Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Viele Bluescreens, dann Schlachtmusik (https://www.trojaner-board.de/89060-viele-bluescreens-dann-schlachtmusik.html)

MrBurns 03.08.2010 13:31
Viele Bluescreens, dann Schlachtmusik
 
Hallo!

Ich hab dieses Problem jetzt schon öfter hier gelesen, und auch schon vieles ausprobiert, was in den anderen Threads vorgeschlagen wurde, allerdings hat bis jetzt nichts geholfen.

Vor einigen Tagen ist mein Laptop immer wieder direkt nach dem Hochfahren abgestürzt. Bluescreen mit der Meldung IRQL NOT LESS OR EQUAL. Im Endeffekt konnte ich das umgehen, indem ich jetzt das WLAN statt dem Netzwerkkabel benutze. Als das dann funktioniert hat, kam aber das Schlachtmusik-Problem, das in diesem Forum mehrere haben.

Hier mal mein HiJackLog
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:48:51, on 03.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Media\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
c:\Users\***\Downloads\HiJackThis204.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Media\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Media\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: ac'tivAid.lnk = C:\Program Files\ac'tivAid\ac'tivAid.ahk
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Citavi Picker... - file://C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aa.swh.mhn.de
O17 - HKLM\Software\..\Telephony: DomainName = aa.swh.mhn.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{36094DB0-41AF-4EBD-AE32-8E295AF1A0FD}: Domain = uni-muenchen.de
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aa.swh.mhn.de
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aa.swh.mhn.de
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12176 bytes

CCleaner auch schon ausgeführt.

Außerdem SuperAntiSpyware und Malwarebytes. Die beiden haben ich vorgestern einen vollen Scan machen lassen, da hat er viele Sachen gefunden und gelöscht. Problem war aber nicht behoben.

Dann RSIT durchlaufen lassen, hier rsit info:

[QUOTE]info.txtRSIT Logfile:
Code:
logfile of random's system information tool 1.08 2010-08-03 13:24:52

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
ac'tivAid v1.3.1-->C:\Program Files\AutoHotkey\AutoHotkey.exe "C:\Program Files\ac'tivAid\ac'tivAid.ahk" uninstall
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Premiere Elements 4.0 Templates-->msiexec /I {F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}
Adobe Premiere Elements 4.0 Templates-->MsiExec.exe /I{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}
Adobe Premiere Elements 4.0-->msiexec /I {3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Adobe Premiere Elements 4.0-->MsiExec.exe /I{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Adobe Reader 8.1.4 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Alps Pointing-device for VAIO-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AnyDVD-->"C:\Program Files\Media\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\Media\AnyDVD"
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Magic-i Visual Effects Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}\Setup.exe" -l0x7
Atlantis - Sky Patrol (remove only)-->C:\Big Fish Games\Atlantis - Sky Patrol\Uninstall.exe
Attribute Changer 6.10b-->C:\Program Files\Tools\Attribute Changer\uninstall.exe
Audacity 1.3.5 (Unicode)-->"C:\Program Files\Media\Audacity 1.3 Beta (Unicode)\unins000.exe"
AutoHotkey 1.0.47.06-->C:\Program Files\AutoHotkey\uninst.exe
Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0007 -removeonly
AVI Splitter-->"C:\Program Files\Tools\avisplit\unins000.exe"
Avid Codecs LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE64A793-CD35-4950-B878-C9D1A4AC9ECC}\SETUP.exe" -l0x9  -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}\setup.exe" -l0x7  -removeonly
Big Fish Games Center-->C:\Big Fish Games\Uninstall.exe
Big Fish Games Sudoku (remove only)-->C:\Big Fish Games\sudoku\Uninstall.exe
Black & White® 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x7  -removeonly
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Broken Sword 2.5-->"H:\Spiele\Broken Sword 2.5\unins000.exe"
Brother MFL-Pro Suite MFC-490CW-->"C:\Program Files\InstallShield Installation Information\{D9461574-5FC0-4641-BBDC-D1038B196F55}\Setup.exe"  -runfromtemp -l0x0007 UNINSTALL Reg=BH9_C2 -removeonly
Browser Address Error Redirector-->regsvr32 /u /s "C:\PROGRA~1\GOOGLE~1\BAE.dll"
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities Digital Photo Professional 3.3-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities Original Data Security Tools-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Original Data Security Tools\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Picture Style Editor-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Picture Style Editor\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CCleaner-->"C:\Program Files\Tools\CCleaner\uninst.exe"
Cisco Systems VPN Client 5.0.03.0530-->MsiExec.exe /X{4C271126-C295-4828-A901-5910AE0C258B}
Citavi 2.5-->C:\Program Files\Tools\Citavi\Deinstallieren.exe
Click to Disc Editor-->C:\Program Files\InstallShield Installation Information\{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}\setup.exe -runfromtemp -l0x0407
Click to Disc-->C:\Program Files\InstallShield Installation Information\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}\setup.exe -runfromtemp -l0x0007 -removeonly
CloneDVD2-->"C:\Program Files\Media\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Media\CloneDVD2"
Commandos 3 - Destination Berlin-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C270BC04-1540-4673-960F-A546B2C860CD}\SETUP.EXE"
COWON D2 User's Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5347403-63C2-4B7A-AF63-AB3FE4F907B7}\Setup.exe" -l0x9
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DSD Direct Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}\setup.exe" -l0x7  -removeonly
DSD Direct-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}\setup.exe" -l0x7  -removeonly
DSD Playback Plug-in-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{009E7FB7-1775-4D89-8956-F5C9A1C019FC}\setup.exe" -l0x7  -removeonly
Duden Korrektor-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{91BF142C-E8C0-4279-A98D-A61A4404CF56}
Duplicate File Finder 1.1.0.3-->"C:\Program Files\Tools\Duplicate File Finder\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\Tools\DVD Shrink\unins000.exe"
eMule-->"C:\Program Files\Media\eMule\Uninstall.exe"
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free DVD Video Burner version 2.1-->"C:\Program Files\DVDVideoSoft\Free DVD Video Burner\unins000.exe"
Free Video to DVD Converter version 1.2-->"C:\Program Files\Tools\Free Video to DVD Converter\unins000.exe"
Garmin USB Drivers-->MsiExec.exe /X{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GTA2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\UIU32m.exe -U -ISnSZIRXz.inf
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07D8511D-C9FE-4A93-933F-EAA5C8F20095}\setup.exe" -l0x7 -remove -removeonly
Instant Mode-->C:\Program Files\InstallShield Installation Information\{E6707034-D7A4-49B1-94D0-F5AACE46F06C}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{7AB3A249-FB81-416B-917A-A2A10E74C503}
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Mahjong Towers Eternity EU (remove only)-->C:\Big Fish Games\Mahjong Towers Eternity EU\Uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Tools\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme-->MsiExec.exe /X{90120000-00B2-0407-0000-0000000FF1CE}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.0.4)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mystery Case Files - Prime Suspects (remove only)-->C:\Big Fish Games\Mystery Case Files - Prime Suspects\Uninstall.exe
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Office-Bibliothek-->MsiExec.exe /I{5C81B189-5456-40C4-9313-7FE6FA6DD64C}
OpenMG Limited Patch 4.7-07-15-19-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-15-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018A522F1B2C}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Roxio Activation Module-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
Roxio Easy Media Creator Home-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
ScanSoft PaperPort 11-->MsiExec.exe /I{7A8FF745-BBC5-482B-88E4-18D3178249A9}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Setting Utility Series-->"C:\Program Files\InstallShield Installation Information\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}\setup.exe" -runfromtemp -l0x0007 -removeonly
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}\setup.exe" -l0x7  -removeonly
SonicStage Mastering Studio Plugins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}\setup.exe" -l0x7  -removeonly
SonicStage Mastering Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6332AFF1-9D9A-429C-AA03-F82749FA4F49}\setup.exe" -l0x7  -removeonly
Sony Ericsson MD300 Wireless Modem-->MsiExec.exe /I{EF4E0DA6-02E0-47BF-9BB6-DC0E83CC6F4C}
Sony Ericsson PC Suite 4.010.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\setup.exe -runfromtemp -l0x0007 -removeonly
Sony Ericsson Wireless Manager 5-->MsiExec.exe /I{37964A88-DAA1-488B-AE88-A5B6DDC6E9A6}
Sony Video Shared Library-->C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe -runfromtemp -l0x0007 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TreeSize Free V2.3.1-->"C:\Program Files\Tools\TreeSize Free\unins000.exe"
TweetDeck-->MsiExec.exe /X{362F8AC6-4EA5-C5AC-ED7E-1F49F0EE20D5}
twhirl-->msiexec /qb /x {B73BEEBE-3D94-2634-B5D1-28B8269489FF}
twhirl-->MsiExec.exe /I{B73BEEBE-3D94-2634-B5D1-28B8269489FF}
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VAIO Camera Capture Utility-->"C:\Program Files\InstallShield Installation Information\{6D2576EC-A0E9-418A-A09A-409933A3B6F4}\setup.exe" -runfromtemp -l0x0007 -removeonly
VAIO Content Folder Setting-->"C:\Program Files\InstallShield Installation Information\{23825B69-36DF-4DAD-9CFD-118D11D80F16}\setup.exe" -runfromtemp -l0x0007 -removeonly
VAIO Content Metadata Intelligent Analyzing Manager-->C:\Program Files\InstallShield Installation Information\{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}\setup.exe -runfromtemp -l0x0007 -removeonly
VAIO Content Metadata Manager Setting-->C:\Program Files\InstallShield Installation Information\{69351E9E-23ED-41D5-B146-EDBF83C63B66}\setup.exe -runfromtemp -l0x0007 -removeonly
VAIO Content Metadata XML Interface Library-->C:\Program Files\InstallShield Installation Information\{B5E2DF30-1061-4DB4-AF28-08996C8E5680}\setup.exe -runfromtemp -l0x0007 -removeonly
VAIO Control Center-->"C:\Program Files\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -runfromtemp -l0x0007 -removeonly
VAIO Data Restore Tool-->C:\Program Files\InstallShield Installation Information\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\setup.exe -runfromtemp -l0x0007 -removeonly
VAIO DVD Menu Data Basic-->C:\Program Files\InstallShield Installation Information\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}\setup.exe -runfromtemp -l0x0007 -removeonly
VAIO Entertainment Platform-->C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe -runfromtemp -l0x0007 -removeonly
VAIO Event Service-->"C:\Program Files\InstallShield Installation Information\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}\setup.exe" -runfromtemp -l0x0007 -removeonly
VAIO Launcher-->"C:\Program Files\InstallShield Installation Information\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}\setup.exe" -runfromtemp -l0x0007 -removeonly
Vaio Marketing Tools-->C:\Program Files\Sony\Marketing Tools\Uninstaller.exe /bootstrap
VAIO Media 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x7 UNINSTALL
VAIO Media Content Collection 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500162A0-4DD5-460A-BAFD-895AAE48C532}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media Integrated Server 6.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media Redistribution 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media Registration Tool 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Movie Story Template Data-->C:\Program Files\InstallShield Installation Information\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}\setup.exe -runfromtemp -l0x0007 -removeonly
VAIO Movie Story-->C:\Program Files\InstallShield Installation Information\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}\setup.exe -runfromtemp -l0x0007 -removeonly
VAIO MusicBox Sample Music-->"C:\Program Files\InstallShield Installation Information\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}\setup.exe" -runfromtemp -l0x0007 -removeonly
VAIO MusicBox-->"C:\Program Files\InstallShield Installation Information\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}\setup.exe" -runfromtemp -l0x0007 -removeonly
VAIO Original Function Setting-->"C:\Program Files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe" -runfromtemp -l0x0007 -removeonly
VAIO Power Management-->"C:\Program Files\InstallShield Installation Information\{802889F8-6AF5-45A5-9764-CA5B999E50FC}\setup.exe" -runfromtemp -l0x0007 -removeonly
VAIO Update 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x7  -removeonly
VAIO Wallpaper Contents-->"C:\Program Files\InstallShield Installation Information\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}\setup.exe" -runfromtemp -l0x0007 -removeonly
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Virtual Villagers (remove only)-->C:\Big Fish Games\Virtual Villagers\Uninstall.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.0.1-->C:\Program Files\Media\VLC\uninstall.exe
Vuze-->C:\Program Files\Media\Azureus\uninstall.exe
WIDCOMM Bluetooth Software 6.1.0.2000-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_0efc767c\grmnusb.inf
Windows Live Messenger-->MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinDVD BD for VAIO-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0407
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinX Video Converter 4.4.5-->"C:\Program Files\Tools\WinX_Video_Converter\unins000.exe"
Wireless Switch Setting Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\setup.exe" -l0x7  -removeonly

