Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 25.07.2012, 17:07   #1
xawax
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Hello,
Ich habe mir einen Sperr-Trojaner eingefangen, der den kompletten Bildschirm verdeckt und per Ukash auffordert 100€ zu zahlen,
ich habe schon OTL scannen lassen,

das log ist hier :

OTL logfile created on: 25.07.2012 17:50:23 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Jawad Bishara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,97 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 83,17% Memory free
6,13 Gb Paging File | 5,83 Gb Available in Paging File | 95,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 360,73 Gb Total Space | 214,33 Gb Free Space | 59,42% Space Free | Partition Type: NTFS

Computer Name: JAWADBISHARA-PC | User Name: Jawad Bishara | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jawad Bishara\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\HelpPane.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.271\McCHSvc.exe (McAfee, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (NSUService) -- C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCFw) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Programme\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Programme\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Programme\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cncuhg) -- System32\drivers\qyhcwmuy.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (GTUQBUS) -- C:\Windows\System32\drivers\gtuqbus.sys (Option N.V.)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0}
IE - HKLM\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1425416

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {f228c6a4-a593-4017-944c-4e7958fb3177} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0}
IE - HKCU\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=8js9rdqdSLwPZf4ZV4wIWXglnT8?q={searchTerms}
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1425416
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.04.09 18:28:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.14 17:45:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2012.07.14 11:09:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins [2012.04.19 18:57:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.14 17:45:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2012.07.14 11:09:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins [2012.04.19 18:57:23 | 000,000,000 | ---D | M]

[2011.04.02 16:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jawad Bishara\AppData\Roaming\mozilla\Extensions
[2011.04.02 16:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jawad Bishara\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.05.02 18:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jawad Bishara\AppData\Roaming\mozilla\Firefox\Profiles\ylqmfywt.default\extensions
[2011.03.25 22:34:03 | 000,000,000 | ---D | M] (GamePlayLabs Plugin) -- C:\Users\Jawad Bishara\AppData\Roaming\mozilla\Firefox\Profiles\ylqmfywt.default\extensions\plugin2@gameplaylabs.com

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F228C6A4-A593-4017-944C-4E7958FB3177} - No CLSID value found.
O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jawad Bishara\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [olatbr] C:\Users\Jawad Bishara\AppData\Roaming\olatbr.dll (DT Soft Ltd)
O4 - HKCU..\Run: [Oqegynsuxi] C:\Users\Jawad Bishara\AppData\Roaming\Eregs\tyehw.exe ()
O4 - HKCU..\Run: [XpsPrint] C:\Users\Jawad Bishara\AppData\Local\Microsoft\Windows\1401\XpsPrint.exe ()
O4 - HKCU..\Run: [XSECVA] C:\Users\Jawad Bishara\AppData\Roaming\xsecva\xsecva.exe ()
O4 - Startup: C:\Users\Jawad Bishara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Jawad Bishara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winmpa.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O12 - Plugin for: .spop - C:\Programme\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2368DD2-1C39-40ED-867C-596C6B1ECB71}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\r3hook.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{17aedf48-bf20-11de-9465-00214f4b9b60}\Shell - "" = AutoRun
O33 - MountPoints2\{17aedf48-bf20-11de-9465-00214f4b9b60}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{17aedf62-bf20-11de-9465-00214f4b9b60}\Shell - "" = AutoRun
O33 - MountPoints2\{17aedf62-bf20-11de-9465-00214f4b9b60}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{2507792c-c167-11de-8cb3-00114322daec}\Shell - "" = AutoRun
O33 - MountPoints2\{2507792c-c167-11de-8cb3-00114322daec}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{3eceaaa0-4331-11e0-88dd-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{3eceaaa0-4331-11e0-88dd-001e101fb45e}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{46c7c577-4f8f-11de-a8de-0040d0434d18}\Shell - "" = AutoRun
O33 - MountPoints2\{46c7c577-4f8f-11de-a8de-0040d0434d18}\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O33 - MountPoints2\{559ef1e5-cd0a-11de-9bee-00114322daec}\Shell - "" = AutoRun
O33 - MountPoints2\{559ef1e5-cd0a-11de-9bee-00114322daec}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a8a4e96c-cc08-11df-aaa3-001e101f36d9}\Shell - "" = AutoRun
O33 - MountPoints2\{a8a4e96c-cc08-11df-aaa3-001e101f36d9}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d0a71eea-d06f-11df-bd9b-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{d0a71eea-d06f-11df-bd9b-001e101f4da1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{dcac66f8-6be2-11de-8aec-0040d0434d18}\Shell - "" = AutoRun
O33 - MountPoints2\{dcac66f8-6be2-11de-8aec-0040d0434d18}\Shell\AutoRun\command - "" = I:\start.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.25 17:11:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jawad Bishara\Desktop\OTL.exe
[2012.07.24 23:08:13 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\AppData\Roaming\Zugak
[2012.07.24 23:08:13 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\AppData\Roaming\Zudoyv
[2012.07.24 23:08:13 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\AppData\Roaming\Eregs
[2012.07.24 23:08:03 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\AppData\Roaming\hellomoto
[2012.07.22 16:48:04 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\AppData\Local\{9D3A2FDB-EBB3-4720-B0D3-5B1D53CB293B}
[2012.07.21 13:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.07.21 13:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012.07.21 13:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 7.0
[2012.07.21 13:38:14 | 000,147,984 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.07.21 12:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\SaferSurf
[2012.07.21 12:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Nutzwerk
[2012.07.21 12:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.07.21 12:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.07.21 12:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.07.20 18:56:43 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.07.20 18:12:20 | 000,142,336 | ---- | C] (DT Soft Ltd) -- C:\Users\Jawad Bishara\AppData\Roaming\olatbr.dll
[2012.07.20 18:12:17 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\AppData\Roaming\xsecva
[2012.07.14 11:04:00 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\AppData\Local\{E4300E4A-CC2B-4BE4-93D5-FEEDD090ED11}
[2012.07.14 11:03:37 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\AppData\Local\{CBD0B5C0-B280-46F2-92BC-41A4FCCE352D}
[2012.07.08 11:29:53 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\AppData\Local\{AD182243-64D7-47C8-AE85-DCF4631126AB}
[2012.07.08 11:29:32 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\AppData\Local\{D5C1F78C-AA11-4C27-B3ED-015BEFB80E88}
[2012.07.08 11:15:04 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\AppData\Local\{B500FE5B-9750-4698-946D-5FDE885A9AB8}
[2012.07.04 22:32:32 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\Desktop\fluggraaammmmmmmmmmmmm

