"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"

LuckySony · 10.01.2012, 20:55

Hallo miteinander,

leider bin ich - wie, wahrscheinlich viele hier - ziemlich unerfahren was Viren angeht.

Ich habe vor ca. einer Woche das erste Mal die Meldung bekommen "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" und weiter unten ist ein Button auf dem steht: Bezahlen und runterladen.

Das Bild erscheint ca. 20 min nachdem ich meinen Computer hochfahre und eine Verbindung mit dem Internet herstelle.

Dieses Otl habe ich zwar runtergeladen, aber weiß nicht so recht, was ich da jetzt genau hier rein kopieren muss.
Bitte um Rat und Hilfe.

Danke schon mal im voraus.

Lg Sony

cosinus · 11.01.2012, 19:04

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

LuckySony · 12.01.2012, 19:54

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.11.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Vivian :: VIVIAN-VAIO [Administrator]

11.01.2012 21:12:59
mbam-log-2012-01-11 (21-12-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 188959
Laufzeit: 2 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Vivian\AppData\Local\Temp\ICReinstall\MovConverterSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.11.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Vivian :: VIVIAN-VAIO [Administrator]

11.01.2012 21:58:25
mbam-log-2012-01-11 (21-58-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 188921
Laufzeit: 3 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.11.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Vivian :: VIVIAN-VAIO [Administrator]

12.01.2012 16:17:06
mbam-log-2012-01-12 (16-17-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 188953
Laufzeit: 4 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=977200808b070e4baf9da4b3b0dc2158
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-11 11:29:55
# local_time=2012-01-12 12:29:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5121 16776573 100 82 178896 78685980 0 0
# compatibility_mode=5893 16776574 66 85 59379858 77949882 0 0
# compatibility_mode=8192 67108863 100 0 5276 5276 0 0
# scanned=196394
# found=9
# cleaned=0
# scan_time=4562
C:\Users\Vivian\AppData\Local\Temp\jar_cache5831071218264847875.tmp	Java/Exploit.CVE-2011-3544.U trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\Local\Temp\jar_cache6749330812500825252.tmp	Java/Exploit.CVE-2010-0840.AG trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\Local\Temp\is1972027439\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\43296140-48953afe	a variant of Java/TrojanDownloader.Agent.ME trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-160890db	Java/Exploit.CVE-2010-4452.A trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\23669837-662ae6be	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\66be8c7c-58540273	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-45d85659	a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-72060844	a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=977200808b070e4baf9da4b3b0dc2158
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-12 06:20:28
# local_time=2012-01-12 07:20:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5121 16776573 100 82 246615 78753699 0 0
# compatibility_mode=5893 16776574 66 85 59447577 78017601 0 0
# compatibility_mode=8192 67108863 100 0 72995 72995 0 0
# scanned=197083
# found=9
# cleaned=0
# scan_time=4678
C:\Users\Vivian\AppData\Local\Temp\jar_cache5831071218264847875.tmp	Java/Exploit.CVE-2011-3544.U trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\Local\Temp\jar_cache6749330812500825252.tmp	Java/Exploit.CVE-2010-0840.AG trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\Local\Temp\is1972027439\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\43296140-48953afe	a variant of Java/TrojanDownloader.Agent.ME trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-160890db	Java/Exploit.CVE-2010-4452.A trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\23669837-662ae6be	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\66be8c7c-58540273	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-45d85659	a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vivian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-72060844	a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)	00000000000000000000000000000000	I

Danke für die schnelle Antwort!!

Mein Laptop wurde allerdings am Sonntag, auf den Stand von Dezember, zurückgesetzt. Seitdem habe ich die Meldung zwar nicht mehr bekommen, aber der Trojaner müsste trotzdem noch da sein oder?
Beim ersten Scan von Malware wurde ja auch etwas gefunden, könnte das der Trojaner sein?
Der Laptop arbeitet auch von Tag zu Tag langsamer..

LG Sony

cosinus · 12.01.2012, 20:23

Zitat:

Art des Suchlaufs: Quick-Scan

Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

LuckySony · 13.01.2012, 10:28

Ups, hatte ich falsch verstanden, sorry!
Hier der Vollscan:

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.13.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Vivian :: VIVIAN-VAIO [Administrator]

13.01.2012 09:19:58
mbam-log-2012-01-13 (09-19-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 370551
Laufzeit: 1 Stunde(n), 5 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 13.01.2012, 14:51

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

LuckySony · 14.01.2012, 03:22

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.01.2012 02:48:05 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Vivian\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 61,08% Memory free
7,71 Gb Paging File | 5,77 Gb Available in Paging File | 74,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,14 Gb Total Space | 380,43 Gb Free Space | 83,58% Space Free | Partition Type: NTFS
Drive H: | 15,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 7,45 Gb Total Space | 1,11 Gb Free Space | 14,93% Space Free | Partition Type: FAT32
 
Computer Name: VIVIAN-VAIO | User Name: Vivian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.14 02:43:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vivian\Downloads\OTL.exe
PRC - [2011.02.14 12:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.01.29 04:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.06.10 05:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2010.06.10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
PRC - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
PRC - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.03.24 14:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
PRC - [2010.02.23 09:15:43 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe
PRC - [2010.02.19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2010.01.08 15:59:24 | 000,540,672 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\Mobile Partner.exe
PRC - [2009.12.14 21:06:24 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.14 21:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.12.01 22:03:52 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
PRC - [2009.11.21 00:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.11.21 00:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.10.27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
PRC - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009.10.15 16:34:36 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
PRC - [2009.10.15 16:34:36 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
PRC - [2009.10.15 16:34:34 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
PRC - [2009.10.15 16:34:34 | 000,099,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
PRC - [2009.10.15 16:34:34 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
PRC - [2009.10.15 14:17:10 | 000,072,192 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Media Gallery\ElbServer.exe
PRC - [2009.10.02 12:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
PRC - [2009.09.14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009.09.14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009.09.04 22:35:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.09.01 21:42:00 | 000,361,840 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
PRC - [2009.08.26 19:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
PRC - [2009.07.08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
PRC - [2009.07.07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.12 03:26:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
MOD - [2011.10.15 15:17:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\cabd75d4716ede2fed948cbff94dcc38\System.ServiceProcess.ni.dll
MOD - [2011.10.15 15:16:56 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.10.15 15:16:47 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.10.15 15:16:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011.10.15 15:16:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.10.15 15:16:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011.10.15 15:16:22 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.10.15 15:16:11 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010.11.17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.03.04 11:27:44 | 000,139,264 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2010.03.04 11:27:08 | 000,163,840 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\SMSPlugin.dll
MOD - [2010.03.04 11:26:24 | 000,032,768 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\NotifyServicePlugin.dll
MOD - [2010.03.04 11:24:40 | 000,057,344 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\ConfigFilePlugin.dll
MOD - [2010.03.04 11:23:36 | 000,114,688 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2010.03.04 11:21:30 | 000,147,456 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\NetInfoPlugin.dll
MOD - [2010.03.04 11:19:18 | 000,090,112 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\DialUpPlugin.dll
MOD - [2010.03.04 11:18:20 | 000,245,760 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2010.03.04 11:00:52 | 000,991,232 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\NDISAPI.dll
MOD - [2010.02.23 17:48:42 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.01.15 14:53:34 | 000,598,016 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\atcomm.dll
MOD - [2010.01.15 14:53:34 | 000,167,936 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\DetectDev.dll
MOD - [2010.01.15 14:53:34 | 000,090,112 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\FileManager.dll
MOD - [2010.01.15 14:53:34 | 000,061,440 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\XCodec.dll
MOD - [2010.01.15 14:53:34 | 000,061,440 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\DeviceOperate.dll
MOD - [2010.01.15 14:53:34 | 000,014,848 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\isaputrace.dll
MOD - [2010.01.08 15:59:24 | 000,540,672 | ---- | M] () -- C:\Users\Vivian\Mobile Partner\Mobile Partner.exe
MOD - [2009.06.09 19:52:36 | 000,495,616 | ---- | M] () -- C:\Programme\Sony\VAIO Personalization Manager\sqlite3.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.23 14:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011.02.14 12:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011.01.29 04:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.02.19 19:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2010.02.19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2010.01.27 21:10:56 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.11.30 19:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009.11.25 19:06:06 | 000,821,760 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2009.09.01 21:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2011.08.10 10:53:46 | 000,102,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010.06.10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.24 12:16:08 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010.02.17 15:45:16 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Paused] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010.02.17 14:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
SRV - [2009.12.14 21:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.12.14 21:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.11.21 00:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.10.27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.10.15 16:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.10.15 16:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.10.15 16:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.10.15 16:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.10.15 16:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.10.02 12:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009.09.14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.09.14 19:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.09.14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.09.04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.08.31 01:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.31 01:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.07.08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy)
SRV - [2009.07.07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.09.22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.07.15 14:18:22 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2010.02.17 15:52:42 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010.02.17 15:52:42 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010.02.17 15:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010.02.17 15:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2010.01.27 21:10:59 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.12.16 21:03:59 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009.12.16 21:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.12.16 05:04:17 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.12.16 03:49:48 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.14 21:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.12.07 19:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.07 19:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.18 05:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 05:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 05:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 05:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 05:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.13 21:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.12 21:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.11.12 21:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.06 21:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.10.12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.10.09 03:47:00 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.09.15 21:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.08.19 21:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.20 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "data:text/plain,browser.startup.homepage=hxxp://de.search.yahoo.com/firefox/?fr=ffbr-sfp"
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
FF - prefs.js..browser.search.defaultthis.engineName: "ClipGrab Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2536373&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ClipGrab Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2536373&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e36df325-3f4b-476f-8f89-123bc5d51a30}:3.4.1.0
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Users\Vivian\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.01.09 22:44:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Users\Vivian\Mozilla Firefox\components [2012.01.09 22:32:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Users\Vivian\Mozilla Firefox\plugins [2012.01.09 22:32:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Users\Vivian\Mozilla Firefox\components [2012.01.09 22:32:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Users\Vivian\Mozilla Firefox\plugins [2012.01.09 22:32:25 | 000,000,000 | ---D | M]
 