======Security center information======

AS: Avira AntiVir PersonalEdition
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows-Defender (disabled)

======System event log======

Computer Name: ***
Event Code: 33
Message: Die älteste Schattenkopie von Volume "C:" wurde gelöscht, um den Datenträger-Speicherplatz für Schattenkopien auf Volume "C:" unterhalb des benutzerdfinierten Limits zu belassen.
Record Number: 234879
Source Name: volsnap
Time Written: 20100205230554.714000-000
Event Type: Informationen
User:

Computer Name: ***
Event Code: 7036
Message: Dienst "Volumeschattenkopie" befindet sich jetzt im Status "Beendet".
Record Number: 234878
Source Name: Service Control Manager
Time Written: 20100205230341.000000-000
Event Type: Informationen
User:

Computer Name: ***
Event Code: 7036
Message: Dienst "Microsoft-Softwareschattenkopie-Anbieter" befindet sich jetzt im Status "Ausgeführt".
Record Number: 234877
Source Name: Service Control Manager
Time Written: 20100205230001.000000-000
Event Type: Informationen
User:

Computer Name: ***
Event Code: 7036
Message: Dienst "Volumeschattenkopie" befindet sich jetzt im Status "Ausgeführt".
Record Number: 234876
Source Name: Service Control Manager
Time Written: 20100205230001.000000-000
Event Type: Informationen
User:

Computer Name: ***
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 234875
Source Name: Service Control Manager
Time Written: 20100205222655.000000-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: ***
Event Code: 0
Message:
Record Number: 5100
Source Name: VAIO Event Service
Time Written: 20080529070250.000000-000
Event Type: Informationen
User:

Computer Name: ***
Event Code: 7
Message: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
Record Number: 5099
Source Name: VzCdbSvc
Time Written: 20080529070250.000000-000
Event Type: Fehler
User:

Computer Name: ***
Event Code: 5615
Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet.
Record Number: 5098
Source Name: Microsoft-Windows-WMI
Time Written: 20080529070249.000000-000
Event Type: Informationen
User:

Computer Name: ***
Event Code: 0
Message:
Record Number: 5097
Source Name: IviRegMgr
Time Written: 20080529070247.000000-000
Event Type: Informationen
User:

Computer Name: ***
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!
Record Number: 5096
Source Name: Avira AntiVir
Time Written: 20080529070246.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Security event log=====

Computer Name: ***
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                ***
        Kontodomäne:                ***
        Anmelde-ID:                0x3e7

Anmeldetyp:                        5

Neue Anmeldung:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e7
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
        Prozess-ID:                0x2a4
        Prozessname:                C:\Windows\System32\services.exe

Netzwerkinformationen:
        Arbeitsstationsname:       
        Quellnetzwerkadresse:        -
        Quellport:                -

Detaillierte Authentifizierungsinformationen:
        Anmeldeprozess:                Advapi 
        Authentifizierungspaket:        Negotiate
        Übertragene Dienste:        -
        Paketname (nur NTLM):        -
        Schlüssellänge:                0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
        - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 43926
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090620085415.820555-000
Event Type: Überwachung erfolgreich
User:

Computer Name: ***
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                ***
        Kontodomäne:                ***
        Anmelde-ID:                0x3e7
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Zielserver:
        Zielservername:        localhost
        Weitere Informationen:        localhost

Prozessinformationen:
        Prozess-ID:                0x2a4
        Prozessname:                C:\Windows\System32\services.exe

Netzwerkinformationen:
        Netzwerkadresse:        -
        Port:                        -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 43925
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090620085415.820555-000
Event Type: Überwachung erfolgreich
User:

Computer Name: ***
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e7

Berechtigungen:                SeAssignPrimaryTokenPrivilege
                        SeTcbPrivilege
                        SeSecurityPrivilege
                        SeTakeOwnershipPrivilege
                        SeLoadDriverPrivilege
                        SeBackupPrivilege
                        SeRestorePrivilege
                        SeDebugPrivilege
                        SeAuditPrivilege
                        SeSystemEnvironmentPrivilege
                        SeImpersonatePrivilege
Record Number: 43924
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090620085415.773755-000
Event Type: Überwachung erfolgreich
User:

Computer Name: ***
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                ***
        Kontodomäne:                ***
        Anmelde-ID:                0x3e7

Anmeldetyp:                        5

Neue Anmeldung:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e7
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
        Prozess-ID:                0x2a4
        Prozessname:                C:\Windows\System32\services.exe

Netzwerkinformationen:
        Arbeitsstationsname:       
        Quellnetzwerkadresse:        -
        Quellport:                -

Detaillierte Authentifizierungsinformationen:
        Anmeldeprozess:                Advapi 
        Authentifizierungspaket:        Negotiate
        Übertragene Dienste:        -
        Paketname (nur NTLM):        -
        Schlüssellänge:                0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
        - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 43923
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090620085415.773755-000
Event Type: Überwachung erfolgreich
User:

Computer Name: ***
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                ***
        Kontodomäne:                ***
        Anmelde-ID:                0x3e7
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Zielserver:
        Zielservername:        localhost
        Weitere Informationen:        localhost

Prozessinformationen:
        Prozess-ID:                0x2a4
        Prozessname:                C:\Windows\System32\services.exe

Netzwerkinformationen:
        Netzwerkadresse:        -
        Port:                        -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 43922
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090620085415.773755-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Media\Quicktime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
--- --- ---


und hier rsit log:

RSIT Logfile:
Code:
Logfile of random's system information tool 1.08 (written by random/random)
Run by *** at 2010-08-03 13:24:46
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 20 GB (11%) free of 180 GB
Total RAM: 2046 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:24:50, on 03.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Media\iTunes\iTunesHelper.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Users\***\Desktop\RSIT.exe
C:\Program Files\trend micro\***.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Media\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Media\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: ac'tivAid.lnk = C:\Program Files\ac'tivAid\ac'tivAid.ahk
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Citavi Picker... - file://C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aa.swh.mhn.de
O17 - HKLM\Software\..\Telephony: DomainName = aa.swh.mhn.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{36094DB0-41AF-4EBD-AE32-8E295AF1A0FD}: Domain = uni-muenchen.de
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aa.swh.mhn.de
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12059 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{D7D98F91-450C-49D3-BB4B-0438F4214718}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{609D670F-B735-4da7-AC6D-F3BD358E325E}]
Asz.Citavi.IEPicker.IEPickerButton - C:\Windows\system32\mscoree.dll [2009-11-08 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\PROGRA~1\GOOGLE~1\BAE.dll [2006-06-23 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"QuickTime Task"=C:\Program Files\Media\Quicktime\QTTask.exe [2010-03-17 421888]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-10-30 86016]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-05-29 1085440]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-06-10 118784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-10-30 81920]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-10-30 8429568]
"iTunesHelper"=C:\Program Files\Media\iTunes\iTunesHelper.exe [2010-06-15 141624]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2007-09-19 311296]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-10-11 46368]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-12-21 86016]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
VPN Client.lnk - C:\Windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico

C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ac'tivAid.lnk - C:\Program Files\ac'tivAid\ac'tivAid.ahk

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2007-08-14 98304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=4
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-08-03 13:24:46 ----D---- C:\rsit
2010-08-03 13:24:46 ----D---- C:\Program Files\trend micro
2010-08-03 13:03:24 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-03 13:03:22 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-03 10:44:58 ----A---- C:\Windows\system32\shell32.dll
2010-08-02 19:16:58 ----D---- C:\Windows\ERDNT
2010-08-02 18:50:56 ----D---- C:\Program Files\7-Zip
2010-08-02 18:29:25 ----A---- C:\Windows\system32\bootkit_remover_debug_log.txt
2010-08-01 13:12:37 ----D---- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
2010-08-01 13:12:37 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-08-01 13:08:28 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes
2010-08-01 13:08:18 ----D---- C:\ProgramData\Malwarebytes
2010-08-01 13:03:58 ----A---- C:\Windows\system32\remover.exe
2010-07-31 11:52:22 ----ASH---- C:\hiberfil.sys
2010-07-31 11:10:58 ----D---- C:\Users\***\AppData\Roaming\Avira
2010-07-31 11:10:27 ----D---- C:\ProgramData\Avira
2010-07-31 11:10:27 ----D---- C:\Program Files\Avira
2010-07-31 11:10:27 ----A---- C:\Windows\system32\drivers\avipbb.sys
2010-07-31 11:10:27 ----A---- C:\Windows\system32\drivers\avgntmgr.sys
2010-07-31 11:10:27 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2010-07-31 11:10:27 ----A---- C:\Windows\system32\drivers\avgntdd.sys
2010-07-31 07:43:28 ----D---- C:\Windows\pss