========== Files - Modified Within 30 Days ==========

[2012.07.25 17:46:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.25 17:44:22 | 000,000,099 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.07.25 17:44:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.25 17:43:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 17:43:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 17:42:34 | 000,001,108 | ---- | M] () -- C:\Users\Jawad Bishara\Desktop\logfile malware
[2012.07.25 17:11:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jawad Bishara\Desktop\OTL.exe
[2012.07.24 23:25:53 | 000,043,008 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012.07.24 23:08:12 | 000,254,976 | ---- | M] () -- C:\Users\Jawad Bishara\0.9346447002192098.exe
[2012.07.24 22:52:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.24 22:42:59 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.24 21:55:12 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FEC5CBEB-A5AC-40F8-BCC2-D87CA84FE8EA}.job
[2012.07.24 00:17:36 | 166,479,904 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2012.07.22 23:43:55 | 001,618,772 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2012.07.22 23:43:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.22 20:21:35 | 000,000,574 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Jawad Bishara.job
[2012.07.21 13:40:13 | 000,091,700 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012.07.21 13:40:13 | 000,085,860 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012.07.21 13:38:14 | 000,147,984 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.07.21 12:12:07 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.07.21 12:12:07 | 000,001,953 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.07.20 18:12:20 | 000,142,336 | ---- | M] (DT Soft Ltd) -- C:\Users\Jawad Bishara\AppData\Roaming\olatbr.dll
[2012.06.30 13:34:37 | 000,052,364 | ---- | M] () -- C:\Users\Jawad Bishara\Desktop\playlist.xps
[2012.06.28 15:25:20 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.28 15:25:20 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.28 15:25:20 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.28 15:25:20 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012.07.25 17:42:34 | 000,001,108 | ---- | C] () -- C:\Users\Jawad Bishara\Desktop\logfile malware
[2012.07.24 23:08:10 | 000,254,976 | ---- | C] () -- C:\Users\Jawad Bishara\0.9346447002192098.exe
[2012.07.21 13:40:13 | 000,091,700 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.07.21 13:40:13 | 000,085,860 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.07.21 13:38:41 | 166,479,904 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2012.07.21 13:38:41 | 001,618,772 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2012.07.21 12:12:07 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.07.21 12:11:59 | 000,001,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.07.21 10:03:59 | 000,232,960 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Local\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\00000008.@
[2012.07.21 10:03:59 | 000,092,160 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Local\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\80000032.@
[2012.07.21 10:03:59 | 000,000,804 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Local\{955007ae-2a81-c4a1-2057-7a6558843f30}\L\00000004.@
[2012.07.21 10:03:48 | 000,013,312 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Local\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\80000000.@
[2012.07.21 10:03:47 | 000,002,048 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Local\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\00000004.@
[2012.07.21 10:03:47 | 000,001,632 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Local\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\000000cb.@
[2012.07.20 18:46:35 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\00000008.@
[2012.07.20 18:46:33 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\80000032.@
[2012.07.20 18:46:33 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{955007ae-2a81-c4a1-2057-7a6558843f30}\L\00000004.@
[2012.07.20 18:46:18 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\80000000.@
[2012.07.20 18:46:17 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\00000004.@
[2012.07.20 18:46:17 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\000000cb.@
[2012.06.30 13:34:36 | 000,052,364 | ---- | C] () -- C:\Users\Jawad Bishara\Desktop\playlist.xps
[2012.01.28 14:35:11 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{955007ae-2a81-c4a1-2057-7a6558843f30}\@
[2012.01.28 14:35:11 | 000,002,048 | -HS- | C] () -- C:\Users\Jawad Bishara\AppData\Local\{955007ae-2a81-c4a1-2057-7a6558843f30}\@
[2010.10.14 17:32:39 | 000,181,904 | ---- | C] () -- C:\Windows\hpoins44.dat
[2009.06.17 20:36:42 | 000,000,600 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Local\PUTTY.RND
[2009.03.19 19:57:12 | 000,000,000 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Roaming\wklnhst.dat
[2009.01.09 02:15:47 | 000,032,256 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.08 21:14:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.01.08 20:20:53 | 000,002,032 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2009.01.26 23:26:08 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\Bytemobile
[2012.07.24 23:08:13 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\Eregs
[2012.07.24 23:08:19 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\hellomoto
[2009.01.09 20:59:07 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\ICQ
[2010.03.01 20:37:02 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\InterTrust
[2011.10.24 21:00:05 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\JAM Software
[2011.05.19 19:22:51 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\LowRateVoip
[2009.05.20 01:45:42 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\Opera
[2012.03.24 16:24:38 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\PoivY
[2009.03.19 19:57:13 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\Template
[2011.04.02 16:47:17 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\TomTom
[2009.01.26 23:33:46 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\Vodafone
[2011.08.08 19:40:57 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\VoipBlast
[2011.02.05 12:07:48 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\VoipBuster
[2012.05.05 15:08:36 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\WindSolutions
[2012.07.21 10:10:13 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\xsecva
[2010.12.07 18:48:58 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\XSManager
[2012.07.24 23:11:10 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\Zudoyv
[2012.07.24 23:08:13 | 000,000,000 | ---D | M] -- C:\Users\Jawad Bishara\AppData\Roaming\Zugak
[2010.10.12 17:27:08 | 000,653,312 | ---- | M] () -- C:\Windows\Tasks\d1.exe
[2011.01.02 22:49:41 | 000,054,784 | ---- | M] () -- C:\Windows\Tasks\d2.exe
[2010.06.17 18:46:06 | 000,000,090 | ---- | M] () -- C:\Windows\Tasks\ID.Conf
[2012.07.22 23:43:31 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.03 18:38:32 | 000,151,040 | ---- | M] (hxxp://sharppcap.sf.net) -- C:\Windows\Tasks\SharpPcap.dll
[2012.07.24 21:55:12 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{FEC5CBEB-A5AC-40F8-BCC2-D87CA84FE8EA}.job
[2011.04.03 20:27:58 | 000,443,655 | ---- | M] () -- C:\Windows\Tasks\wpcap.exe
[2010.08.19 15:17:50 | 000,060,928 | ---- | M] () -- C:\Windows\Tasks\y.exe

========== Purity Check ==========



< End of report >


und hier ist der log von OTL EXTRA :

OTL Extras logfile created on: 25.07.2012 17:50:23 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Jawad Bishara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,97 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 83,17% Memory free
6,13 Gb Paging File | 5,83 Gb Available in Paging File | 95,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 360,73 Gb Total Space | 214,33 Gb Free Space | 59,42% Space Free | Partition Type: NTFS