[2010.07.21 22:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vivian\AppData\Roaming\Mozilla\Extensions
[2012.01.14 00:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions
[2010.08.21 12:37:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.23 09:48:03 | 000,000,000 | ---D | M] (ClipGrab Community Toolbar) -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}
[2011.05.18 15:31:32 | 000,000,919 | ---- | M] () -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\searchplugins\conduit.xml
[2012.01.09 22:44:52 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010.07.21 21:20:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
[2010.08.13 21:38:44 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ClipGrab Toolbar) - {E36DF325-3F4B-476F-8F89-123BC5D51A30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide File not found
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe (Sony Corporation)
O4 - HKCU..\Run: [ICQ] C:\Users\Vivian\Icq7\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vivian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vivian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Users\Vivian\Icq7\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Users\Vivian\Icq7\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37DEE150-B1AD-46B7-BA1E-68FDC81E4E86}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.03.11 01:26:10 | 000,000,047 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{03bd265c-16ef-11e1-88e2-5442490fae68}\Shell - "" = AutoRun
O33 - MountPoints2\{03bd265c-16ef-11e1-88e2-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{243dae4b-095d-11e1-8c64-5442490fae68}\Shell - "" = AutoRun
O33 - MountPoints2\{243dae4b-095d-11e1-8c64-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2a350baa-d2d3-11df-8544-5442490fae68}\Shell - "" = AutoRun
O33 - MountPoints2\{2a350baa-d2d3-11df-8544-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{73a86308-94fd-11df-901e-506313b20245}\Shell - "" = AutoRun
O33 - MountPoints2\{73a86308-94fd-11df-901e-506313b20245}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{73a8630e-94fd-11df-901e-506313b20245}\Shell - "" = AutoRun
O33 - MountPoints2\{73a8630e-94fd-11df-901e-506313b20245}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{a1ba04ee-c0d2-11df-b267-5442490fae68}\Shell - "" = AutoRun
O33 - MountPoints2\{a1ba04ee-c0d2-11df-b267-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a1ba04fb-c0d2-11df-b267-5442490fae68}\Shell - "" = AutoRun
O33 - MountPoints2\{a1ba04fb-c0d2-11df-b267-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{abe4217c-0980-11e1-be6d-5442490fae68}\Shell - "" = AutoRun
O33 - MountPoints2\{abe4217c-0980-11e1-be6d-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{DB562198-3A06-4B5D-86EF-D9ED5AD005BC} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.11 22:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.01.11 21:01:56 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Roaming\Malwarebytes
[2012.01.11 21:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.11 21:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.11 21:01:50 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.11 21:01:50 | 000,000,000 | ---D | C] -- C:\Users\Vivian\NeuerOrdner
[2012.01.09 22:20:45 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.12.27 14:49:55 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{E44FF127-FF31-4BD7-8479-F49D8016ABD8}
[2011.12.27 14:49:43 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{90BA516A-AFCB-4B68-93D1-3D22B73BC140}
[2011.12.27 14:39:19 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{5256D5D7-DD21-4227-BA78-5E4154F06A80}
[2011.12.27 14:39:06 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{C2196297-FB56-4AE6-B9CB-AD590C703EA7}
[2011.12.27 14:25:06 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{AED2575D-5889-4CCD-BD99-64763FB89A38}
[2011.12.27 14:24:54 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{666B9409-8FC0-49F9-902E-60DA42240239}
[2011.12.24 15:50:17 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{4A9D194F-221D-4655-9F52-4A83EE5A2517}
[2011.12.24 15:50:03 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{3AD3B5F4-4BC2-44F8-AEAE-81E720EACC7A}
[2011.12.24 00:53:04 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{F7890E45-80C8-43CD-A657-446A3E2F1778}
[2011.12.24 00:51:00 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{DEB0A233-37DD-4C96-A14B-5EFF509E705A}
[2011.12.24 00:50:45 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{5EDBA4D8-C8F3-4826-82A3-41021EB76493}
[2011.12.24 00:39:47 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{3E9BFDD6-91F7-40DB-BB05-A5A7E3338FE0}
[2011.12.24 00:39:30 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{5053AF3F-5B39-47DA-99F9-0002C9487BDD}
[2011.12.23 17:37:54 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{78240971-4C5C-45BA-BAFE-AA17B759EFBE}
[2011.12.23 17:37:43 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{288FD5DE-4C52-4124-806E-D2C9502A8A0D}
[2011.12.17 16:10:11 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{5E085598-2983-4E65-93DF-2CE5AE4FC5E6}
[2011.12.17 16:09:52 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\{9F199859-65EC-4180-B28A-01435B8B23C1}
[2011.12.17 00:15:26 | 000,000,000 | ---D | C] -- C:\Users\Vivian\wecker
[6 C:\Users\Vivian\*.tmp files -> C:\Users\Vivian\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.14 01:56:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.14 00:45:36 | 000,024,096 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2012.01.13 23:25:35 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.13 23:25:35 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.13 23:25:35 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.13 23:25:35 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.13 23:25:35 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.13 19:57:13 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 19:57:13 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 19:56:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.13 19:45:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.13 19:45:16 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.11 21:01:51 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.10 12:46:53 | 000,368,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.07 08:58:57 | 000,016,896 | ---- | M] () -- C:\Users\Vivian\trojaner forum.wps
[2012.01.07 08:58:57 | 000,001,146 | ---- | M] () -- C:\Users\Vivian\AppData\Roaming\wklnhst.dat
[2012.01.06 09:16:43 | 000,000,000 | ---- | M] () -- C:\Users\Vivian\defogger_reenable
[2011.12.24 16:23:11 | 000,049,074 | ---- | M] () -- C:\Users\Vivian\Geschenk.wlmp
[2011.12.23 13:33:58 | 000,016,384 | ---- | M] () -- C:\Users\Vivian\geschenk2.wps
[2011.12.18 13:06:32 | 000,016,384 | ---- | M] () -- C:\Users\Vivian\erinnrung.wps
[6 C:\Users\Vivian\*.tmp files -> C:\Users\Vivian\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.11 21:01:51 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.07 08:52:21 | 000,016,896 | ---- | C] () -- C:\Users\Vivian\trojaner forum.wps
[2012.01.06 09:16:43 | 000,000,000 | ---- | C] () -- C:\Users\Vivian\defogger_reenable
[2011.12.23 13:33:58 | 000,016,384 | ---- | C] () -- C:\Users\Vivian\geschenk2.wps
[2011.12.18 13:06:32 | 000,016,384 | ---- | C] () -- C:\Users\Vivian\erinnrung.wps
[2011.02.12 19:56:38 | 000,001,146 | ---- | C] () -- C:\Users\Vivian\AppData\Roaming\wklnhst.dat
[2010.08.13 21:46:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.21 23:23:29 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
[2010.02.23 09:03:32 | 000,002,119 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
[2010.01.29 23:21:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.01.29 21:36:40 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.01.29 21:36:40 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.01.29 21:36:40 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.01.29 21:36:40 | 000,050,036 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.01.29 21:36:39 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.01.29 21:36:34 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010.01.29 21:36:34 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.12.14 13:08:50 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\DVDVideoSoft
[2011.04.25 12:17:33 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.12 17:14:51 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\gtk-2.0
[2011.02.12 19:56:49 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Template
[2011.08.25 12:46:22 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Windows Live Writer
[2011.06.15 00:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011.05.01 00:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011.09.03 23:25:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.21 20:46:34 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Adobe
[2011.02.26 15:17:52 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Apple Computer
[2010.07.24 20:17:19 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\ArcSoft
[2010.07.21 20:35:15 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\ATI
[2011.12.14 13:08:50 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\DVDVideoSoft
[2011.04.25 12:17:33 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.21 20:55:06 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Google
[2011.08.12 17:14:51 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\gtk-2.0
[2010.07.21 20:34:45 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Identities
[2011.02.17 00:15:40 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\InstallShield
[2010.07.21 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Intel Corporation
[2010.07.21 20:57:12 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Macromedia
[2012.01.11 21:01:56 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Malwarebytes
[2010.01.30 01:45:13 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Media Center Programs
[2012.01.09 22:28:02 | 000,000,000 | --SD | M] -- C:\Users\Vivian\AppData\Roaming\Microsoft
[2010.07.21 22:20:32 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Mozilla
[2011.02.18 10:31:16 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Roxio
[2012.01.09 22:28:05 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Skype
[2011.12.23 21:55:57 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\skypePM
[2010.09.15 20:47:32 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Sony Corporation
[2011.02.12 19:56:49 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Template
[2011.08.25 12:46:22 | 000,000,000 | ---D | M] -- C:\Users\Vivian\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2011.06.19 12:40:40 | 003,082,400 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Vivian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Users\Vivian\NeuerOrdner\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---

