GVU-Trojaner - Problem

crossit · 26.10.2012, 18:22

hallo habe ein problem mit dem GVU-Trojaner und kriege hin nicht weg ...
hier mal mein log

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:24, on 26.10.2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Vaio\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Vaio\AppData\Local\Temp\mlJAsPhF.dll,#1
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Startup: ctfmon.lnk = C:\ProgramData\lsass.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11014 bytes

M-K-D-B · 26.10.2012, 18:55

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Führe die folgenden Programme im abgesicherten Modus mit Netzwerkunterstützung aus und poste die Logdateien.
Anschließend beginnen wir mit der Bereinigung.

Warum hast du kein Service Pack 2 für Windows Vista installiert?

Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.

Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

Schritt 3
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 4
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von OTL,
die Logdatei von aswMBR,
die Logdatei von TDSSKiller,
die Beantwortung der gestellten Frage.

crossit · 29.10.2012, 01:04

vielen dank das du mir dabei hilfst!
hier sind die beiden OTL Logs

erstmal der normale
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.10.2012 15:22:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Vaio\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 85,88% Memory free
6,19 Gb Paging File | 5,96 Gb Available in Paging File | 96,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,86 Gb Total Space | 81,78 Gb Free Space | 36,70% Space Free | Partition Type: NTFS
Drive F: | 5,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,45 Gb Total Space | 2,12 Gb Free Space | 28,43% Space Free | Partition Type: FAT32
 
Computer Name: VAIO-PC | User Name: Vaio | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.28 14:47:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vaio\Desktop\OTL.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.09 11:50:52 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2009.08.08 17:30:09 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.08.05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.07.10 14:42:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.04.02 13:43:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.03.04 20:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008.03.04 20:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008.03.04 20:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008.03.03 14:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008.03.03 13:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008.02.21 09:26:20 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008.02.15 11:56:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2008.02.15 11:56:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008.02.15 11:56:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008.02.15 11:56:50 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.28 02:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007.11.28 02:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007.11.28 01:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007.11.09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Programme\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Stopped] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.01.04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Programme\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - [2012.10.26 15:34:30 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Vaio\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2009.12.07 15:55:11 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.07.10 14:42:40 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.19 10:34:18 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2008.08.19 10:34:18 | 000,044,416 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008.02.13 01:01:28 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2008.02.13 01:01:28 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008.02.12 01:29:19 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.02.07 01:03:27 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.02.07 01:03:06 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.01.30 17:33:28 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.12.17 02:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007.12.13 16:40:06 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007.11.16 01:29:22 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007.09.19 04:29:09 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.05.26 09:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Sony: Community: Welcome to the Sony Community for Computing
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=TB50TRie7
IE - HKLM\..\SearchScopes\{3DD0E5C7-2CA6-4FBA-A0D4-1B3221C5E538}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Sony: Community: Welcome to the Sony Community for Computing
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://partnerpage.google.com/eu.s [Binary data over 200 bytes]
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 7A 2C 4A 0C 66 CA 01  [binary data]
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=TB50TRie7
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\SearchScopes\{3DD0E5C7-2CA6-4FBA-A0D4-1B3221C5E538}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_deUS294
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Vaio\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Vaio\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
 
[2009.07.22 09:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vaio\AppData\Roaming\mozilla\Extensions
[2009.07.22 09:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vaio\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
 
O1 HOSTS File: ([2009.07.10 14:27:43 | 000,317,652 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	²©²ÊÍ¨,²©²ÊÍø,½ð±¦²©188,²©²ÊÍ¨ÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	,?,?,,,??,?
O1 - Hosts: 10898 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe File not found
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe File not found
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp File not found
O4 - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000..\Run: [MSServer] rundll32.exe C:\Users\Vaio\AppData\Local\Temp\mlJAsPhF.dll,#1 File not found
O4 - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O7 - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{590E53EE-90DF-4775-9BF9-A8F08B263108}: DhcpNameServer = 172.30.3.1 194.115.64.65 194.115.64.66 10.189.84.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{632DF83F-19B8-4ADD-9CE7-57819EADC2C0}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9b5af5a5-8985-11dd-9463-001e3da68e27}\Shell\AutoRun\command - "" = G:\k2d8j3wa.bat
O33 - MountPoints2\{9b5af5a5-8985-11dd-9463-001e3da68e27}\Shell\explore\Command - "" = G:\k2d8j3wa.bat
O33 - MountPoints2\{9b5af5a5-8985-11dd-9463-001e3da68e27}\Shell\open\Command - "" = G:\k2d8j3wa.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Programme\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - C:\ComboFix\pev.3XE ()
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - C:\ComboFix\pev.3XE ()
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.28 15:20:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.28 14:55:49 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.10.28 14:55:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vaio\Desktop\OTL.exe
[2012.10.26 15:32:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.26 15:32:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.26 15:32:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.26 15:16:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.26 15:16:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.26 15:15:53 | 004,989,043 | R--- | C] (Swearware) -- C:\Users\Vaio\Desktop\ComboFix.exe
[2012.10.26 15:03:05 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Vaio\Desktop\HiJackThis.exe
[2012.10.11 22:20:52 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.10.11 02:03:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.28 15:19:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.28 14:58:13 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.28 14:58:13 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.28 14:58:13 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.28 14:58:13 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.28 14:55:53 | 000,008,704 | ---- | M] () -- C:\Users\Vaio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.28 14:47:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vaio\Desktop\OTL.exe
[2012.10.26 15:08:40 | 004,989,043 | R--- | M] (Swearware) -- C:\Users\Vaio\Desktop\ComboFix.exe
[2012.10.26 14:57:21 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6E99C388-88E1-4559-AC15-BD04BBD4B4E0}.job
[2012.10.26 14:57:17 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.10.26 14:53:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.26 14:53:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.26 11:34:52 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Vaio\Desktop\HiJackThis.exe
[2012.10.11 22:20:56 | 000,000,754 | ---- | M] () -- C:\Users\Vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.10.11 22:20:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.10.11 22:05:45 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.11 22:04:10 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.09 11:50:49 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.09 11:50:49 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.01 21:56:39 | 000,028,760 | ---- | M] () -- C:\Users\Vaio\Desktop\Konto_1061741296-Auszug_2012_005_pdf.pdf
[2012.09.30 23:34:45 | 000,048,202 | ---- | M] () -- C:\Users\Vaio\Desktop\tiffany.jpg
 
========== Files Created - No Company Name ==========
 
[2012.10.26 15:32:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.26 15:32:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.26 15:32:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.26 15:32:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.26 15:32:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.11 22:20:56 | 000,000,754 | ---- | C] () -- C:\Users\Vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.10.11 22:20:53 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.10.01 21:56:30 | 000,028,760 | ---- | C] () -- C:\Users\Vaio\Desktop\Konto_1061741296-Auszug_2012_005_pdf.pdf
[2012.09.30 23:35:01 | 000,048,202 | ---- | C] () -- C:\Users\Vaio\Desktop\tiffany.jpg
[2011.05.21 09:31:57 | 000,053,334 | ---- | C] () -- C:\Users\Vaio\165504_1804994570950_1422475112_2034753_7906954_n[1].jpg
[2011.01.27 21:48:16 | 000,050,151 | ---- | C] () -- C:\Users\Vaio\IMG_0001.jpg
[2008.11.16 19:24:31 | 000,477,567 | ---- | C] () -- C:\Users\Vaio\IMG00008.jpg
[2008.09.12 03:04:27 | 000,008,704 | ---- | C] () -- C:\Users\Vaio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.31 15:21:46 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.08.18 15:31:20 | 000,000,680 | ---- | C] () -- C:\Users\Vaio\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---

der extra log

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 28.10.2012 15:22:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Vaio\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 85,88% Memory free
6,19 Gb Paging File | 5,96 Gb Available in Paging File | 96,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,86 Gb Total Space | 81,78 Gb Free Space | 36,70% Space Free | Partition Type: NTFS
Drive F: | 5,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,45 Gb Total Space | 2,12 Gb Free Space | 28,43% Space Free | Partition Type: FAT32
 