======List of files/folders modified in the last 1 months======

2010-08-03 13:24:50 ----D---- C:\Windows\Prefetch
2010-08-03 13:24:46 ----RD---- C:\Program Files
2010-08-03 13:23:40 ----D---- C:\Program Files\ac'tivAid
2010-08-03 13:23:04 ----D---- C:\Windows\Temp
2010-08-03 13:17:05 ----RSD---- C:\Windows\Media
2010-08-03 13:17:05 ----D---- C:\Windows\system32\drivers
2010-08-03 13:10:01 ----D---- C:\Windows
2010-08-03 13:03:22 ----D---- C:\Program Files\Tools
2010-08-03 12:55:40 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-08-03 12:55:35 ----D---- C:\Windows\Minidump
2010-08-03 12:55:35 ----D---- C:\Windows\Debug
2010-08-03 12:50:14 ----D---- C:\Windows\System32
2010-08-03 12:50:14 ----D---- C:\Windows\inf
2010-08-03 12:50:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-03 12:41:27 ----D---- C:\Windows\system32\Samsung_USB_Drivers
2010-08-03 12:38:07 ----D---- C:\Windows\winsxs
2010-08-03 12:37:23 ----SHD---- C:\System Volume Information
2010-08-03 12:34:18 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-03 12:33:57 ----D---- C:\Windows\system32\catroot2
2010-08-03 12:33:57 ----D---- C:\Windows\system32\catroot
2010-08-03 12:33:05 ----D---- C:\Program Files\AskBarDis
2010-08-03 12:32:16 ----D---- C:\Users\***\AppData\Roaming\Samsung
2010-08-03 12:32:05 ----SHD---- C:\Windows\Installer
2010-08-03 11:08:31 ----D---- C:\Program Files\Mozilla Thunderbird
2010-08-02 18:21:19 ----D---- C:\Users\***\AppData\Roaming\Skype
2010-08-02 16:09:46 ----D---- C:\Users\***\AppData\Roaming\skypePM
2010-08-01 20:37:25 ----D---- C:\Windows\ServiceProfiles
2010-08-01 13:12:37 ----HD---- C:\ProgramData
2010-07-30 20:55:06 ----D---- C:\Program Files\Mozilla Firefox
2010-07-29 09:20:22 ----D---- C:\Program Files\Windows Mail
2010-07-28 18:18:15 ----D---- C:\Users\***\AppData\Roaming\vlc
2010-07-23 16:16:54 ----D---- C:\Users\***\AppData\Roaming\dvdcss
2010-07-19 15:49:28 ----D---- C:\Film
2010-07-18 15:30:20 ----D---- C:\Bilder
2010-07-08 14:44:01 ----D---- C:\ProgramData\DVD Shrink

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-03-01 277784]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-12-29 717296]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2007-09-19 10216]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2008-07-12 5632]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2008-04-17 306299]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-10-05 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-05 8192]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2008-09-04 99648]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-10 140800]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-10-05 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-10-05 207360]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-19 2222080]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-10-30 7115072]
R3 R5U870FLx86;R5U870 UVC Lower Filter  ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2007-10-30 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter  ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2007-10-30 43904]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-10-27 330240]
R3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216]
R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-10-05 659968]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-10-05 246784]
S0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys []
S3 61883;61883-Einheitsgerät; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696]
S3 afmhedhq;afmhedhq; C:\Windows\system32\drivers\afmhedhq.sys []
S3 Avc;AVC-Gerät; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448]
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2007-10-10 81448]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-10-10 99880]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 28464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-10-10 17448]
S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-03-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\k750mdfl.sys [2005-03-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\Windows\system32\DRIVERS\k750mdm.sys [2005-03-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\Windows\system32\DRIVERS\k750mgmt.sys [2005-03-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\Windows\system32\DRIVERS\k750obex.sys [2005-03-11 79488]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\Windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\Windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\Windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
S3 sembbus;SEMC WMC Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sembbus.sys [2008-02-06 260992]
S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM); C:\Windows\system32\DRIVERS\sembcard.sys [2008-02-06 337408]
S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter; C:\Windows\system32\DRIVERS\sembmdfl2.sys [2008-02-06 14976]
S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver; C:\Windows\system32\DRIVERS\sembmdm2.sys [2008-02-06 380672]
S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\sembmgmt.sys [2008-02-06 343680]
S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS); C:\Windows\system32\DRIVERS\sembnd5.sys [2008-02-06 24960]
S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM); C:\Windows\system32\DRIVERS\sembunic.sys [2008-02-06 344064]
S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM); C:\Windows\system32\DRIVERS\sembwwan.sys [2008-02-06 337408]
S3 SEMCReserved;SEMC Reserved Interface; C:\Windows\system32\DRIVERS\semcreserved.sys [2008-02-15 17408]
S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader; C:\Windows\system32\DRIVERS\sesc.sys [2007-08-14 12672]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-02-13 128104]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-07-31 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-04-17 1528608]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\stacsv.exe [2007-10-27 102400]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2007-08-14 182392]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2007-08-28 192512]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2007-08-28 131072]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-05 386560]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2007-06-28 274432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-11 133104]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-12 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-02 1838592]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-02 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2007-06-28 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2007-06-20 2523136]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2007-06-20 499712]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 79136]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
--- --- ---


Danke für die Hilfe!

Larusso 03.08.2010 18:09
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Poste mir bitte die aktuelle Logfile von Malwarebytes
Starte Malwarebytes--> Reiter Scan-Berichte--> klick auf den aktuellsten Bericht--> es öffnet sich automatisch ein Text-Dokument


Schritt 2

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

MrBurns 03.08.2010 22:22
Hallo Daniel,
danke für Deine Antwort!

Ah richtig, Malwarebytes-Log.

Ich hatte heute Nachmittag einen Quickscan gemacht, hier der Log davon:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4384

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

03.08.2010 13:14:29
mbam-log-2010-08-03 (13-14-29).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 138631
Laufzeit: 9 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\downloads\activaid_v131.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Später, als alle paar Minuten diese Musik aus den Lautsprechern kam, wollte ich was unternehmen und hab einen Vollscan gemacht, dazu ist hier der Log:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4384

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

03.08.2010 19:38:39
mbam-log-2010-08-03 (19-38-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 304334
Laufzeit: 1 Stunde(n), 43 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Dann noch MBRCheck gemacht, inkl. Neustart danach. Log:

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Sony Corporation
System Product Name: VGN-FZ31L
Logical Drives Mask: 0x00000074

Kernel Drivers (total 170):
0x82812000 \SystemRoot\system32\ntkrnlpa.exe
0x82BCB000 \SystemRoot\system32\hal.dll
0x8060B000 \SystemRoot\system32\kdcom.dll
0x80612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80682000 \SystemRoot\system32\PSHED.dll
0x80693000 \SystemRoot\system32\BOOTVID.dll
0x8069B000 \SystemRoot\system32\CLFS.SYS
0x806DC000 \SystemRoot\system32\CI.dll
0x82E0F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82E8B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82E98000 \SystemRoot\System32\Drivers\spay.sys
0x82F98000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x82FA1000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x88607000 \SystemRoot\system32\drivers\acpi.sys
0x8864D000 \SystemRoot\system32\drivers\msisadrv.sys
0x88655000 \SystemRoot\system32\drivers\pci.sys
0x8867C000 \SystemRoot\System32\drivers\partmgr.sys
0x8868B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8868E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88698000 \SystemRoot\system32\drivers\volmgr.sys
0x886A7000 \SystemRoot\System32\drivers\volmgrx.sys
0x886F1000 \SystemRoot\system32\drivers\intelide.sys
0x886F8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x88706000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x88733000 \SystemRoot\System32\drivers\mountmgr.sys
0x88743000 \SystemRoot\system32\drivers\iastorv.sys
0x8880F000 \SystemRoot\system32\drivers\iastor.sys
0x888CD000 \SystemRoot\system32\drivers\atapi.sys
0x888D5000 \SystemRoot\system32\drivers\ataport.SYS
0x888F3000 \SystemRoot\system32\drivers\fltmgr.sys
0x88925000 \SystemRoot\system32\drivers\fileinfo.sys
0x88935000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8893E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88A06000 \SystemRoot\system32\drivers\ndis.sys
0x88B11000 \SystemRoot\system32\drivers\msrpc.sys
0x88B3C000 \SystemRoot\system32\drivers\NETIO.SYS
0x88C01000 \SystemRoot\System32\drivers\tcpip.sys
0x88CEB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88E08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88F18000 \SystemRoot\system32\drivers\volsnap.sys
0x88F51000 \SystemRoot\System32\Drivers\spldr.sys
0x88F59000 \SystemRoot\System32\Drivers\mup.sys
0x88F68000 \SystemRoot\System32\drivers\ecache.sys
0x88F8F000 \SystemRoot\system32\drivers\disk.sys
0x88FA0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88FC1000 \SystemRoot\system32\drivers\crcdisk.sys
0x88FE2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88FEB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88FFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CC01000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8D2CB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D36C000 \SystemRoot\System32\drivers\watchdog.sys
0x8D378000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8D383000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D3C1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D403000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D82A000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8D869000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8D879000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8D887000 \SystemRoot\system32\drivers\ti21sony.sys
0x8D953000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x8D956000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D969000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D974000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8D99D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D9A8000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0x8D9AA000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x8D9C1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D9D9000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8D490000 \SystemRoot\System32\Drivers\a4nsffj9.SYS
0x8D9DF000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8D4C6000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8D4CE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D4FD000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D53E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D549000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D560000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D56B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D58E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D59D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D5B1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D5C6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D9FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D5D6000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D3D0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D3DA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x88DC4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D3E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x88B77000 \SystemRoot\system32\drivers\stwrt.sys
0x88BCC000 \SystemRoot\system32\drivers\portcls.sys
0x889AF000 \SystemRoot\system32\drivers\drmk.sys
0x807BC000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FC09000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FD0C000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FDC0000 \SystemRoot\system32\drivers\modem.sys
0x8FDCD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FDD6000 \SystemRoot\System32\Drivers\Null.SYS
0x8FDDD000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FDED000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FDF4000 \SystemRoot\System32\drivers\vga.sys
0x889D4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FC00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FDE4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x88FD7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x88800000 \SystemRoot\System32\Drivers\Npfs.SYS
0x889F5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x887E3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x82FC7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D600000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x82FDE000 \SystemRoot\System32\Drivers\R5U870FLx86.sys
0x90204000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90225000 \SystemRoot\System32\Drivers\R5U870FUx86.sys
0x90230000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90239000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90249000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9049B000 \SystemRoot\system32\DRIVERS\smb.sys
0x904AF000 \SystemRoot\system32\drivers\afd.sys
0x904F7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90529000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9053F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9054D000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x90553000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90566000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x9056C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x905A8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x905B2000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x905B7000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x905B8000 \SystemRoot\System32\Drivers\dfsc.sys
0x905CF000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x905F1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x88D06000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98000000 \SystemRoot\System32\win32k.sys
0x90400000 \SystemRoot\System32\drivers\Dxapi.sys
0x903C0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98220000 \SystemRoot\System32\TSDDD.dll
0x98240000 \SystemRoot\System32\cdd.dll
0x903CF000 \SystemRoot\system32\drivers\luafv.sys
0x903EA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x80C09000 \SystemRoot\system32\drivers\spsys.sys
0x80CB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x80CC9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x80CF3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x80CFD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x80D10000 \SystemRoot\system32\drivers\HTTP.sys
0x80D7D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x80D9A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x80DB3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x80DC8000 \SystemRoot\system32\drivers\mrxdav.sys
0x8240F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8242E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x82467000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8247F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x824A6000 \SystemRoot\System32\DRIVERS\srv.sys
0x8250C000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0x8259C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA1601000 \SystemRoot\system32\drivers\peauth.sys
0xA16DF000 \SystemRoot\system32\drivers\regi.sys
0xA16E1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA16EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA16F7000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA16FF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA1714000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA1726000 \SystemRoot\system32\drivers\tdtcp.sys
0xA1731000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA173D000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA1770000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8D602000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0xA1786000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
0x77CB0000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll

Processes (total 66):
0 System Idle Process
4 System
444 C:\Windows\System32\smss.exe
524 csrss.exe
576 C:\Windows\System32\wininit.exe
584 csrss.exe
620 C:\Windows\System32\services.exe
632 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
780 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\winlogon.exe
1128 C:\Windows\System32\audiodg.exe
1160 C:\Windows\System32\SLsvc.exe
1200 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\spoolsv.exe
1532 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1548 C:\Windows\System32\svchost.exe
1772 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1804 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1832 C:\Program Files\Bonjour\mDNSResponder.exe
1852 C:\Windows\System32\svchost.exe
1868 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
1880 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2008 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
336 C:\Windows\System32\svchost.exe
480 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\stacsv.exe
2084 C:\Windows\System32\svchost.exe
2184 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
2192 C:\Windows\System32\svchost.exe
2240 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
2260 C:\Windows\System32\svchost.exe
2304 C:\Windows\System32\SearchIndexer.exe
2348 C:\Windows\System32\drivers\XAudio.exe
2384 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
2644 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
2776 WUDFHost.exe
2844 C:\Windows\System32\taskeng.exe
3084 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
3384 C:\Windows\System32\dwm.exe
3416 C:\Windows\System32\taskeng.exe
3464 C:\Windows\explorer.exe
3920 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
3940 C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
3952 C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
2620 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
3948 C:\Program Files\Apoint\Apoint.exe
3900 C:\Windows\System32\rundll32.exe
2876 C:\Program Files\Media\iTunes\iTunesHelper.exe
308 C:\Program Files\Sony\ISB Utility\ISBMgr.exe
3436 C:\Windows\System32\rundll32.exe
2948 WmiPrvSE.exe
1436 C:\Program Files\Apoint\ApMsgFwd.exe
304 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
648 C:\Program Files\Apoint\ApntEx.exe
1760 C:\Windows\System32\wbem\unsecapp.exe
2124 C:\Program Files\iPod\bin\iPodService.exe
5016 C:\Program Files\Mozilla Firefox\firefox.exe
5332 C:\Windows\System32\conime.exe
5828 C:\Users\***\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`a2a00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHY2200BH, Rev: 0000000B

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: B54B3AC0ADE4B8ABBDCB812292C74DAA2C204010


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 0
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

Larusso 03.08.2010 23:46
Lösche bitte die vorhandenen MBRCheck.txt.

Starte bitte MBRCheck.exe erneut.
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
  • Enter your choice: 2
  • Enter the physical disk number to fix (0-99, -1 to cancel): 0
  • PLease select the MBR code to write to this drive: 3
Die rot eingerahmten Zahlen aus der Anleitung entnehmen!!!
http://img831.imageshack.us/img831/5659/mbr.jpg
  • Gib nun Yes ein und bestätige mit ENTER.
  • Starte den Rechner neu auf.
Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten

MrBurns 04.08.2010 11:27
Ok, erledigt. Hier das erste Dokument:

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Sony Corporation
System Product Name: VGN-FZ31L
Logical Drives Mask: 0x00000074

Kernel Drivers (total 170):
0x82840000 \SystemRoot\system32\ntkrnlpa.exe
0x8280D000 \SystemRoot\system32\hal.dll
0x80606000 \SystemRoot\system32\kdcom.dll
0x8060D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067D000 \SystemRoot\system32\PSHED.dll
0x8068E000 \SystemRoot\system32\BOOTVID.dll
0x80696000 \SystemRoot\system32\CLFS.SYS
0x806D7000 \SystemRoot\system32\CI.dll
0x82E05000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82E81000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82E8E000 \SystemRoot\System32\Drivers\sprg.sys
0x82F8E000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x82F97000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B7000 \SystemRoot\system32\drivers\acpi.sys
0x82FBD000 \SystemRoot\system32\drivers\msisadrv.sys
0x82FC5000 \SystemRoot\system32\drivers\pci.sys
0x82FEC000 \SystemRoot\System32\drivers\partmgr.sys
0x82FFB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88607000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88611000 \SystemRoot\system32\drivers\volmgr.sys
0x88620000 \SystemRoot\System32\drivers\volmgrx.sys
0x8866A000 \SystemRoot\system32\drivers\intelide.sys
0x88671000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8867F000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x886AC000 \SystemRoot\System32\drivers\mountmgr.sys
0x886BC000 \SystemRoot\system32\drivers\iastorv.sys
0x88801000 \SystemRoot\system32\drivers\iastor.sys
0x888BF000 \SystemRoot\system32\drivers\atapi.sys
0x888C7000 \SystemRoot\system32\drivers\ataport.SYS
0x888E5000 \SystemRoot\system32\drivers\fltmgr.sys
0x88917000 \SystemRoot\system32\drivers\fileinfo.sys
0x88927000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x88930000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88A0E000 \SystemRoot\system32\drivers\ndis.sys
0x88B19000 \SystemRoot\system32\drivers\msrpc.sys
0x88B44000 \SystemRoot\system32\drivers\NETIO.SYS
0x88C04000 \SystemRoot\System32\drivers\tcpip.sys
0x88CEE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88E0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88F1E000 \SystemRoot\system32\drivers\volsnap.sys
0x88F57000 \SystemRoot\System32\Drivers\spldr.sys
0x88F5F000 \SystemRoot\System32\Drivers\mup.sys
0x88F6E000 \SystemRoot\System32\drivers\ecache.sys
0x88F95000 \SystemRoot\system32\drivers\disk.sys
0x88FA6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88FC7000 \SystemRoot\system32\drivers\crcdisk.sys
0x88FE8000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88FF1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88E00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8D00D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8D6D7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D778000 \SystemRoot\System32\drivers\watchdog.sys
0x8D784000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8D78F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D7CD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8875C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CC2A000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8CC69000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8CC79000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8CC87000 \SystemRoot\system32\drivers\ti21sony.sys
0x8CD53000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x8CD56000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CD69000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CD74000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8CD9D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CDA8000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0x8CDAA000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x8CDC1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CDD9000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x88DC7000 \SystemRoot\System32\Drivers\aisr6174.SYS
0x8CDDF000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8D7DC000 \SystemRoot\system32\DRIVERS\serscan.sys
0x88B7F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x88BAE000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D7E4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x889A1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D7EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x889B8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x88BEF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x889DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x887E9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x889EF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CDFD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8DE0C000 \SystemRoot\system32\DRIVERS\ks.sys
0x8DE36000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8DE40000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8DE4D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8DE82000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DE93000 \SystemRoot\system32\drivers\stwrt.sys
0x8DEE8000 \SystemRoot\system32\drivers\portcls.sys
0x8DF15000 \SystemRoot\system32\drivers\drmk.sys
0x8DF3A000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FC0A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FD0D000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FDC1000 \SystemRoot\system32\drivers\modem.sys
0x8FDCE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FDD7000 \SystemRoot\System32\Drivers\Null.SYS
0x8FDDE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FDEE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8DF77000 \SystemRoot\System32\drivers\vga.sys
0x8DF83000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FDF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FC00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8DFA4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8DFAF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FDE5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8DFBD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DFD3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FDFD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8DFEA000 \SystemRoot\System32\Drivers\R5U870FLx86.sys
0x90008000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90029000 \SystemRoot\System32\Drivers\R5U870FUx86.sys
0x90034000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9003D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9004D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9029B000 \SystemRoot\system32\DRIVERS\smb.sys
0x902AF000 \SystemRoot\system32\drivers\afd.sys
0x902F7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90329000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9033F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9034D000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x90353000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90366000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x9036C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x903A8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x903B2000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x903B7000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x903B8000 \SystemRoot\System32\Drivers\dfsc.sys
0x903CF000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x903F1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x88D09000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x99400000 \SystemRoot\System32\win32k.sys
0x90200000 \SystemRoot\System32\drivers\Dxapi.sys
0x901C4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99620000 \SystemRoot\System32\TSDDD.dll
0x99640000 \SystemRoot\System32\cdd.dll
0x901D3000 \SystemRoot\system32\drivers\luafv.sys
0x88FD0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x80C0E000 \SystemRoot\system32\drivers\spsys.sys
0x80CBE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x80CCE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x80CF8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x80D02000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x80D15000 \SystemRoot\system32\drivers\HTTP.sys
0x80D82000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x80D9F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x80DB8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x80DCD000 \SystemRoot\system32\drivers\mrxdav.sys
0xA0009000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0028000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0061000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0079000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA00A0000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0106000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xA0196000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA1208000 \SystemRoot\system32\drivers\peauth.sys
0xA12E6000 \SystemRoot\system32\drivers\regi.sys
0xA12E8000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA12F2000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA12FE000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA1306000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA131B000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA132D000 \SystemRoot\system32\drivers\tdtcp.sys
0xA1338000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA1344000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA1377000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
0xA1381000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x77390000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll

Processes (total 68):
0 System Idle Process
4 System
516 C:\Windows\System32\smss.exe
584 csrss.exe
636 C:\Windows\System32\wininit.exe
644 csrss.exe
680 C:\Windows\System32\services.exe
696 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
844 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\winlogon.exe
1132 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\audiodg.exe
1228 C:\Windows\System32\SLsvc.exe
1264 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\svchost.exe
1560 C:\Windows\System32\spoolsv.exe
1620 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1640 C:\Windows\System32\svchost.exe
1860 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1876 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1896 C:\Program Files\Bonjour\mDNSResponder.exe
1920 C:\Windows\System32\svchost.exe
1932 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
1996 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
2044 C:\Windows\System32\svchost.exe
560 C:\Windows\System32\svchost.exe
672 C:\Windows\System32\stacsv.exe
828 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2148 C:\Windows\System32\svchost.exe
2156 C:\Windows\System32\svchost.exe
2192 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
2212 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
2240 C:\Windows\System32\svchost.exe
2268 C:\Windows\System32\SearchIndexer.exe
2332 C:\Windows\System32\drivers\XAudio.exe
2444 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
2568 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
2712 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
2756 WUDFHost.exe
2904 C:\Windows\System32\taskeng.exe
3888 WmiPrvSE.exe
3644 C:\Windows\System32\taskeng.exe
4008 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
1300 C:\Windows\System32\dwm.exe
2308 C:\Windows\explorer.exe
4032 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
3208 C:\Program Files\Apoint\Apoint.exe
3752 C:\Windows\System32\rundll32.exe
3216 C:\Windows\System32\rundll32.exe
3692 C:\Program Files\Media\iTunes\iTunesHelper.exe
2108 C:\Program Files\Sony\ISB Utility\ISBMgr.exe
324 C:\Program Files\Apoint\ApMsgFwd.exe
308 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3144 C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
2960 C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
1928 C:\Program Files\Apoint\ApntEx.exe
4148 C:\Windows\System32\wbem\unsecapp.exe
4788 C:\Program Files\iPod\bin\iPodService.exe
5228 C:\Windows\System32\mobsync.exe
4636 C:\Program Files\Mozilla Firefox\firefox.exe
5720 taskeng.exe
5308 C:\Users\***\Desktop\MBRCheck.exe
5224 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`a2a00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHY2200BH, Rev: 0000000B

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: B54B3AC0ADE4B8ABBDCB812292C74DAA2C204010


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Und hier das zweite (War es richtig, einfach nur kurz das Programm zu öffnen, ohne die ganze Routine durchzugehen?)

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Sony Corporation
System Product Name: VGN-FZ31L
Logical Drives Mask: 0x00000074

Kernel Drivers (total 169):
0x82850000 \SystemRoot\system32\ntkrnlpa.exe
0x8281D000 \SystemRoot\system32\hal.dll
0x80606000 \SystemRoot\system32\kdcom.dll
0x8060D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067D000 \SystemRoot\system32\PSHED.dll
0x8068E000 \SystemRoot\system32\BOOTVID.dll
0x80696000 \SystemRoot\system32\CLFS.SYS
0x806D7000 \SystemRoot\system32\CI.dll
0x82E06000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82E82000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82E8F000 \SystemRoot\System32\Drivers\spga.sys
0x82F8F000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x82F98000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B7000 \SystemRoot\system32\drivers\acpi.sys
0x82FBE000 \SystemRoot\system32\drivers\msisadrv.sys
0x82FC6000 \SystemRoot\system32\drivers\pci.sys
0x82FED000 \SystemRoot\System32\drivers\partmgr.sys
0x82FFC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8860B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88615000 \SystemRoot\system32\drivers\volmgr.sys
0x88624000 \SystemRoot\System32\drivers\volmgrx.sys
0x8866E000 \SystemRoot\system32\drivers\intelide.sys
0x88675000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x88683000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x886B0000 \SystemRoot\System32\drivers\mountmgr.sys
0x886C0000 \SystemRoot\system32\drivers\iastorv.sys
0x88804000 \SystemRoot\system32\drivers\iastor.sys
0x888C2000 \SystemRoot\system32\drivers\atapi.sys
0x888CA000 \SystemRoot\system32\drivers\ataport.SYS
0x888E8000 \SystemRoot\system32\drivers\fltmgr.sys
0x8891A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8892A000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x88933000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88A02000 \SystemRoot\system32\drivers\ndis.sys
0x88B0D000 \SystemRoot\system32\drivers\msrpc.sys
0x88B38000 \SystemRoot\system32\drivers\NETIO.SYS
0x88C03000 \SystemRoot\System32\drivers\tcpip.sys
0x88CED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88E0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88F1E000 \SystemRoot\system32\drivers\volsnap.sys
0x88F57000 \SystemRoot\System32\Drivers\spldr.sys
0x88F5F000 \SystemRoot\System32\Drivers\mup.sys
0x88F6E000 \SystemRoot\System32\drivers\ecache.sys
0x88F95000 \SystemRoot\system32\drivers\disk.sys
0x88FA6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88FC7000 \SystemRoot\system32\drivers\crcdisk.sys
0x88FE8000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88FF1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88E00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C804000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CECE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CF6F000 \SystemRoot\System32\drivers\watchdog.sys
0x8CF7B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8CF86000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CFC4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88B73000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D22B000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8D26A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8D27A000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8D288000 \SystemRoot\system32\drivers\ti21sony.sys
0x8D354000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x8D357000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D36A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D375000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8D39E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D3A9000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0x8D3AB000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x8D3C2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D3DA000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x88DC6000 \SystemRoot\System32\Drivers\am379zp8.SYS
0x8D3E0000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8CFD3000 \SystemRoot\system32\DRIVERS\serscan.sys
0x889A4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x88760000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CFDB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CFE6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x889D3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x887A1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x889DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x887C4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x887D8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x889ED000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D3FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D805000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D82F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D839000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D846000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D87B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D88C000 \SystemRoot\system32\drivers\stwrt.sys
0x8D8E1000 \SystemRoot\system32\drivers\portcls.sys
0x8D90E000 \SystemRoot\system32\drivers\drmk.sys
0x8D933000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F604000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F707000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F7BB000 \SystemRoot\system32\drivers\modem.sys
0x8F7C8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F7D1000 \SystemRoot\System32\Drivers\Null.SYS
0x8F7D8000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F7E8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F7EF000 \SystemRoot\System32\drivers\vga.sys
0x8D970000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F7DF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D991000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D999000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D9A4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D9B2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D9BB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D9D1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F7FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D9E8000 \SystemRoot\System32\Drivers\R5U870FLx86.sys
0x8FA06000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8FA27000 \SystemRoot\System32\Drivers\R5U870FUx86.sys
0x8FA32000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8FA3B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FA4B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90091000 \SystemRoot\system32\DRIVERS\smb.sys
0x900A5000 \SystemRoot\system32\drivers\afd.sys
0x900ED000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9011F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90135000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90143000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x90149000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9015C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90162000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9019E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x901A8000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x901AD000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x901AE000 \SystemRoot\System32\Drivers\dfsc.sys
0x901C5000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x901E7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x88D08000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x986F0000 \SystemRoot\System32\win32k.sys
0x901F4000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FBC2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98910000 \SystemRoot\System32\TSDDD.dll
0x98930000 \SystemRoot\System32\cdd.dll
0x8FBD1000 \SystemRoot\system32\drivers\luafv.sys
0x88FD0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x82004000 \SystemRoot\system32\drivers\spsys.sys
0x820B4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x820C4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x820EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x820F8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8210B000 \SystemRoot\system32\drivers\HTTP.sys
0x82178000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x82195000 \SystemRoot\system32\DRIVERS\bowser.sys
0x821AE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x821C3000 \SystemRoot\system32\drivers\mrxdav.sys
0xA0009000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0028000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0061000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0079000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA00A0000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0106000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xA0196000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA160C000 \SystemRoot\system32\drivers\peauth.sys
0xA16EA000 \SystemRoot\system32\drivers\regi.sys
0xA16EC000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA16F6000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA1702000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA170A000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA171F000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA1731000 \SystemRoot\system32\drivers\tdtcp.sys
0xA173C000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA1748000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA177B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8D000000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x77AF0000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll

Processes (total 69):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
560 csrss.exe
612 C:\Windows\System32\wininit.exe
620 csrss.exe
656 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
680 C:\Windows\System32\lsm.exe
812 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\winlogon.exe
1024 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\audiodg.exe
1200 C:\Windows\System32\SLsvc.exe
1224 C:\Windows\System32\svchost.exe
1360 C:\Windows\System32\svchost.exe
1584 C:\Windows\System32\spoolsv.exe
1608 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1620 C:\Windows\System32\svchost.exe
1724 C:\Windows\System32\svchost.exe
1952 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1980 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2004 C:\Program Files\Bonjour\mDNSResponder.exe
2024 C:\Windows\System32\svchost.exe
2036 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
388 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
676 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1160 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\stacsv.exe
2184 C:\Windows\System32\svchost.exe
2200 C:\Windows\System32\svchost.exe
2232 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
2252 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
2292 C:\Windows\System32\svchost.exe
2440 C:\Windows\System32\SearchIndexer.exe
2476 C:\Windows\System32\drivers\XAudio.exe
2660 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
2792 C:\Windows\System32\dwm.exe
2844 C:\Windows\explorer.exe
2908 WUDFHost.exe
2916 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
2960 C:\Windows\System32\taskeng.exe
3032 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
3096 C:\Windows\System32\taskeng.exe
3468 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
3512 C:\Program Files\Apoint\Apoint.exe
3536 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
3568 C:\Windows\System32\rundll32.exe
3676 C:\Program Files\Media\iTunes\iTunesHelper.exe
3684 C:\Program Files\Sony\ISB Utility\ISBMgr.exe
3824 C:\Windows\System32\rundll32.exe
3884 C:\Program Files\Apoint\ApMsgFwd.exe
3892 WmiPrvSE.exe
4024 C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
4040 C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
4064 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3788 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
1876 C:\Program Files\Apoint\ApntEx.exe
784 WmiPrvSE.exe
4200 C:\Windows\System32\wbem\unsecapp.exe
5164 C:\Windows\System32\SearchProtocolHost.exe
5208 C:\Windows\System32\SearchFilterHost.exe
5808 C:\Program Files\iPod\bin\iPodService.exe
4304 C:\Users\***\Desktop\MBRCheck.exe
4192 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`a2a00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHY2200BH, Rev: 0000000B

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: B54B3AC0ADE4B8ABBDCB812292C74DAA2C204010


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Hat sich da was getan?