Erledigt!

cosinus · 14.01.2012, 14:19

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
FF - prefs.js..browser.startup.homepage: "data:text/plain,browser.startup.homepage=http://de.search.yahoo.com/firefox/?fr=ffbr-sfp"
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
FF - prefs.js..browser.search.defaultthis.engineName: "ClipGrab Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2536373&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ClipGrab Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2536373&SearchSource=13"
[2010.08.21 12:37:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.23 09:48:03 | 000,000,000 | ---D | M] (ClipGrab Community Toolbar) -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}
[2011.05.18 15:31:32 | 000,000,919 | ---- | M] () -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\searchplugins\conduit.xml
[2010.07.21 21:20:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ClipGrab Toolbar) - {E36DF325-3F4B-476F-8F89-123BC5D51A30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.03.11 01:26:10 | 000,000,047 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{03bd265c-16ef-11e1-88e2-5442490fae68}\Shell - "" = AutoRun
O33 - MountPoints2\{03bd265c-16ef-11e1-88e2-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{243dae4b-095d-11e1-8c64-5442490fae68}\Shell - "" = AutoRun
O33 - MountPoints2\{243dae4b-095d-11e1-8c64-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2a350baa-d2d3-11df-8544-5442490fae68}\Shell - "" = AutoRun
O33 - MountPoints2\{2a350baa-d2d3-11df-8544-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{73a86308-94fd-11df-901e-506313b20245}\Shell - "" = AutoRun
O33 - MountPoints2\{73a86308-94fd-11df-901e-506313b20245}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{73a8630e-94fd-11df-901e-506313b20245}\Shell - "" = AutoRun
O33 - MountPoints2\{73a8630e-94fd-11df-901e-506313b20245}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{a1ba04ee-c0d2-11df-b267-5442490fae68}\Shell - "" = AutoRun
O33 - MountPoints2\{a1ba04ee-c0d2-11df-b267-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a1ba04fb-c0d2-11df-b267-5442490fae68}\Shell - "" = AutoRun
O33 - MountPoints2\{a1ba04fb-c0d2-11df-b267-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{abe4217c-0980-11e1-be6d-5442490fae68}\Shell - "" = AutoRun
O33 - MountPoints2\{abe4217c-0980-11e1-be6d-5442490fae68}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

LuckySony · 15.01.2012, 17:15

Code:

ATTFilter

 All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e36df325-3f4b-476f-8f89-123bc5d51a30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ deleted successfully.
C:\Program Files (x86)\ClipGrab\prxtbCli0.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e36df325-3f4b-476f-8f89-123bc5d51a30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ not found.
File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.
Prefs.js: "data:text/plain,browser.startup.homepage=hxxp://de.search.yahoo.com/firefox/?fr=ffbr-sfp" removed from browser.startup.homepage
Prefs.js: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl
Prefs.js: "ClipGrab Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2536373&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "ClipGrab Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT2536373&SearchSource=13" removed from browser.startup.homepage
C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\searchplugin folder moved successfully.
C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\modules folder moved successfully.
C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\META-INF folder moved successfully.
C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\defaults folder moved successfully.
C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\components folder moved successfully.
C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\chrome folder moved successfully.
C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30} folder moved successfully.
C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\searchplugins\conduit.xml moved successfully.
C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}\META-INF folder moved successfully.
C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}\defaults\preferences folder moved successfully.
C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}\defaults folder moved successfully.
C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}\components folder moved successfully.
C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}\chrome folder moved successfully.
C:\USERS\VIVIAN\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ not found.
File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e36df325-3f4b-476f-8f89-123bc5d51a30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ not found.
File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E36DF325-3F4B-476F-8F89-123BC5D51A30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E36DF325-3F4B-476F-8F89-123BC5D51A30}\ not found.
File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
File move failed. H:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03bd265c-16ef-11e1-88e2-5442490fae68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03bd265c-16ef-11e1-88e2-5442490fae68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03bd265c-16ef-11e1-88e2-5442490fae68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03bd265c-16ef-11e1-88e2-5442490fae68}\ not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{243dae4b-095d-11e1-8c64-5442490fae68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{243dae4b-095d-11e1-8c64-5442490fae68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{243dae4b-095d-11e1-8c64-5442490fae68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{243dae4b-095d-11e1-8c64-5442490fae68}\ not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a350baa-d2d3-11df-8544-5442490fae68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a350baa-d2d3-11df-8544-5442490fae68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a350baa-d2d3-11df-8544-5442490fae68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a350baa-d2d3-11df-8544-5442490fae68}\ not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a86308-94fd-11df-901e-506313b20245}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73a86308-94fd-11df-901e-506313b20245}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a86308-94fd-11df-901e-506313b20245}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73a86308-94fd-11df-901e-506313b20245}\ not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a8630e-94fd-11df-901e-506313b20245}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73a8630e-94fd-11df-901e-506313b20245}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73a8630e-94fd-11df-901e-506313b20245}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73a8630e-94fd-11df-901e-506313b20245}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1ba04ee-c0d2-11df-b267-5442490fae68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1ba04ee-c0d2-11df-b267-5442490fae68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1ba04ee-c0d2-11df-b267-5442490fae68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1ba04ee-c0d2-11df-b267-5442490fae68}\ not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1ba04fb-c0d2-11df-b267-5442490fae68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1ba04fb-c0d2-11df-b267-5442490fae68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1ba04fb-c0d2-11df-b267-5442490fae68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1ba04fb-c0d2-11df-b267-5442490fae68}\ not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abe4217c-0980-11e1-be6d-5442490fae68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abe4217c-0980-11e1-be6d-5442490fae68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abe4217c-0980-11e1-be6d-5442490fae68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abe4217c-0980-11e1-be6d-5442490fae68}\ not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\AutoRun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Vivian
->Temp folder emptied: 760245590 bytes
->Temporary Internet Files folder emptied: 273491393 bytes
->Java cache emptied: 12846006 bytes
->FireFox cache emptied: 105061335 bytes
->Flash cache emptied: 3202868 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 267803205 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 495434 bytes
RecycleBin emptied: 21666103 bytes
 
Total Files Cleaned = 1.378,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01152012_165810

Files\Folders moved on Reboot...
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
File move failed. H:\AUTORUN.INF scheduled to be moved on reboot.
C:\Users\Vivian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\mcafee_12dJvGXFII2qSHQ not found!
File\Folder C:\Windows\temp\mcmsc_tpBR0IgRl4ub4hu not found!
File\Folder C:\Windows\temp\sqlite_J9psS2gop3EGW3B not found!
File\Folder C:\Windows\temp\sqlite_LKRVqYojEYgVunQ not found!
File\Folder C:\Windows\temp\sqlite_o13oiaYEC16GkZx not found!

Registry entries deleted on Reboot...

cosinus · 15.01.2012, 18:36

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

LuckySony · 15.01.2012, 21:59

Code:

ATTFilter

 21:43:06.0348 7980	TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
21:43:08.0349 7980	============================================================
21:43:08.0349 7980	Current date / time: 2012/01/15 21:43:08.0349
21:43:08.0349 7980	SystemInfo:
21:43:08.0349 7980	
21:43:08.0349 7980	OS Version: 6.1.7600 ServicePack: 0.0
21:43:08.0349 7980	Product type: Workstation
21:43:08.0350 7980	ComputerName: VIVIAN-VAIO
21:43:08.0350 7980	UserName: Vivian
21:43:08.0350 7980	Windows directory: C:\Windows
21:43:08.0350 7980	System windows directory: C:\Windows
21:43:08.0350 7980	Running under WOW64
21:43:08.0350 7980	Processor architecture: Intel x64
21:43:08.0350 7980	Number of processors: 4
21:43:08.0350 7980	Page size: 0x1000
21:43:08.0350 7980	Boot type: Normal boot
21:43:08.0350 7980	============================================================
21:43:08.0875 7980	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
21:43:08.0933 7980	Initialize success
21:46:14.0172 7808	============================================================
21:46:14.0172 7808	Scan started
21:46:14.0172 7808	Mode: Manual; SigCheck; TDLFS; 
21:46:14.0172 7808	============================================================
21:46:14.0832 7808	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
21:46:14.0969 7808	1394ohci - ok
21:46:15.0077 7808	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
21:46:15.0111 7808	ACPI - ok
21:46:15.0179 7808	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
21:46:15.0237 7808	AcpiPmi - ok
21:46:15.0327 7808	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:46:15.0371 7808	adp94xx - ok
21:46:15.0434 7808	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:46:15.0462 7808	adpahci - ok
21:46:15.0546 7808	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:46:15.0581 7808	adpu320 - ok
21:46:15.0670 7808	AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:46:15.0728 7808	AFD - ok
21:46:15.0800 7808	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:46:15.0816 7808	agp440 - ok
21:46:15.0910 7808	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:46:15.0939 7808	aliide - ok
21:46:16.0027 7808	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:46:16.0052 7808	amdide - ok
21:46:16.0132 7808	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:46:16.0204 7808	AmdK8 - ok
21:46:16.0283 7808	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:46:16.0339 7808	AmdPPM - ok
21:46:16.0457 7808	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:46:16.0487 7808	amdsata - ok
21:46:16.0544 7808	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:46:16.0564 7808	amdsbs - ok
21:46:16.0603 7808	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:46:16.0617 7808	amdxata - ok
21:46:16.0740 7808	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:46:16.0791 7808	AppID - ok
21:46:16.0919 7808	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:46:16.0946 7808	arc - ok
21:46:17.0044 7808	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:46:17.0069 7808	arcsas - ok
21:46:17.0142 7808	ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
21:46:17.0179 7808	ArcSoftKsUFilter - ok
21:46:17.0325 7808	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:46:17.0422 7808	AsyncMac - ok
21:46:17.0516 7808	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:46:17.0534 7808	atapi - ok
21:46:17.0653 7808	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
21:46:17.0747 7808	athr - ok
21:46:17.0985 7808	atikmdag        (f3a362b683b6158cc47d7e8e58b7ddc9) C:\Windows\system32\DRIVERS\atikmdag.sys
21:46:18.0210 7808	atikmdag - ok
21:46:18.0356 7808	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:46:18.0421 7808	b06bdrv - ok
21:46:18.0530 7808	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:46:18.0581 7808	b57nd60a - ok
21:46:18.0706 7808	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:46:18.0777 7808	Beep - ok
21:46:18.0863 7808	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:46:18.0921 7808	blbdrive - ok
21:46:19.0045 7808	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:46:19.0088 7808	bowser - ok
21:46:19.0172 7808	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:46:19.0224 7808	BrFiltLo - ok
21:46:19.0285 7808	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:46:19.0321 7808	BrFiltUp - ok
21:46:19.0381 7808	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:46:19.0434 7808	Brserid - ok
21:46:19.0498 7808	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:46:19.0564 7808	BrSerWdm - ok
21:46:19.0634 7808	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:46:19.0685 7808	BrUsbMdm - ok
21:46:19.0775 7808	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:46:19.0793 7808	BrUsbSer - ok
21:46:19.0867 7808	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:46:19.0927 7808	BthEnum - ok
21:46:20.0005 7808	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:46:20.0066 7808	BTHMODEM - ok
21:46:20.0143 7808	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:46:20.0196 7808	BthPan - ok
21:46:20.0347 7808	BTHPORT         (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
21:46:20.0413 7808	BTHPORT - ok
21:46:20.0529 7808	BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
21:46:20.0578 7808	BTHUSB - ok
21:46:20.0653 7808	btusbflt        (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
21:46:20.0665 7808	btusbflt - ok
21:46:20.0741 7808	btwaudio        (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
21:46:20.0753 7808	btwaudio - ok
21:46:20.0862 7808	btwavdt         (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
21:46:20.0874 7808	btwavdt - ok
21:46:20.0991 7808	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:46:21.0008 7808	btwl2cap - ok
21:46:21.0083 7808	btwrchid        (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
21:46:21.0105 7808	btwrchid - ok
21:46:21.0172 7808	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:46:21.0262 7808	cdfs - ok
21:46:21.0347 7808	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:46:21.0403 7808	cdrom - ok
21:46:21.0512 7808	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:46:21.0578 7808	circlass - ok
21:46:21.0641 7808	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:46:21.0664 7808	CLFS - ok
21:46:21.0778 7808	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:46:21.0810 7808	CmBatt - ok
21:46:21.0837 7808	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:46:21.0851 7808	cmdide - ok
21:46:21.0899 7808	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
21:46:21.0957 7808	CNG - ok
21:46:22.0102 7808	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:46:22.0125 7808	Compbatt - ok
21:46:22.0192 7808	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
21:46:22.0253 7808	CompositeBus - ok
21:46:22.0386 7808	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:46:22.0413 7808	crcdisk - ok
21:46:22.0503 7808	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:46:22.0549 7808	DfsC - ok
21:46:22.0622 7808	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:46:22.0708 7808	discache - ok
21:46:22.0813 7808	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:46:22.0828 7808	Disk - ok
21:46:22.0904 7808	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:46:22.0962 7808	drmkaud - ok
21:46:23.0044 7808	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:46:23.0080 7808	DXGKrnl - ok
21:46:23.0216 7808	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:46:23.0356 7808	ebdrv - ok
21:46:23.0469 7808	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:46:23.0508 7808	elxstor - ok
21:46:23.0563 7808	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:46:23.0607 7808	ErrDev - ok
21:46:23.0719 7808	ewusbnet        (8adacffad67394c711698ea074ce3bab) C:\Windows\system32\DRIVERS\ewusbnet.sys
21:46:23.0771 7808	ewusbnet - ok
21:46:23.0832 7808	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:46:23.0902 7808	exfat - ok
21:46:23.0957 7808	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:46:24.0050 7808	fastfat - ok
21:46:24.0121 7808	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:46:24.0173 7808	fdc - ok
21:46:24.0236 7808	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:46:24.0259 7808	FileInfo - ok
21:46:24.0333 7808	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:46:24.0419 7808	Filetrace - ok
21:46:24.0470 7808	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:46:24.0546 7808	flpydisk - ok
21:46:24.0655 7808	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:46:24.0677 7808	FltMgr - ok
21:46:24.0725 7808	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:46:24.0740 7808	FsDepends - ok
21:46:24.0880 7808	fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:46:24.0893 7808	fssfltr - ok
21:46:24.0956 7808	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:46:24.0983 7808	Fs_Rec - ok
21:46:25.0064 7808	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:46:25.0094 7808	fvevol - ok
21:46:25.0150 7808	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:46:25.0168 7808	gagp30kx - ok
21:46:25.0285 7808	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:46:25.0306 7808	GEARAspiWDM - ok
21:46:25.0450 7808	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:46:25.0496 7808	hcw85cir - ok
21:46:25.0570 7808	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:46:25.0637 7808	HdAudAddService - ok
21:46:25.0701 7808	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
21:46:25.0748 7808	HDAudBus - ok
21:46:25.0837 7808	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:46:25.0848 7808	HECIx64 - ok
21:46:25.0905 7808	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:46:25.0940 7808	HidBatt - ok
21:46:26.0037 7808	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:46:26.0109 7808	HidBth - ok
21:46:26.0200 7808	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:46:26.0260 7808	HidIr - ok
21:46:26.0379 7808	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
21:46:26.0426 7808	HidUsb - ok
21:46:26.0496 7808	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