Computer Name: VAIO-PC | User Name: Vaio | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04269AA6-9AE8-47F9-B98C-D50C2525A568}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{09A5F057-CF16-40A4-BA18-237917DC73EA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0CF10335-F3AE-4E5F-9EE8-B95476798F01}" = lport=138 | protocol=17 | dir=in | app=system | 
"{29E99F8B-29A9-4317-837D-2B150900C14F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2F293E40-5453-41BF-8259-6E47FA9C639D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{67D2B1EA-9ED5-4AAF-815C-B2360F67727B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A1E1981F-338B-41B2-BB79-AE04D626C7EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A7A6ED89-E08A-48A5-9790-2D16C1BEC3FB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AA6FBF78-1126-4C87-A05F-BF488DD8C31A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C1B3163E-3BAA-4F6E-8056-9246AD1A3AD3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D3341AB0-1AC0-4C6C-A157-3B9A81CCD9E3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D87CB6E4-061D-4E2D-90F1-2FEFE4F78DB5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EDF93686-C880-49F2-86AE-870EE948137C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EB649F-D586-484D-B8BD-347F3417B753}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{02DFCA5B-D9F9-4125-A4E4-A45E9764C9BD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{08CB4460-041B-4209-8C23-4E758F47E249}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{103A4F5A-C494-4521-AC1D-3E4520409066}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{17AFBAC3-E5CE-48F6-9707-5E348C95E97B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{38978B77-6A40-4343-A60C-ABEBA3374F2E}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{3C32FF9E-8BBE-4C8F-A549-9248B5BC49E0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{52BF2F69-F413-4866-9ADA-7A170E15A724}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{53181BAE-06DB-4F85-B797-5B9BF2CDAF07}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{55D5172D-4CBC-4C1D-A89D-7865307CBA60}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | 
"{5896B118-DB3A-46BC-91ED-93896AEB9A4A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{5C1656A7-3BCC-4805-8815-636B05562F3D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5F2A3DB2-59FE-4BD3-BA20-890EB56B8294}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | 
"{7150F168-6642-484E-A559-0643A4349766}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{7293E624-A7C5-4E8B-B00C-B19F6F745CB7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{7401213F-79A1-482C-B5BB-893F4ED27123}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{9362A0FB-4749-4303-88C5-943261BC558B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{97D27C65-2663-46B1-BD37-7F18D186ED44}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9AC570A0-B9AE-443D-A441-022C43F456C6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{9D84D6BB-CF69-418F-B496-6AAFAED25C52}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{AF512A4C-802D-44F4-8781-F64FF3D5FF8D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D82C6A12-6A4A-4128-A070-6551CA27DE01}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{D8A62D45-5B60-46D5-9214-D660DFB9280F}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{E739B607-CB84-4677-BD0C-E0AABC5490C5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{25204E51-B6FB-4831-8CF5-E080D72BE83B}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | 
"TCP Query User{BB1C9806-356A-41D9-B1B9-39FD4B3BA676}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{4A79CC0F-C7C9-444C-8A7A-049DAD62BA25}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | 
"UDP Query User{988A7C0A-4CE1-44F8-BEC6-BFACA8F962E9}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00E3E16A-EF37-6F18-2501-821AAB6903AB}" = ccc-core-static
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0299E902-A8ED-7748-4A47-8080C42436F2}" = Catalyst Control Center Core Implementation
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0D8189EB-8824-AA13-6A45-8201E3353AC8}" = CCC Help German
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14F47992-EF70-16D9-1DD6-8A240073CD82}" = ATI Catalyst Install Manager
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{165E861A-D87F-5BED-190E-8EBC4ECCE65E}" = Catalyst Control Center Graphics Light
"{17F8195F-91B9-35A7-E4B9-6E54C0B7B9B3}" = CCC Help Korean
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1EDDE5D9-7455-3159-41BE-1BC8C76B8950}" = CCC Help Spanish
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FF12BFD-84AC-4E81-9A8F-496E5C2DDA79}_is1" = Didi V3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{248BF282-92C4-4C53-09F4-454E81503277}" = Catalyst Control Center Localization Italian
"{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager
"{28B52CF6-FC4D-38E7-2438-62EB527780FD}" = Catalyst Control Center Graphics Full Existing
"{29ADBAC3-97C3-1963-0F76-1687F73154D7}" = Catalyst Control Center Localization French
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2E0993DB-99D1-3D3D-FDD8-757F7C44BB7F}" = CCC Help French
"{2E2F4CB9-70B3-B6BA-1241-BC53FE5BE5DA}" = Catalyst Control Center Localization Thai
"{31E6A959-22FA-51B9-4E5A-1E2D2C0C8F1E}" = CCC Help Hungarian
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide
"{356181AD-C50C-394F-20D8-C6CB0A961589}" = Catalyst Control Center Localization Portuguese
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{46B9C26B-4370-C68D-1743-4F13AC12B4CD}" = CCC Help Turkish
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{495B3F8D-06AA-216A-6159-C9EABA6B7D8E}" = CCC Help Chinese Traditional
"{4A074D34-1F3D-B98F-CFF9-B2794DA33871}" = Catalyst Control Center Localization Danish
"{4A790D47-EBBF-659B-96BD-46AF5D69730B}" = Catalyst Control Center Localization Chinese Traditional
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4FE475AA-C4CC-115A-1422-5DFB86FC806D}" = Catalyst Control Center Localization Hungarian
"{5463642B-44B3-34D3-E64E-0ACAA949BB5A}" = CCC Help Finnish
"{568457D9-A55B-D9BC-13EC-14C84E69BD86}" = Catalyst Control Center Graphics Full New
"{56A6F256-5323-4617-3AE8-45B28B559E37}" = CCC Help English
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A3A36F-626E-8848-D9E0-41FCDC92FECA}" = CCC Help Portuguese
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = 
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{6788581C-ECDA-326B-EE71-F9BE4635355F}" = Catalyst Control Center Localization Korean
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6CE464DB-CD52-F4F9-FB58-BC934702A499}" = CCC Help Japanese
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7193B0D6-65E4-6FB1-EB23-E9CE6D611BDC}" = CCC Help Czech
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects
"{7CB64BD2-0FB7-E037-6924-EA2B8BE44E7E}" = CCC Help Greek
"{7F6C2F96-3302-784E-BF0D-65D794E39BC2}" = Catalyst Control Center Localization Norwegian
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{84EA9BEB-AFF7-06C6-60DF-608807EA7DF2}" = Catalyst Control Center Localization German
"{8550D6A8-0DBC-AC89-F12B-71167346845E}" = Catalyst Control Center Localization Dutch
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A2224A1-7C5F-170C-74B6-6EEF9F92FCC3}" = CCC Help Norwegian
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{963B65F9-89C7-48BB-8E40-E7583DEC7C8D}" = SonicStage Mastering Studio
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{96E425D4-2DB1-6B29-0944-7DC78E9EEF81}" = Catalyst Control Center Localization Finnish
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{9E332EEA-DCFC-424B-E499-0D35FFAD4D76}" = Catalyst Control Center Localization Greek
"{9F165569-C622-3F85-0F90-23CF9B0B7E50}" = Catalyst Control Center Localization Turkish
"{A33E457B-5369-481F-8B53-71108AE2EB5B}" = Roxio Easy Media Creator 10 LJ
"{A38F2A2D-F9AC-6303-A14D-DD2D77519627}" = Catalyst Control Center Localization Polish
"{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{B07FD2DE-87AB-976B-9E7E-9CD9598D1188}" = CCC Help Italian
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B74686F4-939E-9D89-2C09-3B0FCB3C2B37}" = Catalyst Control Center Localization Japanese
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4
"{B982D59B-B732-C911-51F3-CC962F906573}" = ccc-utility
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFCBC9EC-8ECC-2E8F-85DF-9D02C3B6E8AD}" = CCC Help Thai
"{C1141112-2968-FB36-0DF7-9D61AE6A0DCF}" = CCC Help Chinese Standard
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9B56B00-7A33-378D-E64E-E044BE535A46}" = Catalyst Control Center Localization Chinese Standard
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc
"{D0AE373E-C276-432B-9A95-F8DD356A8242}" = VAIO Movie Story
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D79FDDB3-D6DD-63CC-BA61-D5406F392979}" = Catalyst Control Center Localization Russian
"{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus
"{DA3C6D93-6EB8-BF5C-2C14-2B1A08284DBD}" = Catalyst Control Center Graphics Previews Vista
"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DEFB9CA4-6242-B988-E263-CD102219F54F}" = Skins
"{DF02B276-8216-D2FC-1E3D-E6382F8F6D91}" = Catalyst Control Center Localization Swedish
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E40EE28E-1009-B9B3-1E6B-635E878EAFF4}" = CCC Help Danish
"{E626EA97-DC4B-B9C2-5120-F826D00623D5}" = Catalyst Control Center Localization Spanish
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E8EF1266-1D1F-C2FB-1E98-2FB9E71B3C7C}" = Catalyst Control Center Graphics Previews Common
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED1273B9-C028-C97D-BBF4-B667AD1644AE}" = CCC Help Dutch
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FD0F66-34CF-4555-8B13-BCFC96F3864C}" = Branding
"{F2D89AED-46DA-3DAF-CE35-BEA81D3CCE4B}" = CCC Help Polish
"{F536B64C-FA0C-AAEE-AE89-E15B12E7C659}" = CCC Help Swedish
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F76F1E24-BFF9-9754-FDB4-595A7DFF8651}" = CCC Help Russian
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F8ECA4D4-3CB6-3B1C-A20A-884D5744C0FF}" = Catalyst Control Center Localization Czech
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"dt icon module" = 
"Graboid Video" = Graboid Video 2.01
"gtfirstboot Setting Request" = 
"HijackThis" = HijackThis 2.0.2
"iDump" = iDump (Backing up your iPod)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"MarketingTools" = Vaio Marketing Tools
"MFU Module" = 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PROPLUS" = Microsoft Office Professional Plus 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VAIO Help and Support" = 
"VAIO_My Club VAIO" = My Club VAIO
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp (nur entfernen)
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3638178994-2510745473-2292205814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.10.2012 09:55:24 | Computer Name = Vaio-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.10.2012 09:56:17 | Computer Name = Vaio-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AppleSyncNotifier.exe, Version 1.5.0.0, Zeitstempel
 0x4a5d2cf8, fehlerhaftes Modul CoreFoundation.dll, Version 6.0.6001.18538, Zeitstempel
 0x4cb733dc, Ausnahmecode 0xc0000135, Fehleroffset 0x00009cfc,  Prozess-ID 0xe70, 
Anwendungsstartzeit 01cdb381699f7061.
 