Computer Name: JAWADBISHARA-PC | User Name: Jawad Bishara | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{018F8F57-B46B-B9B9-C452-DE8F5618434F}" = Catalyst Control Center Graphics Full Existing
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07C93E59-2DE3-1565-28A9-8C848B26D0F5}" = CCC Help German
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A6F9244-8C79-1296-3A43-097F67EB666A}" = Catalyst Control Center Localization Dutch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1790FDA2-938F-C886-8988-1ECB74E45517}" = Catalyst Control Center Localization Norwegian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C815731-19F3-0770-8776-D78D6BEBC291}" = Catalyst Control Center Localization Hungarian
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1EC06E70-BE43-DAAA-A217-E5C98869B1F8}" = Catalyst Control Center Localization Greek
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{248e4799-db04-4b1a-902c-194669f995ce}" = Nero Move it
"{252E50FD-F27C-C8DD-C9E2-D2845A2DC399}" = ATI Catalyst Install Manager
"{25BA8D5A-228A-7192-6FA1-890D9F1C679F}" = CCC Help Korean
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B311FB9-5B6A-328C-D7AE-2445D639D886}" = CCC Help Norwegian
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D333C7C-102B-F474-9524-72AAA3F292B8}" = Catalyst Control Center Localization Danish
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4529BC6B-16AE-6829-4946-36C33DBF8DD1}" = Catalyst Control Center Localization French
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{527EB2A4-BF51-B1B6-3F09-2032A861548E}" = Catalyst Control Center Graphics Light
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{55C0F7C1-8B6D-CBBD-2B88-EE7261A87254}" = CCC Help Greek
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{629FD96D-5877-0832-2D31-0EFE781F870D}" = CCC Help Portuguese
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{652C5DED-9B9F-93D0-5E94-931B8C38EF0E}" = Catalyst Control Center Localization Thai
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6A54CB6A-59D1-6A3A-08F3-E34ECF8905A9}" = Catalyst Control Center Graphics Previews Vista
"{6AA6EEA5-BF09-932B-AC25-0E9CCA4B709A}" = CCC Help Danish
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C4EF0CA-A9DD-96CF-B722-CCDEB589DD26}" = Catalyst Control Center Localization Chinese Traditional
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{711D43D7-24FE-A2B7-CC52-A48BCAAF3926}" = Catalyst Control Center Graphics Previews Common
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73496381-83C9-7BE6-6EB6-4CF97C00E5FD}" = CCC Help Polish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79BBD55C-9FF6-D496-8AE6-E2EC2829F974}" = Catalyst Control Center Localization Czech
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CC28423-465C-F4B9-9379-343DF715BE62}" = CCC Help Swedish
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{80828DF5-270E-F8E6-6274-55ACA4C7E229}" = Catalyst Control Center Localization Japanese
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84037798-D63A-F5CA-9FB2-829B362BF712}" = CCC Help Finnish
"{8470A1D9-536E-C7C1-AE2D-24B739B1665A}" = Catalyst Control Center Localization Russian
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{882683C6-8B60-5CBC-38A8-55ED185FD975}" = CCC Help Turkish
"{8843C5E1-51E5-DFA6-1AD8-757C8DCA7E37}" = CCC Help Russian
"{88C596E4-6882-8E76-EBEF-AB739F5A3B69}" = Catalyst Control Center Localization Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8C467DE1-6E04-0888-B281-172909C96F37}" = Skins
"{8C7FB08D-7A84-22E0-F553-F6B827023E17}" = CCC Help Chinese Traditional
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93F32124-BB54-C599-CF55-E1E57565BCE3}" = CCC Help Czech
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96C951BB-47C8-8497-78F0-7D8D328B58E3}" = Catalyst Control Center Localization Portuguese
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99D8CD4E-A5D2-A9DF-A152-B28EB5A71F85}" = Catalyst Control Center Localization German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939F952-1C7E-CBF8-EE77-CFBD9C6A4ECC}" = ccc-core-static
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA75988E-9EC1-EECE-CE00-D5D935974528}" = CCC Help Dutch