21:46:26.0522 7808	HpSAMD - ok
21:46:26.0604 7808	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:46:26.0703 7808	HTTP - ok
21:46:26.0817 7808	hwdatacard      (d969d0e26c5b1e813b17066a8318d5d4) C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:46:26.0834 7808	hwdatacard - ok
21:46:26.0895 7808	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:46:26.0908 7808	hwpolicy - ok
21:46:27.0056 7808	hwusbdev        (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
21:46:27.0138 7808	hwusbdev - ok
21:46:27.0249 7808	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:46:27.0281 7808	i8042prt - ok
21:46:27.0354 7808	iaStor          (073a606333b6f7bbf20aa856df7f0997) C:\Windows\system32\drivers\iaStor.sys
21:46:27.0387 7808	iaStor - ok
21:46:27.0480 7808	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:46:27.0521 7808	iaStorV - ok
21:46:27.0745 7808	igfx            (31d1aff484d8a0906cf8d44251ec390f) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:46:27.0993 7808	igfx ( UnsignedFile.Multi.Generic ) - warning
21:46:27.0993 7808	igfx - detected UnsignedFile.Multi.Generic (1)
21:46:28.0055 7808	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:46:28.0073 7808	iirsp - ok
21:46:28.0187 7808	Impcd           (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
21:46:28.0215 7808	Impcd - ok
21:46:28.0331 7808	IntcAzAudAddService (0f144e5f46cb9043004b5e84aa4bca6a) C:\Windows\system32\drivers\RTKVHD64.sys
21:46:28.0382 7808	IntcAzAudAddService - ok
21:46:28.0443 7808	IntcDAud        (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:46:28.0453 7808	IntcDAud ( UnsignedFile.Multi.Generic ) - warning
21:46:28.0453 7808	IntcDAud - detected UnsignedFile.Multi.Generic (1)
21:46:28.0529 7808	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:46:28.0543 7808	intelide - ok
21:46:28.0610 7808	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
21:46:28.0646 7808	intelppm - ok
21:46:28.0758 7808	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:46:28.0849 7808	IpFilterDriver - ok
21:46:28.0921 7808	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
21:46:28.0973 7808	IPMIDRV - ok
21:46:29.0040 7808	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:46:29.0128 7808	IPNAT - ok
21:46:29.0253 7808	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:46:29.0290 7808	IRENUM - ok
21:46:29.0366 7808	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:46:29.0380 7808	isapnp - ok
21:46:29.0443 7808	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
21:46:29.0463 7808	iScsiPrt - ok
21:46:29.0514 7808	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:46:29.0528 7808	kbdclass - ok
21:46:29.0584 7808	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
21:46:29.0626 7808	kbdhid - ok
21:46:29.0713 7808	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
21:46:29.0742 7808	KSecDD - ok
21:46:29.0796 7808	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
21:46:29.0816 7808	KSecPkg - ok
21:46:29.0935 7808	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:46:30.0024 7808	ksthunk - ok
21:46:30.0142 7808	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:46:30.0233 7808	lltdio - ok
21:46:30.0354 7808	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:46:30.0376 7808	LSI_FC - ok
21:46:30.0433 7808	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:46:30.0452 7808	LSI_SAS - ok
21:46:30.0519 7808	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:46:30.0546 7808	LSI_SAS2 - ok
21:46:30.0601 7808	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:46:30.0628 7808	LSI_SCSI - ok
21:46:30.0705 7808	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:46:30.0781 7808	luafv - ok
21:46:30.0947 7808	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:46:30.0973 7808	megasas - ok
21:46:31.0032 7808	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:46:31.0066 7808	MegaSR - ok
21:46:31.0115 7808	mfeavfk         (4a1c21576fb7f96f4dbdea627ffda775) C:\Windows\system32\drivers\mfeavfk.sys
21:46:31.0132 7808	mfeavfk - ok
21:46:31.0186 7808	mfehidk         (9e0ac52b3232ff8dc65fee1a9c2fe8d1) C:\Windows\system32\drivers\mfehidk.sys
21:46:31.0215 7808	mfehidk - ok
21:46:31.0312 7808	mferkdk         (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
21:46:31.0336 7808	mferkdk - ok
21:46:31.0371 7808	mfesmfk         (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
21:46:31.0389 7808	mfesmfk - ok
21:46:31.0453 7808	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:46:31.0526 7808	Modem - ok
21:46:31.0639 7808	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:46:31.0678 7808	monitor - ok
21:46:31.0750 7808	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:46:31.0775 7808	mouclass - ok
21:46:31.0837 7808	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
21:46:31.0881 7808	mouhid - ok
21:46:31.0959 7808	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:46:31.0985 7808	mountmgr - ok
21:46:32.0049 7808	MPFP            (dfed96e61756c67533bae6b7d5f8cca3) C:\Windows\system32\Drivers\Mpfp.sys
21:46:32.0073 7808	MPFP - ok
21:46:32.0169 7808	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
21:46:32.0198 7808	mpio - ok
21:46:32.0249 7808	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:46:32.0326 7808	mpsdrv - ok
21:46:32.0380 7808	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:46:32.0436 7808	MRxDAV - ok
21:46:32.0517 7808	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:46:32.0537 7808	mrxsmb - ok
21:46:32.0597 7808	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:46:32.0633 7808	mrxsmb10 - ok
21:46:32.0719 7808	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:46:32.0767 7808	mrxsmb20 - ok
21:46:32.0885 7808	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
21:46:32.0909 7808	msahci - ok
21:46:32.0961 7808	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
21:46:32.0989 7808	msdsm - ok
21:46:33.0069 7808	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:46:33.0132 7808	Msfs - ok
21:46:33.0213 7808	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:46:33.0272 7808	mshidkmdf - ok
21:46:33.0318 7808	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:46:33.0343 7808	msisadrv - ok
21:46:33.0488 7808	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:46:33.0555 7808	MSKSSRV - ok
21:46:33.0615 7808	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:46:33.0686 7808	MSPCLOCK - ok
21:46:33.0729 7808	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:46:33.0793 7808	MSPQM - ok
21:46:33.0856 7808	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:46:33.0886 7808	MsRPC - ok
21:46:33.0940 7808	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:46:33.0969 7808	mssmbios - ok
21:46:34.0007 7808	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:46:34.0078 7808	MSTEE - ok
21:46:34.0157 7808	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:46:34.0211 7808	MTConfig - ok
21:46:34.0344 7808	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:46:34.0373 7808	Mup - ok
21:46:34.0489 7808	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:46:34.0540 7808	NativeWifiP - ok
21:46:34.0647 7808	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:46:34.0693 7808	NDIS - ok
21:46:34.0734 7808	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:46:34.0802 7808	NdisCap - ok
21:46:34.0938 7808	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:46:35.0005 7808	NdisTapi - ok
21:46:35.0051 7808	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:46:35.0131 7808	Ndisuio - ok
21:46:35.0239 7808	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:46:35.0336 7808	NdisWan - ok
21:46:35.0464 7808	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:46:35.0541 7808	NDProxy - ok
21:46:35.0626 7808	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:46:35.0697 7808	NetBIOS - ok
21:46:35.0746 7808	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:46:35.0796 7808	NetBT - ok
21:46:35.0876 7808	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:46:35.0904 7808	nfrd960 - ok
21:46:35.0965 7808	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:46:36.0043 7808	Npfs - ok
21:46:36.0099 7808	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:46:36.0185 7808	nsiproxy - ok
21:46:36.0292 7808	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:46:36.0365 7808	Ntfs - ok
21:46:36.0445 7808	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:46:36.0520 7808	Null - ok
21:46:36.0599 7808	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:46:36.0618 7808	nvraid - ok
21:46:36.0665 7808	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:46:36.0683 7808	nvstor - ok
21:46:36.0748 7808	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:46:36.0767 7808	nv_agp - ok
21:46:36.0819 7808	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:46:36.0858 7808	ohci1394 - ok
21:46:36.0954 7808	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:46:36.0976 7808	Parport - ok
21:46:37.0031 7808	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:46:37.0060 7808	partmgr - ok
21:46:37.0115 7808	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
21:46:37.0134 7808	pci - ok
21:46:37.0174 7808	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:46:37.0204 7808	pciide - ok
21:46:37.0254 7808	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:46:37.0291 7808	pcmcia - ok
21:46:37.0346 7808	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:46:37.0363 7808	pcw - ok
21:46:37.0431 7808	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:46:37.0518 7808	PEAUTH - ok
21:46:37.0660 7808	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:46:37.0727 7808	PptpMiniport - ok
21:46:37.0810 7808	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:46:37.0854 7808	Processor - ok
21:46:37.0968 7808	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:46:38.0059 7808	Psched - ok
21:46:38.0173 7808	PxHlpa64        (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
21:46:38.0195 7808	PxHlpa64 - ok
21:46:38.0287 7808	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:46:38.0368 7808	ql2300 - ok