Error - 26.10.2012 10:01:35 | Computer Name = Vaio-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 26.10.2012 10:01:49 | Computer Name = Vaio-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.10.2012 09:39:21 | Computer Name = Vaio-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 28.10.2012 09:39:31 | Computer Name = Vaio-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.10.2012 09:46:46 | Computer Name = Vaio-PC | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess C:\Windows\system32\lsass.exe ist fehlgeschlagen
 mit den Statuscode 1. Der Computer muss neu gestartet werden.
 
Error - 28.10.2012 09:50:09 | Computer Name = Vaio-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 28.10.2012 09:50:51 | Computer Name = Vaio-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.10.2012 10:20:17 | Computer Name = Vaio-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 28.10.2012 10:20:29 | Computer Name = Vaio-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 24.08.2008 16:32:08 | Computer Name = Vaio-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 11.09.2009 09:44:28 | Computer Name = Vaio-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
Error - 13.10.2009 07:54:43 | Computer Name = Vaio-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
 
Error encountered while reading event logs.
 
< End of report >

--- --- ---

dann kommt von defogger ein los

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:36 on 28/10/2012 (Vaio)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

der von aswMBR

Zitat:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-28 15:37:13
-----------------------------
15:37:13.703 OS Version: Windows 6.0.6001 Service Pack 1
15:37:13.703 Number of processors: 2 586 0x1706
15:37:13.703 ComputerName: VAIO-PC UserName: Vaio
15:37:43.171 Initialize success
15:40:15.271 AVAST engine defs: 12102800
15:40:21.184 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:40:21.184 Disk 0 Vendor: Hitachi_HTS542525K9SA00 BBFOC3BP Size: 238475MB BusType: 3
15:40:21.262 Disk 0 MBR read successfully
15:40:21.262 Disk 0 MBR scan
15:40:21.262 Disk 0 Windows VISTA default MBR code
15:40:21.277 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10262 MB offset 2048
15:40:21.293 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228211 MB offset 21020672
15:40:21.308 Disk 0 scanning sectors +488397168
15:40:21.620 Disk 0 scanning C:\Windows\system32\drivers
15:40:32.275 Service scanning
15:41:01.915 Modules scanning
15:41:06.845 Disk 0 trace - called modules:
15:41:06.876 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
15:41:06.892 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8544f4b0]
15:41:06.892 3 CLASSPNP.SYS[8a419745] -> nt!IofCallDriver -> [0x853298b0]
15:41:06.892 5 acpi.sys[806996a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x845418a8]
15:41:10.355 AVAST engine scan C:\Windows
15:41:14.426 AVAST engine scan C:\Windows\system32
15:45:25.867 AVAST engine scan C:\Windows\system32\drivers
15:45:39.049 AVAST engine scan C:\Users\Vaio
15:48:22.756 File: C:\Users\Vaio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PP4MCBUS\about[1].exe **INFECTED** Win32:Rootkit-gen [Rtk]
16:01:01.446 File: C:\Users\Vaio\AppData\Local\Temp\wpbt0.dll **INFECTED** Win32:Rootkit-gen [Rtk]
16:18:19.985 AVAST engine scan C:\ProgramData
16:25:52.042 Scan finished successfully
00:55:23.533 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
00:55:23.549 The log file has been saved successfully to "G:\aswMBR.txt"

M-K-D-B · 29.10.2012, 09:57

Servus,

Entweder du beantwortest meine Fragen, oder wir können uns die Bereinigung schenken.
Warum ist das Service Packe 2 für Windows Vista nicht installiert?
Warum hast du ComboFix ohne Anweisung ausgeführt?