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{ACB5FD4A-6C58-972C-180C-9677C037E71D}" = Catalyst Control Center Localization Chinese Standard
"{ADBDB038-FF77-C672-04A1-7A0E67E8C73C}" = Catalyst Control Center Core Implementation
"{ADECE95F-585D-8B33-BF50-53C2BDA1E241}" = Catalyst Control Center Localization Korean
"{AE0FBCB5-3193-4583-C6CB-AA96F307EA70}" = ccc-utility
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF10119-F154-4888-77F3-B149DE987976}" = Catalyst Control Center Localization Polish
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C767EE67-9AA4-1CBF-8FD4-87F52CBB041D}" = CCC Help Italian
"{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Internet Security 7.0
"{C8E57F8C-64FE-28D7-0F65-7BE87AF49745}" = Catalyst Control Center Graphics Full New
"{C93F4E7C-1B31-449B-A304-EF277CF55E39}" = Catalyst Control Center - Branding
"{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}" = MobileMe Control Panel
"{CAE07D54-A400-DAF9-912B-306DD941B61C}" = Catalyst Control Center Localization Finnish
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB6CF566-E06F-2556-55EF-EE149FC6EE7F}" = CCC Help French
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D355ECA7-DBF5-F22E-4E1A-BF69CFC5CED8}" = CCC Help Japanese
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44DF260-2D5A-3277-97D6-C97D1A806CF5}" = CCC Help Thai
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D7019E24-BF07-3690-18C7-3D0DE87D09AB}" = CCC Help Chinese Standard
"{D7FFE7EB-1A15-864C-B335-E768BF623B84}" = Catalyst Control Center Localization Swedish
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{dbb90477-c355-4afb-a2c1-e16154aeaaf5}" = Nero Move it Trial
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE1F799A-0A02-FF3B-8786-195E91D0DE94}" = CCC Help Spanish
"{defa5390-8533-47b5-81f7-3816916bdc6f}" = Nero Move it Help
"{DF0415CC-0563-407F-B560-9B7F277122C5}" = VAIO BD Menu Data
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E31010F6-DE18-0E9F-E028-FC709306C6F1}" = Catalyst Control Center Localization Turkish
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4100
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5BD6683-301D-B224-FB7C-320299CD51F9}" = CCC Help Hungarian
"{E6A3770D-C87A-4505-B8C6-A4CF96AC395C}" = SonicStage Mastering Studio
"{E827C04A-7BE5-4443-8B65-A8012EA33AC0}" = Brother HL-2140
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9730C7A-E5DA-8222-45FE-2D71E810BE46}" = Catalyst Control Center Localization Spanish
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA39F1F5-D4A1-C02A-0865-7F6A95A33A56}" = CCC Help English
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f411c3cb-4ef9-4a0e-aa8e-2c3d8e6262d2}" = Nero 9 Essentials
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Akamai" = Akamai NetSession Interface Service
"bwin Poker_is1" = bwin Poker
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dt icon module" =
"Google Desktop" = Google Desktop
"gtfirstboot Setting Request" =
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"InstallWIX_{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Internet Security 7.0
"Lexmark 510 Series" = Lexmark 510 Series
"LowRateVoip_is1" = LowRateVoip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = VAIO Marketing Tools
"McAfee Security Scan" = McAfee Security Scan Plus
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 14.0 (x86 de)" = Mozilla Firefox 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NSS" = Norton Security Scan
"Picasa 3" = Picasa 3
"PoivY_is1" = PoivY
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"ProInst" = Intel PROSet Wireless
"RealPlayer 6.0" = RealPlayer
"ShoppingReport2" = ShopperReports
"SopCast" = SopCast 3.2.8
"TomTom HOME" = TomTom HOME 2.8.1.2218
"TreeSize Professional_is1" = TreeSize Professional V5.5.2
"UltraISO_is1" = UltraISO Premium V9.2
"VAIO Help and Support" =
"VoipBlast_is1" = VoipBlast
"VoipBuster_is1" = VoipBuster
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XSManager" = XSManager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24.07.2012 17:32:27 | Computer Name = JawadBishara-PC | Source = EventSystem | ID = 4609
Description =

