F89-123BC5D51A30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - H:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2010.03.11 01:26:10 | 000,000,047 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{03bd265c-16ef-11e1-88e2-5442490fae68}\Shell - "" = AutoRun

O33 - MountPoints2\{03bd265c-16ef-11e1-88e2-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{243dae4b-095d-11e1-8c64-5442490fae68}\Shell - "" = AutoRun

O33 - MountPoints2\{243dae4b-095d-11e1-8c64-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{2a350baa-d2d3-11df-8544-5442490fae68}\Shell - "" = AutoRun

O33 - MountPoints2\{2a350baa-d2d3-11df-8544-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{73a86308-94fd-11df-901e-506313b20245}\Shell - "" = AutoRun

O33 - MountPoints2\{73a86308-94fd-11df-901e-506313b20245}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{73a8630e-94fd-11df-901e-506313b20245}\Shell - "" = AutoRun

O33 - MountPoints2\{73a8630e-94fd-11df-901e-506313b20245}\Shell\AutoRun\command - "" = I:\AutoRun.exe

O33 - MountPoints2\{a1ba04ee-c0d2-11df-b267-5442490fae68}\Shell - "" = AutoRun

O33 - MountPoints2\{a1ba04ee-c0d2-11df-b267-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{a1ba04fb-c0d2-11df-b267-5442490fae68}\Shell - "" = AutoRun

O33 - MountPoints2\{a1ba04fb-c0d2-11df-b267-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{abe4217c-0980-11e1-be6d-5442490fae68}\Shell - "" = AutoRun

O33 - MountPoints2\{abe4217c-0980-11e1-be6d-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

 All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.

C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e36df325-3f4b-476f-8f89-123bc5d51a30} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ deleted successfully.

C:\Program Files (x86)\ClipGrab\prxtbCli0.dll moved successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e36df325-3f4b-476f-8f89-123bc5d51a30} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ not found.

File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.

Prefs.js: "data:text/plain,browser.startup.homepage=hxxp://de.search.yahoo.com/firefox/?fr=ffbr-sfp" removed from browser.startup.homepage

Prefs.js: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl

Prefs.js: "ClipGrab Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2536373&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "ClipGrab Customized Web Search" removed from browser.search.selectedEngine

Prefs.js: "hxxp://search.conduit.com/?ctid=CT2536373&SearchSource=13" removed from browser.startup.homepage

C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.

C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.

C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\searchplugin folder moved successfully.

C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\modules folder moved successfully.

C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\META-INF folder moved successfully.

C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\defaults folder moved successfully.

C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\components folder moved successfully.

C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\chrome folder moved successfully.

C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30} folder moved successfully.

C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\searchplugins\conduit.xml moved successfully.

C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}\META-INF folder moved successfully.

C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}\defaults\preferences folder moved successfully.

C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}\defaults folder moved successfully.

C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}\components folder moved successfully.

C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}\chrome folder moved successfully.

C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1} folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ not found.

File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.

File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.

File C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e36df325-3f4b-476f-8f89-123bc5d51a30} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ not found.

File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E36DF325-3F4B-476F-8F89-123BC5D51A30} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E36DF325-3F4B-476F-8F89-123BC5D51A30}\ not found.

File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File move failed. H:\AutoRun.exe scheduled to be moved on reboot.

File move failed. H:\AUTORUN.INF scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03bd265c-16ef-11e1-88e2-5442490fae68}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03bd265c-16ef-11e1-88e2-5442490fae68}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03bd265c-16ef-11e1-88e2-5442490fae68}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03bd265c-16ef-11e1-88e2-5442490fae68}\ not found.

File move failed. H:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{243dae4b-095d-11e1-8c64-5442490fae68}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{243dae4b-095d-11e1-8c64-5442490fae68}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{243dae4b-095d-11e1-8c64-5442490fae68}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{243dae4b-095d-11e1-8c64-5442490fae68}\ not found.

File move failed. H:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a350baa-d2d3-11df-8544-5442490fae68}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a350baa-d2d3-11df-8544-5442490fae68}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a350baa-d2d3-11df-8544-5442490fae68}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a350baa-d2d3-11df-8544-5442490fae68}\ not found.

File move failed. H:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a86308-94fd-11df-901e-506313b20245}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73a86308-94fd-11df-901e-506313b20245}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a86308-94fd-11df-901e-506313b20245}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73a86308-94fd-11df-901e-506313b20245}\ not found.

File move failed. H:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a8630e-94fd-11df-901e-506313b20245}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73a8630e-94fd-11df-901e-506313b20245}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a8630e-94fd-11df-901e-506313b20245}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73a8630e-94fd-11df-901e-506313b20245}\ not found.

File I:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1ba04ee-c0d2-11df-b267-5442490fae68}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1ba04ee-c0d2-11df-b267-5442490fae68}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1ba04ee-c0d2-11df-b267-5442490fae68}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1ba04ee-c0d2-11df-b267-5442490fae68}\ not found.

File move failed. H:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1ba04fb-c0d2-11df-b267-5442490fae68}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1ba04fb-c0d2-11df-b267-5442490fae68}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1ba04fb-c0d2-11df-b267-5442490fae68}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1ba04fb-c0d2-11df-b267-5442490fae68}\ not found.

File move failed. H:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abe4217c-0980-11e1-be6d-5442490fae68}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abe4217c-0980-11e1-be6d-5442490fae68}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abe4217c-0980-11e1-be6d-5442490fae68}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abe4217c-0980-11e1-be6d-5442490fae68}\ not found.

File move failed. H:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.

File move failed. H:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.

File I:\AutoRun.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Vivian

->Temp folder emptied: 760245590 bytes

->Temporary Internet Files folder emptied: 273491393 bytes

->Java cache emptied: 12846006 bytes

->FireFox cache emptied: 105061335 bytes

->Flash cache emptied: 3202868 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 267803205 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 495434 bytes

RecycleBin emptied: 21666103 bytes

 

Total Files Cleaned = 1.378,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01152012_165810
 

Files\Folders moved on Reboot...