Bitte poste noch die Logdatei von TDSSKiller.

crossit · 29.10.2012, 19:18

serivice pack 2 ist nicht installiert weil der pc mir eigentlich nicht gehört und ich ihn nur bereinigen soll....
derCombofix hatte ich benutzt weil ich mir dachte du nimmst einen ähnlichen beitrag habe aber dann erfahren das ich combofix nicht nutzen sollte ansonsten hier der Tdsskiller log

Zitat:

19:13:33.0690 0244 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:13:33.0784 0244 ============================================================
19:13:33.0784 0244 Current date / time: 2012/10/29 19:13:33.0784
19:13:33.0784 0244 SystemInfo:
19:13:33.0784 0244
19:13:33.0784 0244 OS Version: 6.0.6001 ServicePack: 1.0
19:13:33.0784 0244 Product type: Workstation
19:13:33.0784 0244 ComputerName: VAIO-PC
19:13:33.0784 0244 UserName: Vaio
19:13:33.0784 0244 Windows directory: C:\Windows
19:13:33.0784 0244 System windows directory: C:\Windows
19:13:33.0784 0244 Processor architecture: Intel x86
19:13:33.0784 0244 Number of processors: 2
19:13:33.0784 0244 Page size: 0x1000
19:13:33.0784 0244 Boot type: Safe boot with network
19:13:33.0784 0244 ============================================================
19:13:35.0250 0244 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:13:35.0250 0244 ============================================================
19:13:35.0250 0244 \Device\Harddisk0\DR0:
19:13:35.0266 0244 MBR partitions:
19:13:35.0266 0244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x140C000, BlocksNum 0x1BDB9970
19:13:35.0266 0244 ============================================================
19:13:35.0312 0244 C: <-> \Device\Harddisk0\DR0\Partition1
19:13:35.0312 0244 ============================================================
19:13:35.0312 0244 Initialize success
19:13:35.0312 0244 ============================================================
19:13:39.0478 1996 ============================================================
19:13:39.0478 1996 Scan started
19:13:39.0478 1996 Mode: Manual;
19:13:39.0478 1996 ============================================================
19:13:39.0992 1996 ================ Scan system memory ========================
19:13:39.0992 1996 System memory - ok
19:13:39.0992 1996 ================ Scan services =============================
19:13:40.0164 1996 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
19:13:40.0164 1996 ACPI - ok
19:13:40.0242 1996 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
19:13:40.0242 1996 AdobeActiveFileMonitor6.0 - ok
19:13:40.0320 1996 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:13:40.0320 1996 AdobeFlashPlayerUpdateSvc - ok
19:13:40.0398 1996 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:13:40.0398 1996 adp94xx - ok
19:13:40.0429 1996 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:13:40.0429 1996 adpahci - ok
19:13:40.0445 1996 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:13:40.0445 1996 adpu160m - ok
19:13:40.0476 1996 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:13:40.0476 1996 adpu320 - ok
19:13:40.0523 1996 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:13:40.0523 1996 AeLookupSvc - ok
19:13:40.0585 1996 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
19:13:40.0585 1996 AFD - ok
19:13:40.0616 1996 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:13:40.0616 1996 agp440 - ok
19:13:40.0648 1996 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:13:40.0648 1996 aic78xx - ok
19:13:40.0663 1996 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:13:40.0663 1996 ALG - ok
19:13:40.0679 1996 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
19:13:40.0679 1996 aliide - ok
19:13:40.0694 1996 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:13:40.0694 1996 amdagp - ok
19:13:40.0710 1996 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
19:13:40.0710 1996 amdide - ok
19:13:40.0741 1996 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:13:40.0741 1996 AmdK7 - ok
19:13:40.0757 1996 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:13:40.0757 1996 AmdK8 - ok
19:13:40.0835 1996 [ 9015BC03F62940527EC92D45EE89E46F ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:13:40.0835 1996 AntiVirSchedulerService - ok
19:13:40.0882 1996 [ B8720A787C1223492E6F319465E996CE ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:13:40.0882 1996 AntiVirService - ok
19:13:40.0913 1996 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:13:40.0913 1996 Appinfo - ok
19:13:41.0022 1996 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:13:41.0022 1996 Apple Mobile Device - ok
19:13:41.0084 1996 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
19:13:41.0084 1996 arc - ok
19:13:41.0100 1996 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:13:41.0116 1996 arcsas - ok
19:13:41.0131 1996 [ 6B3AB8F67B37402A4174CAA45002903E ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
19:13:41.0131 1996 ArcSoftKsUFilter - ok
19:13:41.0162 1996 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:13:41.0162 1996 AsyncMac - ok
19:13:41.0178 1996 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
19:13:41.0178 1996 atapi - ok
19:13:41.0256 1996 [ 983F6E0FEBE34A887633581B948D0ED6 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
19:13:41.0256 1996 Ati External Event Utility - ok
19:13:41.0334 1996 [ 932481DB5F321E7BD56D3D7BAA1FB3C3 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:13:41.0350 1996 atikmdag - ok
19:13:41.0396 1996 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:13:41.0396 1996 AudioEndpointBuilder - ok
19:13:41.0412 1996 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:13:41.0412 1996 Audiosrv - ok
19:13:41.0474 1996 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys
19:13:41.0474 1996 avgio - ok
19:13:41.0490 1996 [ 14FE36D8F2C6A2435275338D061A0B66 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:13:41.0490 1996 avgntflt - ok
19:13:41.0521 1996 [ 6D52060B59E7D79CD2A044B6ADD1F1EF ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:13:41.0521 1996 avipbb - ok
19:13:41.0630 1996 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
19:13:41.0630 1996 BBSvc - ok
19:13:41.0677 1996 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
19:13:41.0677 1996 BBUpdate - ok
19:13:41.0708 1996 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:13:41.0708 1996 Beep - ok
19:13:41.0755 1996 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
19:13:41.0755 1996 BFE - ok
19:13:41.0818 1996 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
19:13:41.0818 1996 BITS - ok
19:13:41.0833 1996 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:13:41.0833 1996 blbdrive - ok
19:13:41.0911 1996 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:13:41.0911 1996 Bonjour Service - ok
19:13:41.0958 1996 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:13:41.0958 1996 bowser - ok
19:13:41.0974 1996 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:13:41.0974 1996 BrFiltLo - ok
19:13:41.0989 1996 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:13:41.0989 1996 BrFiltUp - ok
19:13:42.0020 1996 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:13:42.0020 1996 Browser - ok
19:13:42.0052 1996 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:13:42.0052 1996 Brserid - ok
19:13:42.0067 1996 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:13:42.0067 1996 BrSerWdm - ok
19:13:42.0083 1996 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:13:42.0083 1996 BrUsbMdm - ok
19:13:42.0098 1996 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:13:42.0098 1996 BrUsbSer - ok
19:13:42.0130 1996 [ E5145A9DEC2A863DE262D40EFF7D793A ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
19:13:42.0130 1996 BthEnum - ok
19:13:42.0161 1996 [ 5FFA6988FF9597986FF2ADA736CC90C0 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:13:42.0161 1996 BTHMODEM - ok
19:13:42.0176 1996 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:13:42.0176 1996 BthPan - ok
19:13:42.0208 1996 [ 9F299C5274672900591E7C616D725F56 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
19:13:42.0208 1996 BTHPORT - ok
19:13:42.0239 1996 [ 58EE7F5E68310BC8D4E7CEBD8358C12E ] BthServ C:\Windows\System32\bthserv.dll
19:13:42.0239 1996 BthServ - ok
19:13:42.0254 1996 [ 31C9453DF130B4B89EAFCDC97319CCC2 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:13:42.0254 1996 BTHUSB - ok