Error - 24.07.2012 17:33:18 | Computer Name = JawadBishara-PC | Source = WinMgmt | ID = 10
Description =

Error - 24.07.2012 17:33:22 | Computer Name = JawadBishara-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung services.exe, Version 6.0.6002.18005, Zeitstempel
0x49e01a51, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
Ausnahmecode 0xc0000005, Fehleroffset 0x0003dd6d, Prozess-ID 0x220, Anwendungsstartzeit
01cd69e3bb2986d1.

Error - 24.07.2012 17:33:32 | Computer Name = JawadBishara-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =

Error - 25.07.2012 11:09:35 | Computer Name = JawadBishara-PC | Source = EventSystem | ID = 4609
Description =

Error - 25.07.2012 11:10:21 | Computer Name = JawadBishara-PC | Source = WinMgmt | ID = 10
Description =

Error - 25.07.2012 11:23:21 | Computer Name = JawadBishara-PC | Source = EventSystem | ID = 4609
Description =

Error - 25.07.2012 11:24:01 | Computer Name = JawadBishara-PC | Source = WinMgmt | ID = 10
Description =

Error - 25.07.2012 11:46:31 | Computer Name = JawadBishara-PC | Source = EventSystem | ID = 4609
Description =

Error - 25.07.2012 11:47:16 | Computer Name = JawadBishara-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 09.06.2010 06:42:50 | Computer Name = JawadBishara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22.07.2010 11:57:16 | Computer Name = JawadBishara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 03.12.2011 06:55:52 | Computer Name = JawadBishara-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 25.07.2012 11:46:07 | Computer Name = JawadBishara-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 25.07.2012 um 17:43:50 unerwartet heruntergefahren.

Error - 25.07.2012 11:46:20 | Computer Name = JawadBishara-PC | Source = DCOM | ID = 10005
Description =

Error - 25.07.2012 11:46:31 | Computer Name = JawadBishara-PC | Source = DCOM | ID = 10005
Description =

Error - 25.07.2012 11:46:33 | Computer Name = JawadBishara-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 25.07.2012 11:46:52 | Computer Name = JawadBishara-PC | Source = DCOM | ID = 10005
Description =

Error - 25.07.2012 11:47:01 | Computer Name = JawadBishara-PC | Source = DCOM | ID = 10005
Description =

Error - 25.07.2012 11:47:17 | Computer Name = JawadBishara-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 25.07.2012 11:47:17 | Computer Name = JawadBishara-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 25.07.2012 11:47:17 | Computer Name = JawadBishara-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 25.07.2012 11:47:17 | Computer Name = JawadBishara-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >



kann mir jemand bitte helfen, was soll ich tun?

vielen dank im voraus

Alt 25.07.2012, 21:06   #2
t'john
/// Helfer-Team
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:Processes
killallprocesses

:OTL
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll () 
SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe () 
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () 
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
DRV - (cncuhg) -- System32\drivers\qyhcwmuy.sys File not found 
IE - HKLM\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0} 
IE - HKLM\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" = http://www.google.de/search?hl=de&q={searchTerms}&meta= 
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1425416 