File move failed. H:\AutoRun.exe scheduled to be moved on reboot.

File move failed. H:\AUTORUN.INF scheduled to be moved on reboot.

C:\Users\Vivian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Windows\temp\mcafee_12dJvGXFII2qSHQ not found!

File\Folder C:\Windows\temp\mcmsc_tpBR0IgRl4ub4hu not found!

File\Folder C:\Windows\temp\sqlite_J9psS2gop3EGW3B not found!

File\Folder C:\Windows\temp\sqlite_LKRVqYojEYgVunQ not found!

File\Folder C:\Windows\temp\sqlite_o13oiaYEC16GkZx not found!
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

 21:43:06.0348 7980        TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05

21:43:08.0349 7980        ============================================================

21:43:08.0349 7980        Current date / time: 2012/01/15 21:43:08.0349

21:43:08.0349 7980        SystemInfo:

21:43:08.0349 7980        

21:43:08.0349 7980        OS Version: 6.1.7600 ServicePack: 0.0

21:43:08.0349 7980        Product type: Workstation

21:43:08.0350 7980        ComputerName: VIVIAN-VAIO

21:43:08.0350 7980        UserName: Vivian

21:43:08.0350 7980        Windows directory: C:\Windows

21:43:08.0350 7980        System windows directory: C:\Windows

21:43:08.0350 7980        Running under WOW64

21:43:08.0350 7980        Processor architecture: Intel x64

21:43:08.0350 7980        Number of processors: 4

21:43:08.0350 7980        Page size: 0x1000

21:43:08.0350 7980        Boot type: Normal boot

21:43:08.0350 7980        ============================================================

21:43:08.0875 7980        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040

21:43:08.0933 7980        Initialize success

21:46:14.0172 7808        ============================================================

21:46:14.0172 7808        Scan started

21:46:14.0172 7808        Mode: Manual; SigCheck; TDLFS; 

21:46:14.0172 7808        ============================================================

21:46:14.0832 7808        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys

21:46:14.0969 7808        1394ohci - ok

21:46:15.0077 7808        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys

21:46:15.0111 7808        ACPI - ok

21:46:15.0179 7808        AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys

21:46:15.0237 7808        AcpiPmi - ok

21:46:15.0327 7808        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

21:46:15.0371 7808        adp94xx - ok

21:46:15.0434 7808        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

21:46:15.0462 7808        adpahci - ok

21:46:15.0546 7808        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

21:46:15.0581 7808        adpu320 - ok

21:46:15.0670 7808        AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

21:46:15.0728 7808        AFD - ok

21:46:15.0800 7808        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

21:46:15.0816 7808        agp440 - ok

21:46:15.0910 7808        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

21:46:15.0939 7808        aliide - ok

21:46:16.0027 7808        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

21:46:16.0052 7808        amdide - ok

21:46:16.0132 7808        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

21:46:16.0204 7808        AmdK8 - ok

21:46:16.0283 7808        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

21:46:16.0339 7808        AmdPPM - ok

21:46:16.0457 7808        amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

21:46:16.0487 7808        amdsata - ok

21:46:16.0544 7808        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

21:46:16.0564 7808        amdsbs - ok

21:46:16.0603 7808        amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

21:46:16.0617 7808        amdxata - ok

21:46:16.0740 7808        AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

21:46:16.0791 7808        AppID - ok

21:46:16.0919 7808        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

21:46:16.0946 7808        arc - ok

21:46:17.0044 7808        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

21:46:17.0069 7808        arcsas - ok

21:46:17.0142 7808        ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

21:46:17.0179 7808        ArcSoftKsUFilter - ok

21:46:17.0325 7808        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

21:46:17.0422 7808        AsyncMac - ok

21:46:17.0516 7808        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

21:46:17.0534 7808        atapi - ok

21:46:17.0653 7808        athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys

21:46:17.0747 7808        athr - ok

21:46:17.0985 7808        atikmdag        (f3a362b683b6158cc47d7e8e58b7ddc9) C:\Windows\system32\DRIVERS\atikmdag.sys

21:46:18.0210 7808        atikmdag - ok

21:46:18.0356 7808        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

21:46:18.0421 7808        b06bdrv - ok

21:46:18.0530 7808        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

21:46:18.0581 7808        b57nd60a - ok

21:46:18.0706 7808        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

21:46:18.0777 7808        Beep - ok

21:46:18.0863 7808        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

21:46:18.0921 7808        blbdrive - ok

21:46:19.0045 7808        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

21:46:19.0088 7808        bowser - ok

21:46:19.0172 7808        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

21:46:19.0224 7808        BrFiltLo - ok

21:46:19.0285 7808        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

21:46:19.0321 7808        BrFiltUp - ok

21:46:19.0381 7808        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

21:46:19.0434 7808        Brserid - ok

21:46:19.0498 7808        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

21:46:19.0564 7808        BrSerWdm - ok

21:46:19.0634 7808        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

21:46:19.0685 7808        BrUsbMdm - ok

21:46:19.0775 7808        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

21:46:19.0793 7808        BrUsbSer - ok

21:46:19.0867 7808        BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

21:46:19.0927 7808        BthEnum - ok

21:46:20.0005 7808        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

21:46:20.0066 7808        BTHMODEM - ok

21:46:20.0143 7808        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

21:46:20.0196 7808        BthPan - ok

21:46:20.0347 7808        BTHPORT         (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys

21:46:20.0413 7808        BTHPORT - ok

21:46:20.0529 7808        BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys

21:46:20.0578 7808        BTHUSB - ok

21:46:20.0653 7808        btusbflt        (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys

21:46:20.0665 7808        btusbflt - ok

21:46:20.0741 7808        btwaudio        (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys

21:46:20.0753 7808        btwaudio - ok

21:46:20.0862 7808        btwavdt         (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys

21:46:20.0874 7808        btwavdt - ok

21:46:20.0991 7808        btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

21:46:21.0008 7808        btwl2cap - ok

21:46:21.0083 7808        btwrchid        (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys

21:46:21.0105 7808        btwrchid - ok

21:46:21.0172 7808        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

21:46:21.0262 7808        cdfs - ok

21:46:21.0347 7808        cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

21:46:21.0403 7808        cdrom - ok

21:46:21.0512 7808        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

21:46:21.0578 7808        circlass - ok

21:46:21.0641 7808        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

21:46:21.0664 7808        CLFS - ok

21:46:21.0778 7808        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

21:46:21.0810 7808        CmBatt - ok

21:46:21.0837 7808        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

21:46:21.0851 7808        cmdide - ok

21:46:21.0899 7808        CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

21:46:21.0957 7808        CNG - ok

21:46:22.0102 7808        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

21:46:22.0125 7808        Compbatt - ok

21:46:22.0192 7808        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys

21:46:22.0253 7808        CompositeBus - ok

21:46:22.0386 7808        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

21:46:22.0413 7808        crcdisk - ok

21:46:22.0503 7808        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

21:46:22.0549 7808        DfsC - ok

21:46:22.0622 7808        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

21:46:22.0708 7808        discache - ok

21:46:22.0813 7808        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

21:46:22.0828 7808        Disk - ok

21:46:22.0904 7808        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

21:46:22.0962 7808        drmkaud - ok

21:46:23.0044 7808        DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

21:46:23.0080 7808        DXGKrnl - ok

21:46:23.0216 7808        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

21:46:23.0356 7808        ebdrv - ok

21:46:23.0469 7808        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

21:46:23.0508 7808        elxstor - ok

21:46:23.0563 7808        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

21:46:23.0607 7808        ErrDev - ok

21:46:23.0719 7808        ewusbnet        (8adacffad67394c711698ea074ce3bab) C:\Windows\system32\DRIVERS\ewusbnet.sys

21:46:23.0771 7808        ewusbnet - ok

21:46:23.0832 7808        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

21:46:23.0902 7808        exfat - ok

21:46:23.0957 7808        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

21:46:24.0050 7808        fastfat - ok

21:46:24.0121 7808        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

21:46:24.0173 7808        fdc - ok

21:46:24.0236 7808        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

21:46:24.0259 7808        FileInfo - ok

21:46:24.0333 7808        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

21:46:24.0419 7808        Filetrace - ok

21:46:24.0470 7808        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

21:46:24.0546 7808        flpydisk - ok

21:46:24.0655 7808        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

21:46:24.0677 7808        FltMgr - ok

21:46:24.0725 7808        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

21:46:24.0740 7808        FsDepends - ok

21:46:24.0880 7808        fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

21:46:24.0893 7808        fssfltr - ok

21:46:24.0956 7808        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

21:46:24.0983 7808        Fs_Rec - ok

21:46:25.0064 7808        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

21:46:25.0094 7808        fvevol - ok

21:46:25.0150 7808        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

21:46:25.0168 7808        gagp30kx - ok

21:46:25.0285 7808        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:46:25.0306 7808        GEARAspiWDM - ok

21:46:25.0450 7808        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

21:46:25.0496 7808        hcw85cir - ok

21:46:25.0570 7808        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

21:46:25.0637 7808        HdAudAddService - ok

21:46:25.0701 7808        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys

21:46:25.0748 7808        HDAudBus - ok

21:46:25.0837 7808        HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

21:46:25.0848 7808        HECIx64 - ok

21:46:25.0905 7808        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

21:46:25.0940 7808        HidBatt - ok

21:46:26.0037 7808        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

21:46:26.0109 7808        HidBth - ok

21:46:26.0200 7808        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

21:46:26.0260 7808        HidIr - ok

21:46:26.0379 7808        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys

21:46:26.0426 7808        HidUsb - ok

21:46:26.0496 7808        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys

21:46:26.0522 7808        HpSAMD - ok

21:46:26.0604 7808        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

21:46:26.0703 7808        HTTP - ok

21:46:26.0817 7808        hwdatacard      (d969d0e26c5b1e813b17066a8318d5d4) C:\Windows\system32\DRIVERS\ewusbmdm.sys

21:46:26.0834 7808        hwdatacard - ok

21:46:26.0895 7808        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

21:46:26.0908 7808        hwpolicy - ok

21:46:27.0056 7808        hwusbdev        (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys

21:46:27.0138 7808        hwusbdev - ok

21:46:27.0249 7808        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

21:46:27.0281 7808        i8042prt - ok

21:46:27.0354 7808        iaStor          (073a606333b6f7bbf20aa856df7f0997) C:\Windows\system32\drivers\iaStor.sys

21:46:27.0387 7808        iaStor - ok

21:46:27.0480 7808        iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

21:46:27.0521 7808        iaStorV - ok

21:46:27.0745 7808        igfx            (31d1aff484d8a0906cf8d44251ec390f) C:\Windows\system32\DRIVERS\igdkmd64.sys

21:46:27.0993 7808        igfx ( UnsignedFile.Multi.Generic ) - warning

21:46:27.0993 7808        igfx - detected UnsignedFile.Multi.Generic (1)

21:46:28.0055 7808        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

21:46:28.0073 7808        iirsp - ok

21:46:28.0187 7808        Impcd           (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys

21:46:28.0215 7808        Impcd - ok

21:46:28.0331 7808        IntcAzAudAddService (0f144e5f46cb9043004b5e84aa4bca6a) C:\Windows\system32\drivers\RTKVHD64.sys