Larusso 04.08.2010 12:33
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

http://i266.photobucket.com/albums/i...ownload_FF.gif

http://i94.photobucket.com/albums/l8...x-Download.png
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
    • Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
    • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

MrBurns 04.08.2010 13:50
Ok, ich denke das hat geklappt wie es sollte.
Ich hoffe wegen Avira passt alles, ich hatte es, wie Du gesagt hattest, einfach in der Taskleiste deaktiviert, aber Combo-Fix hat trotzdem noch gewarnt. Also hab ich die Avira-Prozesse im Taskmanager manuell beendet, dann erst auf OK geklickt.

Hier ist das Combo-Fix Log:

Combofix Logfile:
Code:
ComboFix 10-08-03.04 - *** 04.08.2010  14:28:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2046.1292 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\Combo-Fix.exe
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 72 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
(((((((((((((((((((((((  Dateien erstellt von 2010-07-04 bis 2010-08-04  ))))))))))))))))))))))))))))))
.

2010-08-04 12:39 . 2010-08-04 12:39        --------        d-----w-        c:\users\***\AppData\Local\temp
2010-08-04 12:39 . 2010-08-04 12:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-08-02 16:50 . 2010-08-02 16:50        --------        d-----w-        c:\program files\7-Zip
2010-08-01 11:13 . 2010-08-01 11:13        63488        ----a-w-        c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-01 11:13 . 2010-08-01 11:13        52224        ----a-w-        c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-01 11:13 . 2010-08-01 11:13        117760        ----a-w-        c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-01 11:12 . 2010-08-01 11:12        --------        d-----w-        c:\users\***\AppData\Roaming\SUPERAntiSpyware.com
2010-08-01 11:12 . 2010-08-01 11:12        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2010-08-01 11:08 . 2010-08-01 11:08        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2010-08-01 11:08 . 2010-08-01 11:08        --------        d-----w-        c:\programdata\Malwarebytes
2010-08-01 11:03 . 2010-07-21 17:50        81920        ----a-w-        c:\windows\system32\remover.exe
2010-07-31 09:10 . 2010-07-31 09:10        --------        d-----w-        c:\users\***\AppData\Roaming\Avira
2010-07-31 09:10 . 2010-07-31 09:10        --------        d-----w-        c:\programdata\Avira
2010-07-31 09:10 . 2010-07-31 09:10        --------        d-----w-        c:\program files\Avira
2010-07-31 09:10 . 2010-03-01 07:05        124784        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-07-31 09:10 . 2010-02-16 11:24        60936        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-07-31 09:10 . 2009-05-11 09:49        51992        ----a-w-        c:\windows\system32\drivers\avgntdd.sys
2010-07-31 09:10 . 2009-05-11 09:49        17016        ----a-w-        c:\windows\system32\drivers\avgntmgr.sys

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 12:24 . 2007-11-02 09:52        2140        ----a-w-        c:\windows\bthservsdp.dat
2010-08-04 10:25 . 2006-11-02 15:33        628742        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-04 10:25 . 2006-11-02 15:33        126260        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-04 10:20 . 2008-09-14 13:09        --------        d-----w-        c:\program files\ac'tivAid
2010-08-04 10:12 . 2008-03-08 14:00        308516        ----a-w-        c:\users\***\AppData\Roaming\nvModes.dat
2010-08-03 11:55 . 2009-02-02 20:47        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2010-08-03 11:24 . 2010-08-03 11:24        --------        d-----w-        c:\program files\trend micro
2010-08-03 11:03 . 2009-06-12 10:49        --------        d-----w-        c:\program files\Tools
2010-08-03 10:34 . 2007-11-02 10:39        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-08-03 10:33 . 2009-11-17 20:33        --------        d-----w-        c:\program files\AskBarDis
2010-08-03 10:32 . 2008-05-12 21:22        --------        d-----w-        c:\users\***\AppData\Roaming\Samsung
2010-08-03 09:08 . 2010-03-27 06:38        --------        d-----w-        c:\program files\Mozilla Thunderbird
2010-08-02 16:21 . 2008-03-08 17:31        --------        d-----w-        c:\users\***\AppData\Roaming\Skype
2010-08-02 14:09 . 2008-11-12 22:34        --------        d-----w-        c:\users\***\AppData\Roaming\skypePM
2010-07-31 09:41 . 2008-03-08 14:00        2032        ----a-w-        c:\users\***\AppData\Local\d3d9caps.dat
2010-07-29 07:20 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-07-28 16:18 . 2009-08-12 11:23        --------        d-----w-        c:\users\***\AppData\Roaming\vlc
2010-07-23 14:16 . 2008-04-18 20:43        --------        d-----w-        c:\users\***\AppData\Roaming\dvdcss
2010-07-08 12:44 . 2008-10-07 21:00        --------        d-----w-        c:\programdata\DVD Shrink
2010-06-26 07:20 . 2007-11-02 12:32        --------        d-----w-        c:\program files\Microsoft.NET
2010-06-19 14:58 . 2010-04-12 17:17        --------        d-----w-        c:\program files\Brother
2010-06-18 09:00 . 2009-06-21 11:22        --------        d-----w-        c:\program files\Common Files\Adobe AIR
2010-06-18 08:10 . 2010-06-18 08:10        --------        d-----w-        c:\program files\iPod
2010-06-18 08:10 . 2008-05-30 14:42        --------        d-----w-        c:\program files\Common Files\Apple
2010-06-18 08:05 . 2010-06-18 08:05        --------        d-----w-        c:\program files\Bonjour
2010-06-18 08:02 . 2010-06-18 08:02        72504        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-10 08:35 . 2007-11-02 12:31        --------        d-----w-        c:\programdata\Microsoft Help
2010-06-03 02:41 . 2010-06-03 02:41        3600384        ----a-w-        c:\windows\system32\GPhotos.scr
2010-05-26 17:06 . 2010-06-10 07:20        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 07:20        289792        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-03 08:14        221568        ------w-        c:\windows\system32\MpSigStub.exe
2010-05-18 14:35 . 2010-05-18 14:35        91424        ----a-w-        c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35        107808        ----a-w-        c:\windows\system32\dns-sd.exe
2009-05-01 21:02 . 2009-05-01 21:02        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"QuickTime Task"="c:\program files\Media\Quicktime\QTTask.exe" [2010-03-17 421888]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-30 86016]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-30 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-30 8429568]
"iTunesHelper"="c:\program files\Media\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ac'tivAid.lnk - c:\program files\ac'tivAid\ac'tivAid.ahk [2008-6-5 495612]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2010-1-31 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-03-02 08:28        282792        ----a-w-        c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):34,dd,19,98,b9,3a,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-987963808-153773845-4039585465-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 133104]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 28464]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
R3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys [2008-02-06 260992]
R3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys [2008-02-06 337408]
R3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys [2008-02-06 14976]
R3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys [2008-02-06 380672]
R3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys [2008-02-06 343680]
R3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys [2008-02-06 24960]
R3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys [2008-02-06 344064]
R3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys [2008-02-06 337408]
R3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys [2008-02-15 17408]
R3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys [2007-08-14 12672]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 79136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-12-29 717296]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 R5U870FLx86;R5U870 UVC Lower Filter  ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-10-30 75008]
S3 R5U870FUx86;R5U870 UVC Upper Filter  ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-10-30 43904]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 13:43]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 13:43]

2010-08-04 c:\windows\Tasks\User_Feed_Synchronization-{D7D98F91-450C-49D3-BB4B-0438F4214718}.job
- c:\windows\system32\msfeedssync.exe [2008-05-21 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\03h4vejo.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\03h4vejo.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Media\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Media\Quicktime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Media\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\Media\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\Media\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\Media\Quicktime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Media\Quicktime\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\Media\Quicktime\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Media\VLC\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\03h4vejo.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\03h4vejo.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-Broken Sword 2.5_is1 - h:\spiele\Broken Sword 2.5\unins000.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-04 14:39
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{2bf7a1af-55a1-4aab-8d0d-ef52d910f739}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:13001e3d
"Dhcpv6State"=dword:00000000
"NameServer"=""
"Domain"=""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{30e23b6c-4e47-4a15-8f3e-87e28ba2ee4f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1c000000
"Dhcpv6State"=dword:00000000
"NameServer"=""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{37d47763-3b90-4de2-8877-1b2e595a7c0d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001bfb
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{5d0132f3-4a8b-4681-a447-f2b6a2756856}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001bfb
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{5d975e27-fb06-44d7-aabb-fb7904f7fe10}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:14020054
"Dhcpv6State"=dword:00000000
"NameServer"=""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{65938753-0a95-49ee-a059-c49a96427f46}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:100013e8
"Dhcpv6State"=dword:00000000
"NameServer"=""
"Domain"=""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9eac5aae-e66e-459a-9eeb-ac7605986802}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001a80
"Dhcpv6State"=dword:00000000
"NameServer"=""
"Domain"=""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c01b0445-c385-4457-a482-34049e84d889}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e00059a
"Dhcpv6State"=dword:00000000
"NameServer"=""
"Domain"=""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2010-08-04  14:41:54
ComboFix-quarantined-files.txt  2010-08-04 12:41

Vor Suchlauf: 15 Verzeichnis(se), 22.891.397.120 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 22.831.968.256 Bytes frei

- - End Of File - - 46E44A66255F1A40B736B58C320DB013
--- --- ---

Larusso 04.08.2010 14:12
Well done.
Noch immer Musik ?