21:46:38.0431 7808	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:46:38.0461 7808	ql40xx - ok
21:46:38.0513 7808	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:46:38.0554 7808	QWAVEdrv - ok
21:46:38.0663 7808	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:46:38.0709 7808	RasAcd - ok
21:46:38.0778 7808	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:46:38.0827 7808	RasAgileVpn - ok
21:46:38.0879 7808	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:46:38.0959 7808	Rasl2tp - ok
21:46:39.0027 7808	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:46:39.0124 7808	RasPppoe - ok
21:46:39.0196 7808	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:46:39.0292 7808	RasSstp - ok
21:46:39.0363 7808	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:46:39.0445 7808	rdbss - ok
21:46:39.0514 7808	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:46:39.0550 7808	rdpbus - ok
21:46:39.0604 7808	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:46:39.0669 7808	RDPCDD - ok
21:46:39.0782 7808	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:46:39.0850 7808	RDPENCDD - ok
21:46:39.0900 7808	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:46:39.0956 7808	RDPREFMP - ok
21:46:39.0994 7808	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:46:40.0072 7808	RDPWD - ok
21:46:40.0203 7808	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:46:40.0233 7808	rdyboost - ok
21:46:40.0299 7808	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:46:40.0358 7808	RFCOMM - ok
21:46:40.0483 7808	rimspci         (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\DRIVERS\rimssne64.sys
21:46:40.0521 7808	rimspci - ok
21:46:40.0573 7808	risdsnpe        (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\DRIVERS\risdsne64.sys
21:46:40.0624 7808	risdsnpe - ok
21:46:40.0752 7808	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:46:40.0824 7808	rspndr - ok
21:46:40.0919 7808	RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\Windows\system32\drivers\RtHDMIVX.sys
21:46:40.0945 7808	RTHDMIAzAudService - ok
21:46:41.0058 7808	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
21:46:41.0085 7808	sbp2port - ok
21:46:41.0183 7808	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:46:41.0257 7808	scfilter - ok
21:46:41.0312 7808	sdbus           (4e54822ed2350eb1f31f95f0fd674ef3) C:\Windows\system32\DRIVERS\sdbus.sys
21:46:41.0351 7808	sdbus - ok
21:46:41.0479 7808	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:46:41.0569 7808	secdrv - ok
21:46:41.0636 7808	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:46:41.0656 7808	Serenum - ok
21:46:41.0711 7808	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:46:41.0754 7808	Serial - ok
21:46:41.0914 7808	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:46:41.0964 7808	sermouse - ok
21:46:42.0032 7808	SFEP            (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys
21:46:42.0055 7808	SFEP - ok
21:46:42.0128 7808	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:46:42.0182 7808	sffdisk - ok
21:46:42.0259 7808	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:46:42.0311 7808	sffp_mmc - ok
21:46:42.0369 7808	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\drivers\sffp_sd.sys
21:46:42.0429 7808	sffp_sd - ok
21:46:42.0490 7808	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:46:42.0542 7808	sfloppy - ok
21:46:42.0671 7808	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:46:42.0685 7808	SiSRaid2 - ok
21:46:42.0733 7808	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:46:42.0748 7808	SiSRaid4 - ok
21:46:42.0832 7808	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:46:42.0900 7808	Smb - ok
21:46:43.0017 7808	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:46:43.0042 7808	spldr - ok
21:46:43.0145 7808	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:46:43.0190 7808	srv - ok
21:46:43.0243 7808	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:46:43.0293 7808	srv2 - ok
21:46:43.0348 7808	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:46:43.0392 7808	srvnet - ok
21:46:43.0546 7808	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:46:43.0572 7808	stexstor - ok
21:46:43.0639 7808	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:46:43.0652 7808	swenum - ok
21:46:43.0724 7808	SynTP           (2f827bb08cc7f1a17df2ead7b424d731) C:\Windows\system32\drivers\SynTP.sys
21:46:43.0740 7808	SynTP - ok
21:46:43.0874 7808	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
21:46:43.0921 7808	Tcpip - ok
21:46:44.0015 7808	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
21:46:44.0065 7808	TCPIP6 - ok
21:46:44.0113 7808	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:46:44.0184 7808	tcpipreg - ok
21:46:44.0249 7808	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:46:44.0331 7808	TDPIPE - ok
21:46:44.0376 7808	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:46:44.0464 7808	TDTCP - ok
21:46:44.0588 7808	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:46:44.0663 7808	tdx - ok
21:46:44.0739 7808	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
21:46:44.0753 7808	TermDD - ok
21:46:44.0827 7808	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:46:44.0894 7808	tssecsrv - ok
21:46:44.0954 7808	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:46:45.0037 7808	tunnel - ok
21:46:45.0109 7808	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:46:45.0127 7808	uagp35 - ok
21:46:45.0192 7808	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:46:45.0295 7808	udfs - ok
21:46:45.0405 7808	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:46:45.0433 7808	uliagpkx - ok
21:46:45.0527 7808	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:46:45.0578 7808	umbus - ok
21:46:45.0656 7808	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:46:45.0697 7808	UmPass - ok
21:46:45.0773 7808	usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:46:45.0811 7808	usbccgp - ok
21:46:45.0890 7808	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:46:45.0930 7808	usbcir - ok
21:46:46.0051 7808	usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
21:46:46.0102 7808	usbehci - ok
21:46:46.0199 7808	usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:46:46.0253 7808	usbhub - ok
21:46:46.0322 7808	usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:46:46.0374 7808	usbohci - ok
21:46:46.0480 7808	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:46:46.0531 7808	usbprint - ok
21:46:46.0597 7808	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:46:46.0632 7808	usbscan - ok
21:46:46.0706 7808	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:46:46.0752 7808	USBSTOR - ok
21:46:46.0843 7808	usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
21:46:46.0879 7808	usbuhci - ok
21:46:46.0982 7808	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
21:46:47.0033 7808	usbvideo - ok
21:46:47.0191 7808	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:46:47.0218 7808	vdrvroot - ok
21:46:47.0287 7808	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:46:47.0320 7808	vga - ok
21:46:47.0365 7808	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:46:47.0443 7808	VgaSave - ok
21:46:47.0553 7808	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
21:46:47.0586 7808	vhdmp - ok
21:46:47.0667 7808	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:46:47.0682 7808	viaide - ok
21:46:47.0734 7808	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
21:46:47.0753 7808	volmgr - ok
21:46:47.0825 7808	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:46:47.0862 7808	volmgrx - ok
21:46:47.0921 7808	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
21:46:47.0956 7808	volsnap - ok
21:46:48.0000 7808	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:46:48.0021 7808	vsmraid - ok
21:46:48.0124 7808	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:46:48.0163 7808	vwifibus - ok
21:46:48.0210 7808	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:46:48.0255 7808	vwififlt - ok
21:46:48.0332 7808	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:46:48.0370 7808	vwifimp - ok
21:46:48.0416 7808	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:46:48.0460 7808	WacomPen - ok
21:46:48.0578 7808	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:46:48.0651 7808	WANARP - ok
21:46:48.0657 7808	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:46:48.0704 7808	Wanarpv6 - ok
21:46:48.0790 7808	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:46:48.0819 7808	Wd - ok
21:46:48.0883 7808	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:46:48.0941 7808	Wdf01000 - ok
21:46:49.0054 7808	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:46:49.0114 7808	WfpLwf - ok
21:46:49.0168 7808	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:46:49.0195 7808	WIMMount - ok
21:46:49.0330 7808	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:46:49.0383 7808	WmiAcpi - ok
21:46:49.0480 7808	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:46:49.0557 7808	ws2ifsl - ok
21:46:49.0625 7808	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:46:49.0692 7808	WudfPf - ok
21:46:49.0814 7808	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:46:49.0884 7808	WUDFRd - ok
21:46:49.0955 7808	yukonw7         (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
21:46:49.0994 7808	yukonw7 - ok
21:46:50.0046 7808	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:46:50.0268 7808	\Device\Harddisk0\DR0 - ok
21:46:50.0273 7808	Boot (0x1200)   (66442b79e7865476874185444d62c789) \Device\Harddisk0\DR0\Partition0
21:46:50.0275 7808	\Device\Harddisk0\DR0\Partition0 - ok
21:46:50.0307 7808	Boot (0x1200)   (2b9cb9c7b5b6176d292f416a3b2e40ee) \Device\Harddisk0\DR0\Partition1
21:46:50.0309 7808	\Device\Harddisk0\DR0\Partition1 - ok
21:46:50.0310 7808	============================================================
21:46:50.0310 7808	Scan finished
21:46:50.0310 7808	============================================================
21:46:50.0330 3556	Detected object count: 2
21:46:50.0330 3556	Actual detected object count: 2