19:13:42.0286 1996 [ 7F256D9FFF384FAA40DF5DB1CB8531D9 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
19:13:42.0286 1996 btwaudio - ok
19:13:42.0317 1996 [ D87D990131AAABB27D4046790292366D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
19:13:42.0317 1996 btwavdt - ok
19:13:42.0317 1996 [ D02F4D18AA4A38F781BEEFEB1892E144 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
19:13:42.0317 1996 btwl2cap - ok
19:13:42.0332 1996 [ E1771C0FB49E747AB2B2D29DA50510F9 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
19:13:42.0332 1996 btwrchid - ok
19:13:42.0426 1996 [ D94B86AD01A3CC323619D4FF512ED6FA ] catchme C:\Users\Vaio\AppData\Local\Temp\catchme.sys
19:13:42.0426 1996 catchme - ok
19:13:42.0457 1996 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:13:42.0457 1996 cdfs - ok
19:13:42.0488 1996 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:13:42.0488 1996 cdrom - ok
19:13:42.0520 1996 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
19:13:42.0520 1996 CertPropSvc - ok
19:13:42.0551 1996 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
19:13:42.0551 1996 circlass - ok
19:13:42.0566 1996 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
19:13:42.0566 1996 CLFS - ok
19:13:42.0660 1996 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:13:42.0660 1996 clr_optimization_v2.0.50727_32 - ok
19:13:42.0769 1996 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:13:42.0769 1996 clr_optimization_v4.0.30319_32 - ok
19:13:42.0816 1996 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:13:42.0816 1996 CmBatt - ok
19:13:42.0816 1996 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:13:42.0816 1996 cmdide - ok
19:13:42.0847 1996 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:13:42.0847 1996 Compbatt - ok
19:13:42.0847 1996 COMSysApp - ok
19:13:42.0847 1996 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:13:42.0863 1996 crcdisk - ok
19:13:42.0863 1996 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:13:42.0863 1996 Crusoe - ok
19:13:42.0894 1996 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:13:42.0894 1996 CryptSvc - ok
19:13:42.0988 1996 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:13:42.0988 1996 DcomLaunch - ok
19:13:43.0003 1996 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:13:43.0003 1996 DfsC - ok
19:13:43.0066 1996 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:13:43.0066 1996 Dhcp - ok
19:13:43.0097 1996 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
19:13:43.0097 1996 disk - ok
19:13:43.0144 1996 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
19:13:43.0144 1996 DMICall - ok
19:13:43.0206 1996 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:13:43.0206 1996 Dnscache - ok
19:13:43.0237 1996 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
19:13:43.0237 1996 dot3svc - ok
19:13:43.0284 1996 [ 4F59C172C094E1A1D46463A8DC061CBD ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
19:13:43.0284 1996 dot4 - ok
19:13:43.0331 1996 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:13:43.0331 1996 Dot4Print - ok
19:13:43.0346 1996 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
19:13:43.0346 1996 dot4usb - ok
19:13:43.0378 1996 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:13:43.0378 1996 DPS - ok
19:13:43.0409 1996 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:13:43.0409 1996 drmkaud - ok
19:13:43.0487 1996 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:13:43.0487 1996 DXGKrnl - ok
19:13:43.0518 1996 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:13:43.0518 1996 E1G60 - ok
19:13:43.0534 1996 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:13:43.0549 1996 EapHost - ok
19:13:43.0580 1996 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:13:43.0580 1996 Ecache - ok
19:13:43.0643 1996 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:13:43.0643 1996 ehRecvr - ok
19:13:43.0658 1996 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
19:13:43.0658 1996 ehSched - ok
19:13:43.0674 1996 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
19:13:43.0674 1996 ehstart - ok
19:13:43.0705 1996 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:13:43.0705 1996 elxstor - ok
19:13:43.0783 1996 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:13:43.0783 1996 EMDMgmt - ok
19:13:43.0799 1996 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:13:43.0814 1996 ErrDev - ok
19:13:43.0846 1996 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
19:13:43.0846 1996 EventSystem - ok
19:13:43.0877 1996 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
19:13:43.0877 1996 exfat - ok
19:13:43.0877 1996 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:13:43.0877 1996 fastfat - ok
19:13:43.0908 1996 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:13:43.0908 1996 fdc - ok
19:13:43.0955 1996 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:13:43.0955 1996 fdPHost - ok
19:13:43.0986 1996 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:13:43.0986 1996 FDResPub - ok
19:13:44.0002 1996 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:13:44.0002 1996 FileInfo - ok
19:13:44.0017 1996 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:13:44.0017 1996 Filetrace - ok
19:13:44.0080 1996 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:13:44.0095 1996 FLEXnet Licensing Service - ok
19:13:44.0158 1996 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:13:44.0158 1996 flpydisk - ok
19:13:44.0173 1996 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:13:44.0173 1996 FltMgr - ok
19:13:44.0267 1996 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:13:44.0267 1996 FontCache3.0.0.0 - ok
19:13:44.0298 1996 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:13:44.0298 1996 fssfltr - ok
19:13:44.0392 1996 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:13:44.0392 1996 fsssvc - ok
19:13:44.0407 1996 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:13:44.0407 1996 Fs_Rec - ok
19:13:44.0423 1996 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:13:44.0438 1996 gagp30kx - ok
19:13:44.0532 1996 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:13:44.0532 1996 GEARAspiWDM - ok
19:13:44.0563 1996 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
19:13:44.0579 1996 gpsvc - ok
19:13:44.0610 1996 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:13:44.0610 1996 HdAudAddService - ok
19:13:44.0626 1996 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:13:44.0626 1996 HDAudBus - ok
19:13:44.0641 1996 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:13:44.0641 1996 HidBth - ok
19:13:44.0657 1996 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:13:44.0657 1996 HidIr - ok
19:13:44.0704 1996 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\System32\hidserv.dll
19:13:44.0704 1996 hidserv - ok
19:13:44.0719 1996 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:13:44.0719 1996 HidUsb - ok
19:13:44.0766 1996 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:13:44.0766 1996 hkmsvc - ok
19:13:44.0813 1996 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:13:44.0813 1996 HpCISSs - ok
19:13:44.0813 1996 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:13:44.0828 1996 HSFHWAZL - ok
19:13:44.0875 1996 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:13:44.0891 1996 HSF_DPV - ok
19:13:44.0938 1996 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:13:44.0938 1996 HSXHWAZL - ok
19:13:45.0000 1996 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:13:45.0000 1996 HTTP - ok
19:13:45.0031 1996 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:13:45.0031 1996 i2omp - ok
19:13:45.0062 1996 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:13:45.0062 1996 i8042prt - ok
19:13:45.0109 1996 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:13:45.0109 1996 iaStorV - ok
19:13:45.0203 1996 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:13:45.0218 1996 idsvc - ok
19:13:45.0234 1996 igfx - ok
19:13:45.0234 1996 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:13:45.0250 1996 iirsp - ok
19:13:45.0281 1996 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
19:13:45.0281 1996 IKEEXT - ok