Starte bitte mbrcheck.exe und poste mir die Logfile

MrBurns 04.08.2010 14:16
Noch ist die Musik nicht zurückgekehrt!
MBRCheck sieht auch gut aus:

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Sony Corporation
System Product Name: VGN-FZ31L
Logical Drives Mask: 0x00000074

Kernel Drivers (total 169):
0x8284A000 \SystemRoot\system32\ntkrnlpa.exe
0x82817000 \SystemRoot\system32\hal.dll
0x80600000 \SystemRoot\system32\kdcom.dll
0x80607000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80677000 \SystemRoot\system32\PSHED.dll
0x80688000 \SystemRoot\system32\BOOTVID.dll
0x80690000 \SystemRoot\system32\CLFS.SYS
0x806D1000 \SystemRoot\system32\CI.dll
0x82E04000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82E80000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82E8D000 \SystemRoot\system32\drivers\acpi.sys
0x82ED3000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82EDC000 \SystemRoot\system32\drivers\msisadrv.sys
0x82EE4000 \SystemRoot\system32\drivers\pci.sys
0x82F0B000 \SystemRoot\System32\drivers\partmgr.sys
0x82F1A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82F1D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82F27000 \SystemRoot\system32\drivers\volmgr.sys
0x82F36000 \SystemRoot\System32\drivers\volmgrx.sys
0x82F80000 \SystemRoot\system32\drivers\intelide.sys
0x82F87000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82F95000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x82FC2000 \SystemRoot\System32\drivers\mountmgr.sys
0x88606000 \SystemRoot\system32\drivers\iastorv.sys
0x886A6000 \SystemRoot\system32\drivers\iastor.sys
0x88764000 \SystemRoot\system32\drivers\atapi.sys
0x8876C000 \SystemRoot\system32\drivers\ataport.SYS
0x8878A000 \SystemRoot\system32\drivers\fltmgr.sys
0x887BC000 \SystemRoot\system32\drivers\fileinfo.sys
0x887CC000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8880B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8887C000 \SystemRoot\system32\drivers\ndis.sys
0x88987000 \SystemRoot\system32\drivers\msrpc.sys
0x889B2000 \SystemRoot\system32\drivers\NETIO.SYS
0x88A07000 \SystemRoot\System32\drivers\tcpip.sys
0x88AF1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88C00000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88D10000 \SystemRoot\system32\drivers\volsnap.sys
0x88D49000 \SystemRoot\System32\Drivers\spldr.sys
0x88D51000 \SystemRoot\System32\Drivers\mup.sys
0x88D60000 \SystemRoot\System32\drivers\ecache.sys
0x88D87000 \SystemRoot\system32\drivers\disk.sys
0x88D98000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88DB9000 \SystemRoot\system32\drivers\crcdisk.sys
0x88DDA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88DE3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88DF2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C606000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CCD0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CD71000 \SystemRoot\System32\drivers\watchdog.sys
0x8CD7D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8CD88000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CDC6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D008000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D436000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8D475000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8D485000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8D493000 \SystemRoot\system32\drivers\ti21sony.sys
0x8D55F000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x8D562000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D575000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D580000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8D5A9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D5B4000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0x8D5B6000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x8D5CD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D5E5000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8D095000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8D5EB000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8D0B3000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D0E2000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D5F3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D123000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D13A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D15D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D16C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D180000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D195000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D20B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D1A5000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D1CF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D1D9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x88BCA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D1E6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EE07000 \SystemRoot\system32\drivers\stwrt.sys
0x8EE5C000 \SystemRoot\system32\drivers\portcls.sys
0x8EE89000 \SystemRoot\system32\drivers\drmk.sys
0x8EEAE000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8EEEB000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F008000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F0BC000 \SystemRoot\system32\drivers\modem.sys
0x8F0C9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F0D2000 \SystemRoot\System32\Drivers\Null.SYS
0x8F0D9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F0E9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F0F0000 \SystemRoot\System32\drivers\vga.sys
0x8F0FC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F11D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F125000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F12D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F138000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F146000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F14F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F165000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F17C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F17E000 \SystemRoot\System32\Drivers\R5U870FLx86.sys
0x8F191000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F1B2000 \SystemRoot\System32\Drivers\R5U870FUx86.sys
0x8F1BD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F1C6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F1D6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F1DE000 \SystemRoot\system32\DRIVERS\smb.sys
0x807B1000 \SystemRoot\system32\drivers\afd.sys
0x8FA09000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FA3B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FA51000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FA5F000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x8FA65000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FA78000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8FA7E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FABA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FAC4000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8FAC9000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x8FACA000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FAE1000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8FB03000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FB10000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x97AA0000 \SystemRoot\System32\win32k.sys
0x8FBCE000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FBD8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97CC0000 \SystemRoot\System32\TSDDD.dll
0x97CE0000 \SystemRoot\System32\cdd.dll
0x8CDD5000 \SystemRoot\system32\drivers\luafv.sys
0x8FBE7000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x88B0C000 \SystemRoot\system32\drivers\spsys.sys
0x8EFEE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x887D5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8F1F2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x88DC2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9F40C000 \SystemRoot\system32\drivers\HTTP.sys
0x9F479000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9F496000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9F4AF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9F4C4000 \SystemRoot\system32\drivers\mrxdav.sys
0x9F4E5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9F504000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9F53D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F555000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F57C000 \SystemRoot\System32\DRIVERS\srv.sys
0xA060A000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xA069A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA069E000 \SystemRoot\system32\drivers\peauth.sys
0xA077C000 \SystemRoot\system32\drivers\regi.sys
0xA077E000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0788000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA0794000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA079C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA07B1000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA07C3000 \SystemRoot\system32\drivers\tdtcp.sys
0xA07CE000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x9F5CA000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA07DA000 \??\C:\Users\***\AppData\Local\Temp\catchme.sys
0xA07E2000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x8D20D000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0xA07E4000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA07FA000 \??\C:\Users\***\AppData\Local\Temp\mbr.sys
0xA0600000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
0x77B90000 \Windows\System32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
560 csrss.exe
612 C:\Windows\System32\wininit.exe
620 csrss.exe
656 C:\Windows\System32\services.exe
668 C:\Windows\System32\lsass.exe
680 C:\Windows\System32\lsm.exe
820 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\winlogon.exe
1208 C:\Windows\System32\audiodg.exe
1280 C:\Windows\System32\SLsvc.exe
1332 C:\Windows\System32\svchost.exe
1532 C:\Windows\System32\svchost.exe
1736 C:\Windows\System32\spoolsv.exe
1760 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1780 C:\Windows\System32\svchost.exe
1964 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2000 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2024 C:\Program Files\Bonjour\mDNSResponder.exe
2040 C:\Windows\System32\svchost.exe
284 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
392 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
528 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
564 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\stacsv.exe
2164 C:\Windows\System32\svchost.exe
2208 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
2244 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
2288 C:\Windows\System32\svchost.exe
2324 C:\Windows\System32\SearchIndexer.exe
2412 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
2512 C:\Windows\System32\taskeng.exe
2592 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
2636 C:\Windows\System32\dwm.exe
2688 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
3116 WUDFHost.exe
3832 C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
3840 C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
3876 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
924 C:\Windows\System32\conime.exe
1668 C:\Windows\System32\notepad.exe
3380 C:\Windows\explorer.exe
1800 C:\Program Files\AutoHotkey\AutoHotkey.exe
2300 C:\Windows\System32\wbem\unsecapp.exe
2252 WmiPrvSE.exe
2676 C:\Program Files\Mozilla Firefox\firefox.exe
1352 C:\Windows\System32\mobsync.exe
1488 C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
2576 C:\Program Files\Mozilla Firefox\plugin-container.exe
2492 C:\Users\***\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`a2a00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHY2200BH, Rev: 0000000B

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
Haben wir gewonnen? :-)

Larusso 04.08.2010 14:37
Schritt 1

Update bitte Malwarebytes und lass einen QuickScan laufen


Schritt 2

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.

    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.

  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Remove found threads" und "Scan archives".
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.


Schritt 3

Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.

Poste den Inhalt bitte hier.


Schritt 4

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

MrBurns 05.08.2010 09:39
Ok, hier sind die Logs:

Malwarebytes:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4388

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

04.08.2010 15:45:48
mbam-log-2010-08-04 (15-45-48).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 141521
Laufzeit: 7 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
ESET:

Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0fe6b22b45166a4c99b7151ce6a9e763
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-05 08:21:55
# local_time=2010-08-05 10:21:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 152924 152924 0 0
# compatibility_mode=1797 16775166 100 94 63831 40084307 129496 0
# compatibility_mode=5892 16776637 100 100 162714 118520342 0 0
# compatibility_mode=8192 67108863 100 0 123 123 0 0
# scanned=201708
# found=5
# cleaned=5
# scan_time=8901
C:\Users\***\Desktop\Stickinhalt\autorun.inf Win32/Peerfrag.DE worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\***\Downloads\bmxpro.exe Win32/Adware.WildTangent application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\***\Downloads\SlySoft_CloneDVD_2.9.0.9___Crack.rar probably a variant of Win32/TrojanDownloader.Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\***\Downloads\snowboard.exe Win32/Adware.WildTangent application (deleted - quarantined) 00000000000000000000000000000000 C
D:\Sicherung\Stickinhalt\autorun.inf Win32/Peerfrag.DE worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Security Check:

Zitat:
Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 8.1.4 - Deutsch
Out of date Adobe Reader installed!
Mozilla Thunderbird (3.0.4) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
Und zu guter Letzt noch OTL:

OTL Logfile:
Code:
OTL logfile created on: 05.08.2010 10:27:15 - Run 2
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\***\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 175,77 Gb Total Space | 20,93 Gb Free Space | 11,91% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 25,82 Gb Free Space | 8,66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: QUENTIN
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.02 18:49:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe
PRC - [2010.07.30 20:54:55 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.04.17 10:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.10.27 02:17:00 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.10.11 19:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007.10.10 17:24:26 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007.09.19 12:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ISB Utility\ISBMgr.exe
PRC - [2007.08.28 17:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007.08.28 17:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007.08.14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007.08.14 21:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007.06.28 09:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007.06.15 13:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007.06.10 02:12:18 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe
PRC - [2007.06.10 02:12:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe
PRC - [2007.06.10 02:12:16 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe
PRC - [2007.05.31 10:32:14 | 000,551,032 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.02 18:49:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010.07.31 13:01:36 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.08.12 22:54:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.04.17 10:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.02 14:39:23 | 001,838,592 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007.10.27 02:17:00 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.09.28 22:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007.09.20 19:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007.08.28 17:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007.08.28 17:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007.08.14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007.06.28 09:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007.06.28 09:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007.06.20 16:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007.06.20 16:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007.06.20 16:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007.06.20 16:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007.06.20 16:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007.06.20 16:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007.01.19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007.01.10 17:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.12.14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.12.29 15:08:28 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.09.04 12:23:57 | 000,099,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008.07.21 14:11:58 | 000,024,392 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008.07.12 18:36:37 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.04.17 10:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.03.29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.02.15 19:04:42 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\semcreserved.sys -- (SEMCReserved)
DRV - [2008.02.06 16:16:32 | 000,337,408 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembwwan.sys -- (sembwwan) Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM)
DRV - [2008.02.06 16:16:10 | 000,344,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembunic.sys -- (sembunic) Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM)
DRV - [2008.02.06 16:16:02 | 000,024,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembnd5.sys -- (sembnd5) Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS)
DRV - [2008.02.06 16:15:56 | 000,343,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembmgmt.sys -- (sembmgmt) Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM)
DRV - [2008.02.06 16:15:48 | 000,380,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembmdm2.sys -- (sembmdm2)
DRV - [2008.02.06 16:15:34 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembmdfl2.sys -- (sembmdfl2)
DRV - [2008.02.06 16:14:52 | 000,337,408 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembcard.sys -- (sembcard) Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM)
DRV - [2008.02.06 16:14:44 | 000,260,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembbus.sys -- (sembbus) SEMC WMC Composite Device driver (WDM)
DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.19 07:53:31 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2008.01.19 07:53:31 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2008.01.19 07:53:28 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2007.12.10 15:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007.12.10 15:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 15:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007.12.10 15:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 15:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007.10.30 02:33:23 | 007,115,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.10.30 02:00:32 | 000,075,008 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007.10.30 02:00:32 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007.10.27 02:17:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.10.10 02:03:56 | 000,017,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007.10.10 02:03:54 | 000,099,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007.10.10 02:03:54 | 000,081,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007.10.10 02:03:13 | 000,028,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2007.10.05 02:02:21 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.10.05 02:02:18 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.10.05 02:02:17 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.10.05 02:02:17 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.10.05 02:02:08 | 000,246,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.09.19 14:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007.09.19 05:29:09 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.08.29 03:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007.08.14 10:15:18 | 000,012,672 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sesc.sys -- (Sony_EricssonWWSC)
DRV - [2007.06.10 02:12:18 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.06.06 02:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007.02.16 02:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007.02.13 20:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005.03.11 16:17:46 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex)
DRV - [2005.03.11 16:17:44 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005.03.11 16:17:40 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.03.11 16:17:38 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.03.11 16:17:34 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.30 20:55:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.30 20:55:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.28 08:55:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.03.27 08:38:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.03.27 08:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.04 12:32:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\03h4vejo.default\extensions
[2010.04.11 22:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\03h4vejo.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2009.10.15 18:25:42 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\03h4vejo.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.01.21 22:02:27 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\03h4vejo.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010.02.05 10:21:30 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\03h4vejo.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2009.12.07 21:50:15 | 000,000,000 | ---D | M] (CookieSafe) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\03h4vejo.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}
[2008.05.13 19:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\03h4vejo.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010.07.28 17:10:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\03h4vejo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.18 12:31:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\03h4vejo.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2008.10.24 15:59:20 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\03h4vejo.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009.07.04 14:46:58 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\03h4vejo.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2010.04.16 21:57:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\03h4vejo.default\extensions\firegestures@xuldev.org
[2009.05.29 19:27:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\03h4vejo.default\extensions\moveplayer@movenetworks.com
[2010.02.13 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\03h4vejo.default\extensions\optout@google.com
[2009.09.26 18:48:40 | 000,002,321 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\03h4vejo.default\searchplugins\forestle-de.xml
[2008.06.28 11:19:09 | 000,000,908 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\03h4vejo.default\searchplugins\imdb.xml
[2010.08.04 12:32:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.09 14:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2008.01.23 08:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll
[2008.06.30 22:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\npOGAPlugin.dll
[2010.07.30 20:54:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.30 20:54:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.30 20:54:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.30 20:54:59 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.30 20:54:59 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.04 14:39:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ac'tivAid.lnk = C:\Programme\ac'tivAid\ac'tivAid.ahk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///F:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///F:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///F:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aa.swh.mhn.de
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\***\Pictures\Desktop Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\***\Pictures\Desktop Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.05 07:51:31 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.08.04 14:42:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.08.04 14:41:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.08.04 14:41:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2010.08.04 14:18:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.08.04 14:18:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.08.04 14:18:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.08.04 14:16:38 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010.08.04 14:05:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.04 14:05:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.08.03 13:24:46 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.08.03 13:24:46 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.03 13:03:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.03 13:03:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.03 12:48:40 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojanerlogs
[2010.08.02 19:16:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.02 18:50:56 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.08.02 18:49:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools
[2010.08.02 18:16:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbr
[2010.08.01 13:12:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
[2010.08.01 13:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.08.01 13:08:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.08.01 13:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.01 13:03:58 | 000,081,920 | ---- | C] (eSage Lab) -- C:\Windows\System32\remover.exe
[2010.08.01 13:03:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\remover
[2010.07.31 11:10:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2010.07.31 11:10:27 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.07.31 11:10:27 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.07.31 11:10:27 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.07.31 11:10:27 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.07.31 11:10:27 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.07.31 11:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.07.31 07:43:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.05 10:26:54 | 004,980,736 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010.08.05 10:24:18 | 000,869,051 | ---- | M] () -- C:\Users\***\Desktop\SecurityCheck.exe
[2010.08.05 10:06:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.05 09:43:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 09:43:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 07:54:05 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.05 07:54:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.05 07:54:05 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.05 07:54:05 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.05 07:54:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.05 07:51:08 | 002,672,312 | ---- | M] () -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2010.08.05 07:45:48 | 000,308,516 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.08.05 07:45:04 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D7D98F91-450C-49D3-BB4B-0438F4214718}.job
[2010.08.05 07:44:44 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010.08.05 07:44:19 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.05 07:43:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.05 07:43:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.05 07:43:42 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.04 15:46:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.04 15:46:25 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.08.04 15:46:25 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.04 15:46:18 | 002,072,527 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.08.04 14:39:10 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.08.04 14:39:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.08.04 14:04:25 | 000,036,833 | ---- | M] () -- C:\Users\***\Desktop\bootkit_remover.rar
[2010.08.04 14:02:21 | 003,749,693 | R--- | M] () -- C:\Users\***\Desktop\Combo-Fix.exe
[2010.08.04 12:18:16 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBRCheck_MBR_Backup_08-04-10_12-18-16.bak
[2010.08.04 12:12:13 | 000,308,516 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2010.08.03 23:06:07 | 000,080,384 | ---- | M] () -- C:\Users\***\Desktop\MBRCheck.exe
[2010.08.03 13:15:26 | 000,339,991 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe
[2010.08.03 13:03:27 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.02 18:49:21 | 000,284,915 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip
[2010.08.02 18:48:19 | 000,410,626 | ---- | M] () -- C:\Users\***\Desktop\Load.exe
[2010.07.31 21:13:28 | 000,002,315 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.07.31 11:41:41 | 000,002,032 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.07.31 11:10:33 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.07.31 08:44:20 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.07.28 18:18:25 | 000,093,696 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.27 13:45:18 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010.07.21 19:50:20 | 000,081,920 | ---- | M] (eSage Lab) -- C:\Windows\System32\remover.exe
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.05 10:24:17 | 000,869,051 | ---- | C] () -- C:\Users\***\Desktop\SecurityCheck.exe
[2010.08.05 07:51:07 | 002,672,312 | ---- | C] () -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2010.08.04 14:18:39 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.04 14:18:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.04 14:18:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.04 14:18:39 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.04 14:18:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.08.04 14:04:24 | 000,036,833 | ---- | C] () -- C:\Users\***\Desktop\bootkit_remover.rar
[2010.08.04 14:02:20 | 003,749,693 | R--- | C] () -- C:\Users\***\Desktop\Combo-Fix.exe
[2010.08.04 12:18:16 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBRCheck_MBR_Backup_08-04-10_12-18-16.bak
[2010.08.03 13:15:26 | 000,339,991 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe
[2010.08.03 13:03:27 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.02 19:27:34 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe
[2010.08.02 18:49:21 | 000,284,915 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip
[2010.08.02 18:48:19 | 000,410,626 | ---- | C] () -- C:\Users\***\Desktop\Load.exe
[2010.08.02 18:46:17 | 000,080,384 | ---- | C] () -- C:\Users\***\Desktop\MBRCheck.exe
[2010.07.31 11:52:22 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.31 11:10:33 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.07.31 08:48:42 | 000,002,565 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010.07.31 08:48:42 | 000,001,754 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ac'tivAid.lnk
[2010.04.12 19:20:00 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.04.12 19:20:00 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.04.12 19:18:24 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010.04.12 19:18:22 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010.04.12 19:15:39 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.04.09 11:33:21 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.04.09 11:33:21 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.02.22 16:03:05 | 001,658,973 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2009.11.09 14:55:06 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2009.10.10 16:39:20 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini
[2009.09.17 08:07:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.08 23:24:16 | 000,017,408 | ---- | C] () -- C:\Windows\System32\drivers\semcreserved.sys
[2008.12.29 15:08:28 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.10.09 21:20:22 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008.10.09 21:20:22 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008.10.09 21:20:22 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.07.23 18:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.04.17 10:08:56 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.03.10 17:17:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.02.02 19:11:47 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008.02.02 18:49:59 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2008.02.02 18:49:04 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2007.08.28 19:03:14 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
< End of report >
--- --- ---

Larusso 05.08.2010 10:11
Code:
C:\Users\***\Downloads\SlySoft_CloneDVD_2.9.0.9___Crack.rar
Dateien, die crack.exe, keygen.exe oder patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte.
Ausserdem sind diese illegal und somit beschränkt sich der Support auf
Anleitung zum Neu aufsetzten



Dieses Thema scheint erledigt und wird aus den Abos gelöscht.

Jeder andere möge bitte einen eigenen Thread starten.

MrBurns 05.08.2010 10:21
Ok verstanden, danke für die Hilfe!
Hat der Scanner die Datei unschädlich gemacht, oder ist das Neuaufsetzen trotzdem nötig?


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:02 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131