21:46:28.0382 7808        IntcAzAudAddService - ok

21:46:28.0443 7808        IntcDAud        (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys

21:46:28.0453 7808        IntcDAud ( UnsignedFile.Multi.Generic ) - warning

21:46:28.0453 7808        IntcDAud - detected UnsignedFile.Multi.Generic (1)

21:46:28.0529 7808        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

21:46:28.0543 7808        intelide - ok

21:46:28.0610 7808        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

21:46:28.0646 7808        intelppm - ok

21:46:28.0758 7808        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:46:28.0849 7808        IpFilterDriver - ok

21:46:28.0921 7808        IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys

21:46:28.0973 7808        IPMIDRV - ok

21:46:29.0040 7808        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

21:46:29.0128 7808        IPNAT - ok

21:46:29.0253 7808        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

21:46:29.0290 7808        IRENUM - ok

21:46:29.0366 7808        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

21:46:29.0380 7808        isapnp - ok

21:46:29.0443 7808        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys

21:46:29.0463 7808        iScsiPrt - ok

21:46:29.0514 7808        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

21:46:29.0528 7808        kbdclass - ok

21:46:29.0584 7808        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys

21:46:29.0626 7808        kbdhid - ok

21:46:29.0713 7808        KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

21:46:29.0742 7808        KSecDD - ok

21:46:29.0796 7808        KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

21:46:29.0816 7808        KSecPkg - ok

21:46:29.0935 7808        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

21:46:30.0024 7808        ksthunk - ok

21:46:30.0142 7808        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

21:46:30.0233 7808        lltdio - ok

21:46:30.0354 7808        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

21:46:30.0376 7808        LSI_FC - ok

21:46:30.0433 7808        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

21:46:30.0452 7808        LSI_SAS - ok

21:46:30.0519 7808        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

21:46:30.0546 7808        LSI_SAS2 - ok

21:46:30.0601 7808        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

21:46:30.0628 7808        LSI_SCSI - ok

21:46:30.0705 7808        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

21:46:30.0781 7808        luafv - ok

21:46:30.0947 7808        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

21:46:30.0973 7808        megasas - ok

21:46:31.0032 7808        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

21:46:31.0066 7808        MegaSR - ok

21:46:31.0115 7808        mfeavfk         (4a1c21576fb7f96f4dbdea627ffda775) C:\Windows\system32\drivers\mfeavfk.sys

21:46:31.0132 7808        mfeavfk - ok

21:46:31.0186 7808        mfehidk         (9e0ac52b3232ff8dc65fee1a9c2fe8d1) C:\Windows\system32\drivers\mfehidk.sys

21:46:31.0215 7808        mfehidk - ok

21:46:31.0312 7808        mferkdk         (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys

21:46:31.0336 7808        mferkdk - ok

21:46:31.0371 7808        mfesmfk         (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys

21:46:31.0389 7808        mfesmfk - ok

21:46:31.0453 7808        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

21:46:31.0526 7808        Modem - ok

21:46:31.0639 7808        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

21:46:31.0678 7808        monitor - ok

21:46:31.0750 7808        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

21:46:31.0775 7808        mouclass - ok

21:46:31.0837 7808        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys

21:46:31.0881 7808        mouhid - ok

21:46:31.0959 7808        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

21:46:31.0985 7808        mountmgr - ok

21:46:32.0049 7808        MPFP            (dfed96e61756c67533bae6b7d5f8cca3) C:\Windows\system32\Drivers\Mpfp.sys

21:46:32.0073 7808        MPFP - ok

21:46:32.0169 7808        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys

21:46:32.0198 7808        mpio - ok

21:46:32.0249 7808        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

21:46:32.0326 7808        mpsdrv - ok

21:46:32.0380 7808        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

21:46:32.0436 7808        MRxDAV - ok

21:46:32.0517 7808        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:46:32.0537 7808        mrxsmb - ok

21:46:32.0597 7808        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:46:32.0633 7808        mrxsmb10 - ok

21:46:32.0719 7808        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:46:32.0767 7808        mrxsmb20 - ok

21:46:32.0885 7808        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys

21:46:32.0909 7808        msahci - ok

21:46:32.0961 7808        msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys

21:46:32.0989 7808        msdsm - ok

21:46:33.0069 7808        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

21:46:33.0132 7808        Msfs - ok

21:46:33.0213 7808        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

21:46:33.0272 7808        mshidkmdf - ok

21:46:33.0318 7808        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

21:46:33.0343 7808        msisadrv - ok

21:46:33.0488 7808        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

21:46:33.0555 7808        MSKSSRV - ok

21:46:33.0615 7808        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

21:46:33.0686 7808        MSPCLOCK - ok

21:46:33.0729 7808        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

21:46:33.0793 7808        MSPQM - ok

21:46:33.0856 7808        MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

21:46:33.0886 7808        MsRPC - ok

21:46:33.0940 7808        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

21:46:33.0969 7808        mssmbios - ok

21:46:34.0007 7808        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

21:46:34.0078 7808        MSTEE - ok

21:46:34.0157 7808        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

21:46:34.0211 7808        MTConfig - ok

21:46:34.0344 7808        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

21:46:34.0373 7808        Mup - ok

21:46:34.0489 7808        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

21:46:34.0540 7808        NativeWifiP - ok

21:46:34.0647 7808        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

21:46:34.0693 7808        NDIS - ok

21:46:34.0734 7808        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

21:46:34.0802 7808        NdisCap - ok

21:46:34.0938 7808        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

21:46:35.0005 7808        NdisTapi - ok

21:46:35.0051 7808        Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

21:46:35.0131 7808        Ndisuio - ok

21:46:35.0239 7808        NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

21:46:35.0336 7808        NdisWan - ok

21:46:35.0464 7808        NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

21:46:35.0541 7808        NDProxy - ok

21:46:35.0626 7808        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

21:46:35.0697 7808        NetBIOS - ok

21:46:35.0746 7808        NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

21:46:35.0796 7808        NetBT - ok

21:46:35.0876 7808        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

21:46:35.0904 7808        nfrd960 - ok

21:46:35.0965 7808        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

21:46:36.0043 7808        Npfs - ok

21:46:36.0099 7808        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

21:46:36.0185 7808        nsiproxy - ok

21:46:36.0292 7808        Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

21:46:36.0365 7808        Ntfs - ok

21:46:36.0445 7808        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

21:46:36.0520 7808        Null - ok

21:46:36.0599 7808        nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

21:46:36.0618 7808        nvraid - ok

21:46:36.0665 7808        nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

21:46:36.0683 7808        nvstor - ok

21:46:36.0748 7808        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

21:46:36.0767 7808        nv_agp - ok

21:46:36.0819 7808        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

21:46:36.0858 7808        ohci1394 - ok

21:46:36.0954 7808        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

21:46:36.0976 7808        Parport - ok

21:46:37.0031 7808        partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

21:46:37.0060 7808        partmgr - ok

21:46:37.0115 7808        pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys

21:46:37.0134 7808        pci - ok

21:46:37.0174 7808        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

21:46:37.0204 7808        pciide - ok

21:46:37.0254 7808        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

21:46:37.0291 7808        pcmcia - ok

21:46:37.0346 7808        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

21:46:37.0363 7808        pcw - ok

21:46:37.0431 7808        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

21:46:37.0518 7808        PEAUTH - ok

21:46:37.0660 7808        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

21:46:37.0727 7808        PptpMiniport - ok

21:46:37.0810 7808        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

21:46:37.0854 7808        Processor - ok

21:46:37.0968 7808        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

21:46:38.0059 7808        Psched - ok

21:46:38.0173 7808        PxHlpa64        (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys

21:46:38.0195 7808        PxHlpa64 - ok

21:46:38.0287 7808        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

21:46:38.0368 7808        ql2300 - ok

21:46:38.0431 7808        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

21:46:38.0461 7808        ql40xx - ok

21:46:38.0513 7808        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

21:46:38.0554 7808        QWAVEdrv - ok

21:46:38.0663 7808        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

21:46:38.0709 7808        RasAcd - ok

21:46:38.0778 7808        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

21:46:38.0827 7808        RasAgileVpn - ok

21:46:38.0879 7808        Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:46:38.0959 7808        Rasl2tp - ok

21:46:39.0027 7808        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

21:46:39.0124 7808        RasPppoe - ok

21:46:39.0196 7808        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

21:46:39.0292 7808        RasSstp - ok

21:46:39.0363 7808        rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

21:46:39.0445 7808        rdbss - ok

21:46:39.0514 7808        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

21:46:39.0550 7808        rdpbus - ok

21:46:39.0604 7808        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:46:39.0669 7808        RDPCDD - ok

21:46:39.0782 7808        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

21:46:39.0850 7808        RDPENCDD - ok

21:46:39.0900 7808        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

21:46:39.0956 7808        RDPREFMP - ok

21:46:39.0994 7808        RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

21:46:40.0072 7808        RDPWD - ok

21:46:40.0203 7808        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

21:46:40.0233 7808        rdyboost - ok

21:46:40.0299 7808        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

21:46:40.0358 7808        RFCOMM - ok

21:46:40.0483 7808        rimspci         (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\DRIVERS\rimssne64.sys

21:46:40.0521 7808        rimspci - ok

21:46:40.0573 7808        risdsnpe        (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\DRIVERS\risdsne64.sys

21:46:40.0624 7808        risdsnpe - ok

21:46:40.0752 7808        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

21:46:40.0824 7808        rspndr - ok

21:46:40.0919 7808        RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\Windows\system32\drivers\RtHDMIVX.sys

21:46:40.0945 7808        RTHDMIAzAudService - ok

21:46:41.0058 7808        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys

21:46:41.0085 7808        sbp2port - ok

21:46:41.0183 7808        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

21:46:41.0257 7808        scfilter - ok

21:46:41.0312 7808        sdbus           (4e54822ed2350eb1f31f95f0fd674ef3) C:\Windows\system32\DRIVERS\sdbus.sys

21:46:41.0351 7808        sdbus - ok

21:46:41.0479 7808        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

21:46:41.0569 7808        secdrv - ok

21:46:41.0636 7808        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

21:46:41.0656 7808        Serenum - ok

21:46:41.0711 7808        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

21:46:41.0754 7808        Serial - ok

21:46:41.0914 7808        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

21:46:41.0964 7808        sermouse - ok

21:46:42.0032 7808        SFEP            (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys

21:46:42.0055 7808        SFEP - ok

21:46:42.0128 7808        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

21:46:42.0182 7808        sffdisk - ok

21:46:42.0259 7808        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

21:46:42.0311 7808        sffp_mmc - ok

21:46:42.0369 7808        sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\drivers\sffp_sd.sys

21:46:42.0429 7808        sffp_sd - ok

21:46:42.0490 7808        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

21:46:42.0542 7808        sfloppy - ok

21:46:42.0671 7808        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

21:46:42.0685 7808        SiSRaid2 - ok

21:46:42.0733 7808        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

21:46:42.0748 7808        SiSRaid4 - ok

21:46:42.0832 7808        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

21:46:42.0900 7808        Smb - ok

21:46:43.0017 7808        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

21:46:43.0042 7808        spldr - ok

21:46:43.0145 7808        srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