19:13:45.0374 1996 [ D729199B204C3FB78C58FF30550D965C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:13:45.0390 1996 IntcAzAudAddService - ok
19:13:45.0421 1996 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
19:13:45.0421 1996 intelide - ok
19:13:45.0437 1996 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:13:45.0437 1996 intelppm - ok
19:13:45.0484 1996 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:13:45.0484 1996 IPBusEnum - ok
19:13:45.0499 1996 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:13:45.0499 1996 IpFilterDriver - ok
19:13:45.0562 1996 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:13:45.0562 1996 iphlpsvc - ok
19:13:45.0562 1996 IpInIp - ok
19:13:45.0593 1996 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:13:45.0608 1996 IPMIDRV - ok
19:13:45.0624 1996 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:13:45.0624 1996 IPNAT - ok
19:13:45.0686 1996 [ 9033D67B7112D23EDED6789BACDED128 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:13:45.0686 1996 iPod Service - ok
19:13:45.0718 1996 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:13:45.0718 1996 IRENUM - ok
19:13:45.0733 1996 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:13:45.0733 1996 isapnp - ok
19:13:45.0764 1996 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:13:45.0764 1996 iScsiPrt - ok
19:13:45.0780 1996 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:13:45.0780 1996 iteatapi - ok
19:13:45.0796 1996 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:13:45.0796 1996 iteraid - ok
19:13:45.0811 1996 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:13:45.0811 1996 kbdclass - ok
19:13:45.0827 1996 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:13:45.0827 1996 kbdhid - ok
19:13:45.0889 1996 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
19:13:45.0889 1996 KeyIso - ok
19:13:45.0952 1996 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:13:45.0952 1996 KSecDD - ok
19:13:45.0998 1996 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:13:45.0998 1996 KtmRm - ok
19:13:46.0061 1996 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:13:46.0061 1996 LanmanServer - ok
19:13:46.0108 1996 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:13:46.0108 1996 LanmanWorkstation - ok
19:13:46.0139 1996 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:13:46.0139 1996 lltdio - ok
19:13:46.0170 1996 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:13:46.0170 1996 lltdsvc - ok
19:13:46.0186 1996 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:13:46.0201 1996 lmhosts - ok
19:13:46.0217 1996 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:13:46.0217 1996 LSI_FC - ok
19:13:46.0248 1996 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:13:46.0248 1996 LSI_SAS - ok
19:13:46.0264 1996 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:13:46.0264 1996 LSI_SCSI - ok
19:13:46.0295 1996 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:13:46.0295 1996 luafv - ok
19:13:46.0326 1996 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:13:46.0326 1996 Mcx2Svc - ok
19:13:46.0373 1996 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:13:46.0373 1996 mdmxsdk - ok
19:13:46.0388 1996 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
19:13:46.0388 1996 megasas - ok
19:13:46.0420 1996 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:13:46.0420 1996 MegaSR - ok
19:13:46.0451 1996 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:13:46.0451 1996 MMCSS - ok
19:13:46.0482 1996 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:13:46.0482 1996 Modem - ok
19:13:46.0498 1996 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:13:46.0498 1996 monitor - ok
19:13:46.0513 1996 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:13:46.0513 1996 mouclass - ok
19:13:46.0529 1996 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:13:46.0529 1996 mouhid - ok
19:13:46.0544 1996 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:13:46.0544 1996 MountMgr - ok
19:13:46.0560 1996 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
19:13:46.0560 1996 mpio - ok
19:13:46.0576 1996 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:13:46.0576 1996 mpsdrv - ok
19:13:46.0607 1996 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
19:13:46.0607 1996 MpsSvc - ok
19:13:46.0638 1996 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:13:46.0638 1996 Mraid35x - ok
19:13:46.0654 1996 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:13:46.0654 1996 MRxDAV - ok
19:13:46.0700 1996 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:13:46.0700 1996 mrxsmb - ok
19:13:46.0794 1996 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:13:46.0794 1996 mrxsmb10 - ok
19:13:46.0794 1996 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:13:46.0794 1996 mrxsmb20 - ok
19:13:46.0810 1996 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
19:13:46.0810 1996 msahci - ok
19:13:46.0903 1996 [ 31FE01F58C95E1296F909BE52DEA63DD ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
19:13:46.0903 1996 MSCSPTISRV - ok
19:13:46.0934 1996 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:13:46.0934 1996 msdsm - ok
19:13:46.0950 1996 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:13:46.0950 1996 MSDTC - ok
19:13:46.0966 1996 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:13:46.0966 1996 Msfs - ok
19:13:46.0997 1996 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:13:46.0997 1996 msisadrv - ok
19:13:47.0012 1996 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:13:47.0012 1996 MSiSCSI - ok
19:13:47.0028 1996 msiserver - ok
19:13:47.0044 1996 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:13:47.0044 1996 MSKSSRV - ok
19:13:47.0059 1996 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:13:47.0059 1996 MSPCLOCK - ok
19:13:47.0090 1996 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:13:47.0090 1996 MSPQM - ok
19:13:47.0122 1996 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:13:47.0122 1996 MsRPC - ok
19:13:47.0153 1996 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:13:47.0153 1996 mssmbios - ok
19:13:47.0168 1996 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:13:47.0168 1996 MSTEE - ok
19:13:47.0184 1996 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
19:13:47.0184 1996 Mup - ok
19:13:47.0215 1996 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
19:13:47.0231 1996 napagent - ok
19:13:47.0278 1996 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:13:47.0278 1996 NativeWifiP - ok
19:13:47.0324 1996 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:13:47.0340 1996 NDIS - ok
19:13:47.0371 1996 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:13:47.0371 1996 NdisTapi - ok
19:13:47.0371 1996 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:13:47.0371 1996 Ndisuio - ok
19:13:47.0402 1996 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:13:47.0402 1996 NdisWan - ok
19:13:47.0418 1996 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:13:47.0418 1996 NDProxy - ok
19:13:47.0434 1996 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:13:47.0434 1996 NetBIOS - ok
19:13:47.0449 1996 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:13:47.0449 1996 netbt - ok
19:13:47.0465 1996 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
19:13:47.0465 1996 Netlogon - ok
19:13:47.0496 1996 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:13:47.0496 1996 Netman - ok
19:13:47.0512 1996 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:13:47.0512 1996 netprofm - ok
19:13:47.0574 1996 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:13:47.0574 1996 NetTcpPortSharing - ok
19:13:47.0652 1996 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
19:13:47.0668 1996 NETw3v32 - ok
19:13:47.0730 1996 [ 25ACCCFC33DD448B9D3037C5E439E830 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
19:13:47.0746 1996 NETw4v32 - ok
19:13:47.0777 1996 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:13:47.0777 1996 nfrd960 - ok
19:13:47.0808 1996 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:13:47.0808 1996 NlaSvc - ok
19:13:47.0824 1996 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:13:47.0824 1996 Npfs - ok
19:13:47.0855 1996 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:13:47.0855 1996 nsi - ok