IE - HKCU\..\URLSearchHook: {f228c6a4-a593-4017-944c-4e7958fb3177} - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0} 
IE - HKCU\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7GGLL_de 
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=8js9rdqdSLwPZf4ZV4wIWXglnT8?q={searchTerms} 
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1425416 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found 
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F228C6A4-A593-4017-944C-4E7958FB3177} - No CLSID value found. 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) 
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jawad Bishara\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O4 - HKCU..\Run: [olatbr] C:\Users\Jawad Bishara\AppData\Roaming\olatbr.dll (DT Soft Ltd) 
O4 - HKCU..\Run: [Oqegynsuxi] C:\Users\Jawad Bishara\AppData\Roaming\Eregs\tyehw.exe () 
O4 - HKCU..\Run: [XpsPrint] C:\Users\Jawad Bishara\AppData\Local\Microsoft\Windows\1401\XpsPrint.exe () 
O4 - HKCU..\Run: [XSECVA] C:\Users\Jawad Bishara\AppData\Roaming\xsecva\xsecva.exe () 
O4 - Startup: C:\Users\Jawad Bishara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) 
O4 - Startup: C:\Users\Jawad Bishara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winmpa.exe () 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found 
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found 
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Bonjour\mdnsNSP.dll File not found 
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab) 
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{17aedf48-bf20-11de-9465-00214f4b9b60}\Shell - "" = AutoRun 
O33 - MountPoints2\{17aedf48-bf20-11de-9465-00214f4b9b60}\Shell\AutoRun\command - "" = H:\AutoRun.exe 
O33 - MountPoints2\{17aedf62-bf20-11de-9465-00214f4b9b60}\Shell - "" = AutoRun 
O33 - MountPoints2\{17aedf62-bf20-11de-9465-00214f4b9b60}\Shell\AutoRun\command - "" = H:\AutoRun.exe 
O33 - MountPoints2\{2507792c-c167-11de-8cb3-00114322daec}\Shell - "" = AutoRun 
O33 - MountPoints2\{2507792c-c167-11de-8cb3-00114322daec}\Shell\AutoRun\command - "" = H:\AutoRun.exe 
O33 - MountPoints2\{3eceaaa0-4331-11e0-88dd-001e101fb45e}\Shell - "" = AutoRun 
O33 - MountPoints2\{3eceaaa0-4331-11e0-88dd-001e101fb45e}\Shell\AutoRun\command - "" = I:\AutoRun.exe 
O33 - MountPoints2\{46c7c577-4f8f-11de-a8de-0040d0434d18}\Shell - "" = AutoRun 
O33 - MountPoints2\{46c7c577-4f8f-11de-a8de-0040d0434d18}\Shell\AutoRun\command - "" = H:\LaunchU3.exe 
O33 - MountPoints2\{559ef1e5-cd0a-11de-9bee-00114322daec}\Shell - "" = AutoRun 
O33 - MountPoints2\{559ef1e5-cd0a-11de-9bee-00114322daec}\Shell\AutoRun\command - "" = H:\AutoRun.exe 
O33 - MountPoints2\{a8a4e96c-cc08-11df-aaa3-001e101f36d9}\Shell - "" = AutoRun 
O33 - MountPoints2\{a8a4e96c-cc08-11df-aaa3-001e101f36d9}\Shell\AutoRun\command - "" = H:\AutoRun.exe 
O33 - MountPoints2\{d0a71eea-d06f-11df-bd9b-001e101f4da1}\Shell - "" = AutoRun 
O33 - MountPoints2\{d0a71eea-d06f-11df-bd9b-001e101f4da1}\Shell\AutoRun\command - "" = H:\AutoRun.exe 
O33 - MountPoints2\{dcac66f8-6be2-11de-8aec-0040d0434d18}\Shell - "" = AutoRun 
O33 - MountPoints2\{dcac66f8-6be2-11de-8aec-0040d0434d18}\Shell\AutoRun\command - "" = I:\start.exe 
O33 - MountPoints2\H\Shell - "" = AutoRun 
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe 
O33 - MountPoints2\J\Shell - "" = AutoRun 
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe 