21:46:43.0190 7808        srv - ok

21:46:43.0243 7808        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

21:46:43.0293 7808        srv2 - ok

21:46:43.0348 7808        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

21:46:43.0392 7808        srvnet - ok

21:46:43.0546 7808        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

21:46:43.0572 7808        stexstor - ok

21:46:43.0639 7808        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

21:46:43.0652 7808        swenum - ok

21:46:43.0724 7808        SynTP           (2f827bb08cc7f1a17df2ead7b424d731) C:\Windows\system32\drivers\SynTP.sys

21:46:43.0740 7808        SynTP - ok

21:46:43.0874 7808        Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

21:46:43.0921 7808        Tcpip - ok

21:46:44.0015 7808        TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

21:46:44.0065 7808        TCPIP6 - ok

21:46:44.0113 7808        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

21:46:44.0184 7808        tcpipreg - ok

21:46:44.0249 7808        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

21:46:44.0331 7808        TDPIPE - ok

21:46:44.0376 7808        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

21:46:44.0464 7808        TDTCP - ok

21:46:44.0588 7808        tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

21:46:44.0663 7808        tdx - ok

21:46:44.0739 7808        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys

21:46:44.0753 7808        TermDD - ok

21:46:44.0827 7808        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:46:44.0894 7808        tssecsrv - ok

21:46:44.0954 7808        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

21:46:45.0037 7808        tunnel - ok

21:46:45.0109 7808        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

21:46:45.0127 7808        uagp35 - ok

21:46:45.0192 7808        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

21:46:45.0295 7808        udfs - ok

21:46:45.0405 7808        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

21:46:45.0433 7808        uliagpkx - ok

21:46:45.0527 7808        umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

21:46:45.0578 7808        umbus - ok

21:46:45.0656 7808        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

21:46:45.0697 7808        UmPass - ok

21:46:45.0773 7808        usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

21:46:45.0811 7808        usbccgp - ok

21:46:45.0890 7808        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

21:46:45.0930 7808        usbcir - ok

21:46:46.0051 7808        usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys

21:46:46.0102 7808        usbehci - ok

21:46:46.0199 7808        usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

21:46:46.0253 7808        usbhub - ok

21:46:46.0322 7808        usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys

21:46:46.0374 7808        usbohci - ok

21:46:46.0480 7808        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

21:46:46.0531 7808        usbprint - ok

21:46:46.0597 7808        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

21:46:46.0632 7808        usbscan - ok

21:46:46.0706 7808        USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:46:46.0752 7808        USBSTOR - ok

21:46:46.0843 7808        usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys

21:46:46.0879 7808        usbuhci - ok

21:46:46.0982 7808        usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

21:46:47.0033 7808        usbvideo - ok

21:46:47.0191 7808        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

21:46:47.0218 7808        vdrvroot - ok

21:46:47.0287 7808        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

21:46:47.0320 7808        vga - ok

21:46:47.0365 7808        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

21:46:47.0443 7808        VgaSave - ok

21:46:47.0553 7808        vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys

21:46:47.0586 7808        vhdmp - ok

21:46:47.0667 7808        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

21:46:47.0682 7808        viaide - ok

21:46:47.0734 7808        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys

21:46:47.0753 7808        volmgr - ok

21:46:47.0825 7808        volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

21:46:47.0862 7808        volmgrx - ok

21:46:47.0921 7808        volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys

21:46:47.0956 7808        volsnap - ok

21:46:48.0000 7808        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

21:46:48.0021 7808        vsmraid - ok

21:46:48.0124 7808        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

21:46:48.0163 7808        vwifibus - ok

21:46:48.0210 7808        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

21:46:48.0255 7808        vwififlt - ok

21:46:48.0332 7808        vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

21:46:48.0370 7808        vwifimp - ok

21:46:48.0416 7808        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

21:46:48.0460 7808        WacomPen - ok

21:46:48.0578 7808        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

21:46:48.0651 7808        WANARP - ok

21:46:48.0657 7808        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

21:46:48.0704 7808        Wanarpv6 - ok

21:46:48.0790 7808        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

21:46:48.0819 7808        Wd - ok

21:46:48.0883 7808        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

21:46:48.0941 7808        Wdf01000 - ok

21:46:49.0054 7808        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

21:46:49.0114 7808        WfpLwf - ok

21:46:49.0168 7808        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

21:46:49.0195 7808        WIMMount - ok

21:46:49.0330 7808        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

21:46:49.0383 7808        WmiAcpi - ok

21:46:49.0480 7808        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

21:46:49.0557 7808        ws2ifsl - ok

21:46:49.0625 7808        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

21:46:49.0692 7808        WudfPf - ok

21:46:49.0814 7808        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:46:49.0884 7808        WUDFRd - ok

21:46:49.0955 7808        yukonw7         (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys

21:46:49.0994 7808        yukonw7 - ok

21:46:50.0046 7808        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

21:46:50.0268 7808        \Device\Harddisk0\DR0 - ok

21:46:50.0273 7808        Boot (0x1200)   (66442b79e7865476874185444d62c789) \Device\Harddisk0\DR0\Partition0

21:46:50.0275 7808        \Device\Harddisk0\DR0\Partition0 - ok

21:46:50.0307 7808        Boot (0x1200)   (2b9cb9c7b5b6176d292f416a3b2e40ee) \Device\Harddisk0\DR0\Partition1

21:46:50.0309 7808        \Device\Harddisk0\DR0\Partition1 - ok

21:46:50.0310 7808        ============================================================

21:46:50.0310 7808        Scan finished

21:46:50.0310 7808        ============================================================

21:46:50.0330 3556        Detected object count: 2

21:46:50.0330 3556        Actual detected object count: 2

so richtig?