so richtig?

cosinus · 16.01.2012, 13:46

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

LuckySony · 16.01.2012, 21:11

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-01-16.02 - Vivian 16.01.2012  20:14:19.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3950.2454 [GMT 1:00]
ausgeführt von:: c:\users\Vivian\Downloads\ComboFix.exe
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Vivian\black.exe
c:\users\Vivian\bucket.tmp
c:\users\Vivian\game.exe
c:\users\Vivian\groum.tmp
c:\users\Vivian\MENU.EXE
c:\users\Vivian\MENUDLL.DLL
c:\users\Vivian\runtutorial.tmp
c:\users\Vivian\score.tmp
c:\users\Vivian\TCVal.tmp
c:\users\Vivian\vetstate.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\java.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-16 bis 2012-01-16  ))))))))))))))))))))))))))))))
.
.
2012-01-16 19:26 . 2012-01-16 19:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-15 15:58 . 2012-01-15 15:58	--------	d-----w-	C:\_OTL
2012-01-11 23:51 . 2011-10-26 05:22	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 23:51 . 2011-10-26 04:28	1328640	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 23:51 . 2011-10-26 05:22	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 23:51 . 2011-10-26 04:28	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 23:51 . 2011-11-17 07:14	1739160	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 23:51 . 2011-11-17 05:41	1292592	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 23:51 . 2011-11-19 15:07	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 23:51 . 2011-11-19 14:06	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-11 21:45 . 2012-01-11 21:45	--------	d-----w-	c:\program files (x86)\ESET
2012-01-11 20:01 . 2012-01-11 20:01	--------	d-----w-	c:\users\Vivian\AppData\Roaming\Malwarebytes
2012-01-11 20:01 . 2012-01-11 20:01	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-11 20:01 . 2012-01-11 20:01	--------	d-----w-	c:\users\Vivian\NeuerOrdner
2012-01-11 20:01 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-09 23:33 . 2011-11-05 05:17	2048	----a-w-	c:\windows\system32\tzres.dll
2012-01-09 23:33 . 2011-11-05 04:30	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-01-09 23:33 . 2011-10-26 05:19	43520	----a-w-	c:\windows\system32\csrsrv.dll
2012-01-09 22:02 . 2011-10-15 06:25	723456	----a-w-	c:\windows\system32\EncDec.dll
2012-01-09 22:02 . 2011-10-15 05:48	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-12-24 15:18 . 2011-12-24 15:18	--------	d-----w-	c:\users\Default\AppData\Local\Sony Corporation
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 05:00 . 2011-12-14 21:27	3141632	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2009-10-15 72192]
"ICQ"="c:\users\Vivian\Icq7\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-13 98304]
"McENUI"="c:\progra~2\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2010-02-23 26624]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-02-23 149280]
"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2009-10-15 99624]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\users\Vivian\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 21:03	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 133104]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 133104]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 102608]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-11-25 821760]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 08:03]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 08:03]
.
2011-06-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-07-21 10:22]
.
2011-04-30 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-07-21 10:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-23 171520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Vivian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{37DEE150-B1AD-46B7-BA1E-68FDC81E4E86}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\users\Vivian\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\users\Vivian\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Abenteuer auf dem Reiterhof - c:\windows\IsUn0407.exe
AddRemove-Fünf Freunde 3 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4179217827-3366708110-3380199809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4179217827-3366708110-3380199809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-16  20:49:40
ComboFix-quarantined-files.txt  2012-01-16 19:49
.
Vor Suchlauf: 13 Verzeichnis(se), 408.821.174.272 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 408.322.048.000 Bytes frei
.
- - End Of File - - C23C903CAE88082F4269220E76AAFC94

[/CODE]
--- --- ---

cosinus · 16.01.2012, 21:26

Zitat:

FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

Sach nicht das Teil war aktiv als CF werkelte!

LuckySony · 17.01.2012, 15:15

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-01-16.02 - Vivian 17.01.2012  14:10:52.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3950.2646 [GMT 1:00]
ausgeführt von:: c:\users\Vivian\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-17 bis 2012-01-17  ))))))))))))))))))))))))))))))
.
.
2012-01-17 13:16 . 2012-01-17 13:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-17 13:16 . 2012-01-17 13:16	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2012-01-17 13:02 . 2012-01-17 13:02	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F949B8F8-90FD-460B-88B3-4793FF04A339}\offreg.dll
2012-01-17 13:01 . 2011-11-30 01:21	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F949B8F8-90FD-460B-88B3-4793FF04A339}\mpengine.dll
2012-01-17 13:01 . 2011-11-15 13:29	270720	------w-	c:\windows\system32\MpSigStub.exe
2012-01-15 15:58 . 2012-01-15 15:58	--------	d-----w-	C:\_OTL
2012-01-11 23:51 . 2011-10-26 05:22	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 23:51 . 2011-10-26 04:28	1328640	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 23:51 . 2011-10-26 05:22	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 23:51 . 2011-10-26 04:28	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 23:51 . 2011-11-17 07:14	1739160	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 23:51 . 2011-11-17 05:41	1292592	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 23:51 . 2011-11-19 15:07	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 23:51 . 2011-11-19 14:06	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-11 21:45 . 2012-01-11 21:45	--------	d-----w-	c:\program files (x86)\ESET
2012-01-11 20:01 . 2012-01-11 20:01	--------	d-----w-	c:\users\Vivian\AppData\Roaming\Malwarebytes
2012-01-11 20:01 . 2012-01-11 20:01	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-11 20:01 . 2012-01-11 20:01	--------	d-----w-	c:\users\Vivian\NeuerOrdner
2012-01-11 20:01 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-09 23:33 . 2011-11-05 05:17	2048	----a-w-	c:\windows\system32\tzres.dll
2012-01-09 23:33 . 2011-11-05 04:30	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-01-09 23:33 . 2011-10-26 05:19	43520	----a-w-	c:\windows\system32\csrsrv.dll
2012-01-09 22:02 . 2011-10-15 06:25	723456	----a-w-	c:\windows\system32\EncDec.dll
2012-01-09 22:02 . 2011-10-15 05:48	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-12-24 15:18 . 2011-12-24 15:18	--------	d-----w-	c:\users\Default\AppData\Local\Sony Corporation
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 05:00 . 2011-12-14 21:27	3141632	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-01-16_19.27.20   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-01-17 13:02	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-16 17:26	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-16 17:26	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-17 13:02	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-16 17:26	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-17 13:02	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-29 21:35 . 2012-01-17 13:09	67928              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-17 13:09	35670              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-07-21 20:11 . 2012-01-16 13:04	21270              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4179217827-3366708110-3380199809-1000_UserData.bin
+ 2010-07-21 20:11 . 2012-01-17 13:09	21270              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4179217827-3366708110-3380199809-1000_UserData.bin
- 2010-02-23 07:57 . 2012-01-16 12:57	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-23 07:57 . 2012-01-17 13:08	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-16 12:57	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-17 13:08	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-13 14:11 . 2012-01-17 13:09	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-13 14:11 . 2012-01-16 13:04	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-13 14:11 . 2012-01-17 13:09	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-13 14:11 . 2012-01-16 13:04	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-13 14:11 . 2012-01-17 13:09	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-13 14:11 . 2012-01-16 13:04	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-22 14:44 . 2012-01-16 19:10	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-22 14:44 . 2012-01-17 13:09	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-22 14:44 . 2012-01-17 13:09	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-22 14:44 . 2012-01-16 19:10	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-16 12:57 . 2012-01-16 12:57	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-17 13:02 . 2012-01-17 13:02	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-16 12:57 . 2012-01-16 12:57	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-17 13:02 . 2012-01-17 13:02	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-02-23 07:57 . 2012-01-16 12:57	147456              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-23 07:57 . 2012-01-17 13:08	147456              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 05:01 . 2012-01-17 13:01	334688              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-15 22:42	334688              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-07-21 20:07 . 2012-01-15 22:08	1249865              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4179217827-3366708110-3380199809-1000-8192.dat
+ 2010-07-21 20:07 . 2012-01-17 13:01	1249865              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4179217827-3366708110-3380199809-1000-8192.dat
- 2009-07-14 02:34 . 2012-01-16 13:20	10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-01-17 11:27	10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2009-10-15 72192]
"ICQ"="c:\users\Vivian\Icq7\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-13 98304]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2010-02-23 26624]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-02-23 149280]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2009-10-15 99624]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\users\Vivian\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 21:03	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 133104]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 133104]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-11-25 821760]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 08:03]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 08:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-23 171520]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Vivian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{37DEE150-B1AD-46B7-BA1E-68FDC81E4E86}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Vivian\AppData\Roaming\Mozilla\Firefox\Profiles\j86phpq4.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\users\Vivian\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\users\Vivian\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4179217827-3366708110-3380199809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4179217827-3366708110-3380199809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-17  14:19:15
ComboFix-quarantined-files.txt  2012-01-17 13:19
ComboFix2.txt  2012-01-16 19:49
.
Vor Suchlauf: 17 Verzeichnis(se), 408.298.872.832 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 408.101.543.936 Bytes frei
.
- - End Of File - - 0B52E851275616944693903C2878495E

[/CODE]
--- --- ---