[2012.07.24 23:08:12 | 000,254,976 | ---- | M] () -- C:\Users\Jawad Bishara\0.9346447002192098.exe 
[2012.07.21 12:12:07 | 000,001,953 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk 
[2012.07.24 23:08:13 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\AppData\Roaming\Zugak 
[2012.07.24 23:08:13 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\AppData\Roaming\Zudoyv 
[2012.07.24 23:08:13 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\AppData\Roaming\Eregs 
[2012.07.24 23:08:03 | 000,000,000 | ---D | C] -- C:\Users\Jawad Bishara\AppData\Roaming\hellomoto 


[2012.07.25 17:44:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.24 23:25:53 | 000,043,008 | ---- | M] () -- C:\Windows\System32\umstartup.etl 
[2012.07.24 22:52:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.24 22:42:59 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.24 21:55:12 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FEC5CBEB-A5AC-40F8-BCC2-D87CA84FE8EA}.job 
[2012.07.22 20:21:35 | 000,000,574 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Jawad Bishara.job 
[2012.07.21 10:03:59 | 000,232,960 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Local\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\00000008.@ 
[2012.07.21 10:03:59 | 000,092,160 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Local\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\80000032.@ 
[2012.07.21 10:03:59 | 000,000,804 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Local\{955007ae-2a81-c4a1-2057-7a6558843f30}\L\00000004.@ 
[2012.07.21 10:03:48 | 000,013,312 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Local\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\80000000.@ 
[2012.07.21 10:03:47 | 000,002,048 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Local\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\00000004.@ 
[2012.07.21 10:03:47 | 000,001,632 | ---- | C] () -- C:\Users\Jawad Bishara\AppData\Local\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\000000cb.@ 
[2012.07.20 18:46:35 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\00000008.@ 
[2012.07.20 18:46:33 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\80000032.@ 
[2012.07.20 18:46:33 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{955007ae-2a81-c4a1-2057-7a6558843f30}\L\00000004.@ 
[2012.07.20 18:46:18 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\80000000.@ 
[2012.07.20 18:46:17 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\00000004.@ 
[2012.07.20 18:46:17 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{955007ae-2a81-c4a1-2057-7a6558843f30}\U\000000cb.@ 
[2012.01.28 14:35:11 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{955007ae-2a81-c4a1-2057-7a6558843f30}\@ 
[2012.01.28 14:35:11 | 000,002,048 | -HS- | C] () -- C:\Users\Jawad Bishara\AppData\Local\{955007ae-2a81-c4a1-2057-7a6558843f30}\@ 
:Files