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 12-01-16.02 - Vivian 16.01.2012  20:14:19.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3950.2454 [GMT 1:00]

ausgeführt von:: c:\users\Vivian\Downloads\ComboFix.exe

AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Vivian\black.exe

c:\users\Vivian\bucket.tmp

c:\users\Vivian\game.exe

c:\users\Vivian\groum.tmp

c:\users\Vivian\MENU.EXE

c:\users\Vivian\MENUDLL.DLL

c:\users\Vivian\runtutorial.tmp

c:\users\Vivian\score.tmp

c:\users\Vivian\TCVal.tmp

c:\users\Vivian\vetstate.tmp

c:\windows\IsUn0407.exe

c:\windows\system32\java.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-16 bis 2012-01-16  ))))))))))))))))))))))))))))))

.

.

2012-01-16 19:26 . 2012-01-16 19:26        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-01-15 15:58 . 2012-01-15 15:58        --------        d-----w-        C:\_OTL

2012-01-11 23:51 . 2011-10-26 05:22        1572864        ----a-w-        c:\windows\system32\quartz.dll

2012-01-11 23:51 . 2011-10-26 04:28        1328640        ----a-w-        c:\windows\SysWow64\quartz.dll

2012-01-11 23:51 . 2011-10-26 05:22        366592        ----a-w-        c:\windows\system32\qdvd.dll

2012-01-11 23:51 . 2011-10-26 04:28        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll

2012-01-11 23:51 . 2011-11-17 07:14        1739160        ----a-w-        c:\windows\system32\ntdll.dll

2012-01-11 23:51 . 2011-11-17 05:41        1292592        ----a-w-        c:\windows\SysWow64\ntdll.dll

2012-01-11 23:51 . 2011-11-19 15:07        77312        ----a-w-        c:\windows\system32\packager.dll

2012-01-11 23:51 . 2011-11-19 14:06        67072        ----a-w-        c:\windows\SysWow64\packager.dll

2012-01-11 21:45 . 2012-01-11 21:45        --------        d-----w-        c:\program files (x86)\ESET

2012-01-11 20:01 . 2012-01-11 20:01        --------        d-----w-        c:\users\Vivian\AppData\Roaming\Malwarebytes

2012-01-11 20:01 . 2012-01-11 20:01        --------        d-----w-        c:\programdata\Malwarebytes

2012-01-11 20:01 . 2012-01-11 20:01        --------        d-----w-        c:\users\Vivian\NeuerOrdner

2012-01-11 20:01 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-01-09 23:33 . 2011-11-05 05:17        2048        ----a-w-        c:\windows\system32\tzres.dll

2012-01-09 23:33 . 2011-11-05 04:30        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2012-01-09 23:33 . 2011-10-26 05:19        43520        ----a-w-        c:\windows\system32\csrsrv.dll

2012-01-09 22:02 . 2011-10-15 06:25        723456        ----a-w-        c:\windows\system32\EncDec.dll

2012-01-09 22:02 . 2011-10-15 05:48        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll

2011-12-24 15:18 . 2011-12-24 15:18        --------        d-----w-        c:\users\Default\AppData\Local\Sony Corporation

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-24 05:00 . 2011-12-14 21:27        3141632        ----a-w-        c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2009-10-15 72192]

"ICQ"="c:\users\Vivian\Icq7\ICQ7.2\ICQ.exe" [2011-01-05 133432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-13 98304]

"McENUI"="c:\progra~2\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]

"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2010-02-23 26624]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-02-23 149280]

"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]

"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2009-10-15 99624]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\users\Vivian\iTunes\iTunesHelper.exe" [2011-01-25 421160]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-12-01 21:03        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 133104]

R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]

R2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]

R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]

R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 133104]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 102608]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]

S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]

S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]

S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]

S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-11-25 821760]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 08:03]

.

2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 08:03]

.

2011-06-14 c:\windows\Tasks\McDefragTask.job

- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-07-21 10:22]

.

2011-04-30 c:\windows\Tasks\McQcTask.job

- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-07-21 10:22]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-23 171520]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Free YouTube to MP3 Converter - c:\users\Vivian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: Interfaces\{37DEE150-B1AD-46B7-BA1E-68FDC81E4E86}: NameServer = 193.189.244.225 193.189.244.206

FF - ProfilePath - c:\users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\users\Vivian\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\users\Vivian\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files (x86)\McAfee\SiteAdvisor

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Abenteuer auf dem Reiterhof - c:\windows\IsUn0407.exe

AddRemove-Fünf Freunde 3 - c:\windows\IsUn0407.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-4179217827-3366708110-3380199809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-4179217827-3366708110-3380199809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-01-16  20:49:40

ComboFix-quarantined-files.txt  2012-01-16 19:49

.

Vor Suchlauf: 13 Verzeichnis(se), 408.821.174.272 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 408.322.048.000 Bytes frei

.

- - End Of File - - C23C903CAE88082F4269220E76AAFC94

[/CODE]
--- --- ---

Zitat:

FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

Sach nicht das Teil war aktiv als CF werkelte!

Combofix Logfile:

Code:

ComboFix 12-01-16.02 - Vivian 17.01.2012  14:10:52.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3950.2646 [GMT 1:00]

ausgeführt von:: c:\users\Vivian\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-17 bis 2012-01-17  ))))))))))))))))))))))))))))))

.

.