19:13:47.0886 1996 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:13:47.0886 1996 nsiproxy - ok
19:13:47.0933 1996 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:13:47.0964 1996 Ntfs - ok
19:13:47.0980 1996 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:13:47.0980 1996 ntrigdigi - ok
19:13:47.0995 1996 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:13:47.0995 1996 Null - ok
19:13:48.0011 1996 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:13:48.0011 1996 nvraid - ok
19:13:48.0026 1996 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:13:48.0026 1996 nvstor - ok
19:13:48.0042 1996 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:13:48.0042 1996 nv_agp - ok
19:13:48.0042 1996 NwlnkFlt - ok
19:13:48.0058 1996 NwlnkFwd - ok
19:13:48.0120 1996 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:13:48.0120 1996 odserv - ok
19:13:48.0167 1996 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:13:48.0167 1996 ohci1394 - ok
19:13:48.0198 1996 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:13:48.0198 1996 ose - ok
19:13:48.0245 1996 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:13:48.0245 1996 p2pimsvc - ok
19:13:48.0260 1996 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
19:13:48.0276 1996 p2psvc - ok
19:13:48.0292 1996 [ F5395A0379C51283471354402F7B949D ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
19:13:48.0292 1996 PACSPTISVR - ok
19:13:48.0307 1996 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:13:48.0307 1996 Parport - ok
19:13:48.0338 1996 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:13:48.0338 1996 partmgr - ok
19:13:48.0354 1996 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:13:48.0354 1996 Parvdm - ok
19:13:48.0385 1996 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:13:48.0385 1996 PcaSvc - ok
19:13:48.0401 1996 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
19:13:48.0401 1996 pci - ok
19:13:48.0416 1996 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
19:13:48.0416 1996 pciide - ok
19:13:48.0432 1996 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:13:48.0432 1996 pcmcia - ok
19:13:48.0463 1996 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:13:48.0479 1996 PEAUTH - ok
19:13:48.0697 1996 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
19:13:48.0697 1996 PEVSystemStart - ok
19:13:48.0791 1996 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:13:48.0791 1996 pla - ok
19:13:48.0822 1996 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:13:48.0822 1996 PlugPlay - ok
19:13:48.0884 1996 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:13:48.0884 1996 PNRPAutoReg - ok
19:13:48.0900 1996 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:13:48.0916 1996 PNRPsvc - ok
19:13:48.0931 1996 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:13:48.0947 1996 PolicyAgent - ok
19:13:49.0009 1996 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:13:49.0009 1996 PptpMiniport - ok
19:13:49.0040 1996 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
19:13:49.0040 1996 Processor - ok
19:13:49.0072 1996 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
19:13:49.0072 1996 ProfSvc - ok
19:13:49.0087 1996 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:13:49.0087 1996 ProtectedStorage - ok
19:13:49.0118 1996 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:13:49.0118 1996 PSched - ok
19:13:49.0134 1996 [ D970470F8F39470BDAE94D313A1CCDCE ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
19:13:49.0134 1996 PxHelp20 - ok
19:13:49.0196 1996 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:13:49.0196 1996 ql2300 - ok
19:13:49.0228 1996 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:13:49.0228 1996 ql40xx - ok
19:13:49.0274 1996 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:13:49.0274 1996 QWAVE - ok
19:13:49.0274 1996 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:13:49.0274 1996 QWAVEdrv - ok
19:13:49.0306 1996 [ 68E04F3944E6F82C64B53F8A8F13FB3A ] R5U870FLx86 C:\Windows\system32\Drivers\R5U870FLx86.sys
19:13:49.0306 1996 R5U870FLx86 - ok
19:13:49.0306 1996 [ 7F1356060D1894B46554A0D8E6F13958 ] R5U870FUx86 C:\Windows\system32\Drivers\R5U870FUx86.sys
19:13:49.0321 1996 R5U870FUx86 - ok
19:13:49.0321 1996 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:13:49.0321 1996 RasAcd - ok
19:13:49.0337 1996 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:13:49.0337 1996 RasAuto - ok
19:13:49.0368 1996 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:13:49.0368 1996 Rasl2tp - ok
19:13:49.0384 1996 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
19:13:49.0384 1996 RasMan - ok
19:13:49.0399 1996 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:13:49.0399 1996 RasPppoe - ok
19:13:49.0415 1996 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:13:49.0415 1996 RasSstp - ok
19:13:49.0446 1996 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:13:49.0446 1996 rdbss - ok
19:13:49.0462 1996 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:13:49.0462 1996 RDPCDD - ok
19:13:49.0493 1996 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:13:49.0493 1996 rdpdr - ok
19:13:49.0493 1996 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:13:49.0493 1996 RDPENCDD - ok
19:13:49.0508 1996 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:13:49.0508 1996 RDPWD - ok
19:13:49.0571 1996 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:13:49.0571 1996 RemoteAccess - ok
19:13:49.0602 1996 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:13:49.0602 1996 RemoteRegistry - ok
19:13:49.0618 1996 [ 34CC78C06587718C2AD6D3AA83B1F072 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:13:49.0618 1996 RFCOMM - ok
19:13:49.0633 1996 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:13:49.0633 1996 RpcLocator - ok
19:13:49.0664 1996 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
19:13:49.0664 1996 RpcSs - ok
19:13:49.0680 1996 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:13:49.0680 1996 rspndr - ok
19:13:49.0711 1996 [ B7E1C523E2F7787D700766FC78E01F77 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
19:13:49.0727 1996 RTL8169 - ok
19:13:49.0727 1996 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
19:13:49.0727 1996 SamSs - ok
19:13:49.0742 1996 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:13:49.0742 1996 sbp2port - ok
19:13:49.0789 1996 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:13:49.0789 1996 SCardSvr - ok
19:13:49.0852 1996 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
19:13:49.0852 1996 Schedule - ok
19:13:49.0867 1996 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
19:13:49.0883 1996 SCPolicySvc - ok
19:13:49.0898 1996 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:13:49.0898 1996 SDRSVC - ok
19:13:49.0930 1996 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:13:49.0930 1996 secdrv - ok
19:13:49.0945 1996 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:13:49.0945 1996 seclogon - ok
19:13:49.0961 1996 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
19:13:49.0961 1996 SENS - ok
19:13:49.0976 1996 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:13:49.0976 1996 Serenum - ok
19:13:50.0008 1996 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
19:13:50.0008 1996 Serial - ok
19:13:50.0023 1996 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:13:50.0039 1996 sermouse - ok
19:13:50.0039 1996 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:13:50.0054 1996 SessionEnv - ok
19:13:50.0086 1996 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
19:13:50.0086 1996 SFEP - ok
19:13:50.0117 1996 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:13:50.0117 1996 sffdisk - ok
19:13:50.0132 1996 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:13:50.0132 1996 sffp_mmc - ok
19:13:50.0148 1996 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:13:50.0148 1996 sffp_sd - ok
19:13:50.0179 1996 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:13:50.0179 1996 sfloppy - ok
19:13:50.0210 1996 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:13:50.0210 1996 SharedAccess - ok
19:13:50.0273 1996 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:13:50.0273 1996 ShellHWDetection - ok
19:13:50.0288 1996 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:13:50.0288 1996 sisagp - ok