C:\Users\Jawad Bishara\AppData\Local\Akamai\netsession_win.exe
C:\Users\Jawad Bishara\AppData\Roaming\olatbr.dll
C:\Users\Jawad Bishara\AppData\Roaming\Eregs\tyehw.exe
C:\Users\Jawad Bishara\AppData\Local\Microsoft\Windows\1401\
C:\Users\Jawad Bishara\AppData\Roaming\xsecva\xsecva.exe
C:\Windows\system32\klogon.dll
C:\Windows\System32\VESWinlogon.dll
C:\autoexec.bat

H:\AutoRun.exe
I:\AutoRun.exe
H:\LaunchU3.exe
I:\start.exe
J:\AutoRun.exe

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 25.07.2012, 22:13   #3
xawax
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Hab alles was du geschreiben hast genau gemacht, das computer ist neugestartet ohne dieses bild von " der computer ist..." aber jetzt ziegt leerem bild, und hab bei safe mode gestartet dann fang mit errors an und jetzt das internet drahtlos wird nicht mehr erkannt. Mfg
__________________

Alt 26.07.2012, 11:28   #4
t'john
/// Helfer-Team
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Wo ist das Logfile?

Rechner normal starten!
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.07.2012, 17:26   #5
xawax
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Ich hab normal gestartet dabei kam nur weisses leeres bild, jetzt kann ich nicht hier den logfile posten weil ich hab kein internet verbindung mehr , ich schreib hier von mein handy was kann ich tun?


Alt 26.07.2012, 19:42   #6
t'john
/// Helfer-Team
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Wie stellst du die Verbindung mit dem Internet her?
__________________
--> "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"

Alt 26.07.2012, 19:54   #7
xawax
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Ich poste von mein handy

Alt 26.07.2012, 19:55   #8
t'john
/// Helfer-Team
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Ich rede vom PC!
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.07.2012, 20:27   #9
xawax
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Was meinst du jetzt? Was kann ich tun? Ist das noch zu retten oder muss ich formatieren?

Alt 26.07.2012, 22:16   #10
t'john
/// Helfer-Team
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Ich meine, wie verbindest du dich mit dem Internet?

Wlan Router? Kabel? wie?
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.07.2012, 22:24   #11
xawax
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Internet vebindung mit wlan

Alt 26.07.2012, 22:26   #12
t'john
/// Helfer-Team
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Und was genau ist das Problem?
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.07.2012, 22:31   #13
xawax
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Laptop erkannt kein wlan mehr und findet den rauter nicht nach dem fixen beim OTL

Alt 26.07.2012, 22:33   #14
t'john
/// Helfer-Team
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Schau in den Geraetemanager ob da die WLan-Karte aufgefuehrt ist.
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.07.2012, 22:37   #15
xawax
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Ja hab schon geguckt, und da steht das alles in ordnung ist und funtion einwandfrei, aber wenn ich nach wlan suche finde ich keins

Antwort

Themen zu "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
32 bit, akamai, avp, avp.exe, bho, bildschirm, blockiert, bonjour, computer, der computer ist für die verletzung, entfernen, error, firefox, flash player, format, google earth, home, hängen, install.exe, intranet, kaspersky, logfile, ntdll.dll, office 2007, plug-in, realtek, registry, rundll, scan, searchscopes, security, services.exe, software, stick, verletzung der gesetze der bundesrepublik deutschland wurde blockiert, vista, visual studio




Ähnliche Themen: "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"


  1. Trojaner "der computer ist für die verletzung der gesetze der bundesrepublik deutschland wurde blockiert "
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (17)
  2. "Der computer ist für die verletzung der gesetze der bundesrepublik deutschland wurde blockiert" Windows XP
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (2)
  3. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"?
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (3)
  4. Hab den Virus "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (11)
  5. "Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert "
    Log-Analyse und Auswertung - 09.09.2012 (2)
  6. UKASH-Trojaner "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Log-Analyse und Auswertung - 08.09.2012 (14)
  7. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (11)
  8. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (19)
  9. "Dieser Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (17)
  10. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Log-Analyse und Auswertung - 21.08.2012 (12)
  11. Mal wieder "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (7)
  12. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (14)
  13. "der computer ist für die verletzung der gesetze der bundesrepublik deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (2)
  14. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert".
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (38)
  15. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert".
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (8)
  16. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Log-Analyse und Auswertung - 08.08.2012 (5)
  17. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (16)

Zum Thema "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Hello, Ich habe mir einen Sperr-Trojaner eingefangen, der den kompletten Bildschirm verdeckt und per Ukash auffordert 100€ zu zahlen, ich habe schon OTL scannen lassen, das log ist hier : - "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"...
Archiv
Du betrachtest: "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.