2012-01-17 13:16 . 2012-01-17 13:16        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-01-17 13:16 . 2012-01-17 13:16        --------        d-----w-        c:\users\Administrator\AppData\Local\temp

2012-01-17 13:02 . 2012-01-17 13:02        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F949B8F8-90FD-460B-88B3-4793FF04A339}\offreg.dll

2012-01-17 13:01 . 2011-11-30 01:21        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F949B8F8-90FD-460B-88B3-4793FF04A339}\mpengine.dll

2012-01-17 13:01 . 2011-11-15 13:29        270720        ------w-        c:\windows\system32\MpSigStub.exe

2012-01-15 15:58 . 2012-01-15 15:58        --------        d-----w-        C:\_OTL

2012-01-11 23:51 . 2011-10-26 05:22        1572864        ----a-w-        c:\windows\system32\quartz.dll

2012-01-11 23:51 . 2011-10-26 04:28        1328640        ----a-w-        c:\windows\SysWow64\quartz.dll

2012-01-11 23:51 . 2011-10-26 05:22        366592        ----a-w-        c:\windows\system32\qdvd.dll

2012-01-11 23:51 . 2011-10-26 04:28        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll

2012-01-11 23:51 . 2011-11-17 07:14        1739160        ----a-w-        c:\windows\system32\ntdll.dll

2012-01-11 23:51 . 2011-11-17 05:41        1292592        ----a-w-        c:\windows\SysWow64\ntdll.dll

2012-01-11 23:51 . 2011-11-19 15:07        77312        ----a-w-        c:\windows\system32\packager.dll

2012-01-11 23:51 . 2011-11-19 14:06        67072        ----a-w-        c:\windows\SysWow64\packager.dll

2012-01-11 21:45 . 2012-01-11 21:45        --------        d-----w-        c:\program files (x86)\ESET

2012-01-11 20:01 . 2012-01-11 20:01        --------        d-----w-        c:\users\Vivian\AppData\Roaming\Malwarebytes

2012-01-11 20:01 . 2012-01-11 20:01        --------        d-----w-        c:\programdata\Malwarebytes

2012-01-11 20:01 . 2012-01-11 20:01        --------        d-----w-        c:\users\Vivian\NeuerOrdner

2012-01-11 20:01 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-01-09 23:33 . 2011-11-05 05:17        2048        ----a-w-        c:\windows\system32\tzres.dll

2012-01-09 23:33 . 2011-11-05 04:30        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2012-01-09 23:33 . 2011-10-26 05:19        43520        ----a-w-        c:\windows\system32\csrsrv.dll

2012-01-09 22:02 . 2011-10-15 06:25        723456        ----a-w-        c:\windows\system32\EncDec.dll

2012-01-09 22:02 . 2011-10-15 05:48        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll

2011-12-24 15:18 . 2011-12-24 15:18        --------        d-----w-        c:\users\Default\AppData\Local\Sony Corporation

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-24 05:00 . 2011-12-14 21:27        3141632        ----a-w-        c:\windows\system32\win32k.sys

.

.

(((((((((((((((((((((((((((((   SnapShot@2012-01-16_19.27.20   )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-01-17 13:02        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-01-16 17:26        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-01-16 17:26        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-17 13:02        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-16 17:26        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-17 13:02        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-01-29 21:35 . 2012-01-17 13:09        67928              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-17 13:09        35670              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2010-07-21 20:11 . 2012-01-16 13:04        21270              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4179217827-3366708110-3380199809-1000_UserData.bin

+ 2010-07-21 20:11 . 2012-01-17 13:09        21270              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4179217827-3366708110-3380199809-1000_UserData.bin

- 2010-02-23 07:57 . 2012-01-16 12:57        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-02-23 07:57 . 2012-01-17 13:08        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-01-16 12:57        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-17 13:08        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-13 14:11 . 2012-01-17 13:09        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-13 14:11 . 2012-01-16 13:04        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-13 14:11 . 2012-01-17 13:09        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-02-13 14:11 . 2012-01-16 13:04        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-13 14:11 . 2012-01-17 13:09        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-02-13 14:11 . 2012-01-16 13:04        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-07-22 14:44 . 2012-01-16 19:10        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-07-22 14:44 . 2012-01-17 13:09        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-07-22 14:44 . 2012-01-17 13:09        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-07-22 14:44 . 2012-01-16 19:10        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-01-16 12:57 . 2012-01-16 12:57        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-17 13:02 . 2012-01-17 13:02        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-01-16 12:57 . 2012-01-16 12:57        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-01-17 13:02 . 2012-01-17 13:02        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2010-02-23 07:57 . 2012-01-16 12:57        147456              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-02-23 07:57 . 2012-01-17 13:08        147456              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 05:01 . 2012-01-17 13:01        334688              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-01-15 22:42        334688              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-07-21 20:07 . 2012-01-15 22:08        1249865              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4179217827-3366708110-3380199809-1000-8192.dat

+ 2010-07-21 20:07 . 2012-01-17 13:01        1249865              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4179217827-3366708110-3380199809-1000-8192.dat

- 2009-07-14 02:34 . 2012-01-16 13:20        10223616              c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2012-01-17 11:27        10223616              c:\windows\system32\SMI\Store\Machine\schema.dat

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2009-10-15 72192]

"ICQ"="c:\users\Vivian\Icq7\ICQ7.2\ICQ.exe" [2011-01-05 133432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-13 98304]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]

"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2010-02-23 26624]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-02-23 149280]

"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2009-10-15 99624]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\users\Vivian\iTunes\iTunesHelper.exe" [2011-01-25 421160]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-12-01 21:03        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 133104]

R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]

R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 133104]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]

S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]

S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]

S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]

S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-11-25 821760]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 08:03]

.

2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 08:03]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-23 171520]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Free YouTube to MP3 Converter - c:\users\Vivian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: Interfaces\{37DEE150-B1AD-46B7-BA1E-68FDC81E4E86}: NameServer = 193.189.244.225 193.189.244.206

FF - ProfilePath - c:\users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\users\Vivian\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\users\Vivian\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-mcmscsvc

SafeBoot-MCODS

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-4179217827-3366708110-3380199809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-4179217827-3366708110-3380199809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-01-17  14:19:15

ComboFix-quarantined-files.txt  2012-01-17 13:19

ComboFix2.txt  2012-01-16 19:49

.

Vor Suchlauf: 17 Verzeichnis(se), 408.298.872.832 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 408.101.543.936 Bytes frei

.

- - End Of File - - 0B52E851275616944693903C2878495E

[/CODE]
--- --- ---