19:13:50.0320 1996 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:13:50.0320 1996 SiSRaid2 - ok
19:13:50.0335 1996 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:13:50.0335 1996 SiSRaid4 - ok
19:13:50.0413 1996 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:13:50.0413 1996 SkypeUpdate - ok
19:13:50.0507 1996 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
19:13:50.0522 1996 slsvc - ok
19:13:50.0554 1996 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:13:50.0554 1996 SLUINotify - ok
19:13:50.0569 1996 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:13:50.0569 1996 Smb - ok
19:13:50.0600 1996 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:13:50.0600 1996 SNMPTRAP - ok
19:13:50.0663 1996 [ D07F3C6FE13D291A5C27E2D2E8EC7F52 ] SOHCImp C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
19:13:50.0663 1996 SOHCImp - ok
19:13:50.0710 1996 [ E507433FC0237B9FFCB6F97235E8C47D ] SOHDms C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
19:13:50.0710 1996 SOHDms - ok
19:13:50.0725 1996 [ E674417F83C45679CD9C804D77E485A3 ] SOHDs C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
19:13:50.0725 1996 SOHDs - ok
19:13:50.0756 1996 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:13:50.0756 1996 spldr - ok
19:13:50.0819 1996 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
19:13:50.0819 1996 Spooler - ok
19:13:50.0850 1996 [ CF7532B3D8061F3D0A9C6478850DABD4 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
19:13:50.0850 1996 SPTISRV - ok
19:13:50.0912 1996 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:13:50.0912 1996 srv - ok
19:13:50.0975 1996 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:13:50.0975 1996 srv2 - ok
19:13:51.0037 1996 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:13:51.0037 1996 srvnet - ok
19:13:51.0068 1996 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:13:51.0084 1996 SSDPSRV - ok
19:13:51.0100 1996 [ 5EC550B8952882EE856B862CF648522D ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
19:13:51.0100 1996 ssmdrv - ok
19:13:51.0146 1996 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:13:51.0146 1996 SstpSvc - ok
19:13:51.0178 1996 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
19:13:51.0178 1996 stisvc - ok
19:13:51.0193 1996 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:13:51.0193 1996 swenum - ok
19:13:51.0209 1996 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
19:13:51.0224 1996 swprv - ok
19:13:51.0240 1996 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:13:51.0240 1996 Symc8xx - ok
19:13:51.0256 1996 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:13:51.0256 1996 Sym_hi - ok
19:13:51.0271 1996 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:13:51.0271 1996 Sym_u3 - ok
19:13:51.0334 1996 [ 99DA94793332AADBB17BBB521AE56E21 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:13:51.0334 1996 SynTP - ok
19:13:51.0349 1996 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
19:13:51.0349 1996 SysMain - ok
19:13:51.0380 1996 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:13:51.0380 1996 TabletInputService - ok
19:13:51.0412 1996 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:13:51.0412 1996 TapiSrv - ok
19:13:51.0427 1996 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:13:51.0427 1996 TBS - ok
19:13:51.0521 1996 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:13:51.0521 1996 Tcpip - ok
19:13:51.0536 1996 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:13:51.0536 1996 Tcpip6 - ok
19:13:51.0583 1996 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:13:51.0583 1996 tcpipreg - ok
19:13:51.0599 1996 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:13:51.0599 1996 TDPIPE - ok
19:13:51.0614 1996 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:13:51.0614 1996 TDTCP - ok
19:13:51.0630 1996 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:13:51.0630 1996 tdx - ok
19:13:51.0661 1996 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:13:51.0661 1996 TermDD - ok
19:13:51.0692 1996 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
19:13:51.0708 1996 TermService - ok
19:13:51.0724 1996 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
19:13:51.0724 1996 Themes - ok
19:13:51.0755 1996 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:13:51.0755 1996 THREADORDER - ok
19:13:51.0802 1996 [ 030F439AC1CCDA7AC6CE01CC02102045 ] ti21sony C:\Windows\system32\drivers\ti21sony.sys
19:13:51.0802 1996 ti21sony - ok
19:13:51.0848 1996 [ A59F3BBE6BD3C20F8FFB0B62CFF54CC6 ] tifsfilter C:\Windows\system32\DRIVERS\tifsfilt.sys
19:13:51.0848 1996 tifsfilter - ok
19:13:51.0895 1996 [ E30AF40BA4E54A6F4C2674B96E727605 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
19:13:51.0895 1996 timounter - ok
19:13:51.0926 1996 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:13:51.0926 1996 TrkWks - ok
19:13:51.0973 1996 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:13:51.0973 1996 TrustedInstaller - ok
19:13:51.0989 1996 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:13:51.0989 1996 tssecsrv - ok
19:13:52.0020 1996 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:13:52.0020 1996 tunmp - ok
19:13:52.0020 1996 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:13:52.0020 1996 tunnel - ok
19:13:52.0051 1996 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:13:52.0051 1996 uagp35 - ok
19:13:52.0114 1996 [ 3D7B66D3B25DFBDE7B96114E2D8EF2B3 ] uCamMonitor C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
19:13:52.0114 1996 uCamMonitor - ok
19:13:52.0129 1996 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:13:52.0129 1996 udfs - ok
19:13:52.0160 1996 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:13:52.0160 1996 UI0Detect - ok
19:13:52.0192 1996 UIUSys - ok
19:13:52.0207 1996 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:13:52.0207 1996 uliagpkx - ok
19:13:52.0223 1996 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:13:52.0223 1996 uliahci - ok
19:13:52.0238 1996 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:13:52.0238 1996 UlSata - ok
19:13:52.0254 1996 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:13:52.0254 1996 ulsata2 - ok
19:13:52.0270 1996 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:13:52.0285 1996 umbus - ok
19:13:52.0285 1996 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:13:52.0301 1996 upnphost - ok
19:13:52.0379 1996 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:13:52.0379 1996 USBAAPL - ok
19:13:52.0410 1996 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:13:52.0410 1996 usbccgp - ok
19:13:52.0426 1996 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:13:52.0426 1996 usbcir - ok
19:13:52.0441 1996 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:13:52.0441 1996 usbehci - ok
19:13:52.0472 1996 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:13:52.0472 1996 usbhub - ok
19:13:52.0488 1996 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:13:52.0488 1996 usbohci - ok
19:13:52.0550 1996 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:13:52.0550 1996 usbprint - ok
19:13:52.0613 1996 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:13:52.0613 1996 usbscan - ok
19:13:52.0644 1996 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:13:52.0644 1996 USBSTOR - ok
19:13:52.0660 1996 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:13:52.0660 1996 usbuhci - ok
19:13:52.0675 1996 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:13:52.0675 1996 usbvideo - ok
19:13:52.0738 1996 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
19:13:52.0738 1996 UxSms - ok
19:13:52.0831 1996 [ D6E6BD77F4BEDD695553D5EA1FFDFCDD ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
19:13:52.0831 1996 VAIO Entertainment TV Device Arbitration Service - ok
19:13:52.0878 1996 [ 8A9F18ADAD471402236CA931553BF79B ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
19:13:52.0878 1996 VAIO Event Service - ok
19:13:52.0925 1996 [ 9D1DD772DEC13B0DA3289A4B266B0767 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
19:13:52.0925 1996 VcmIAlzMgr - ok
19:13:52.0972 1996 [ C44A507B71EB90E8299D2AF8FB05AE5B ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
19:13:52.0972 1996 VcmXmlIfHelper - ok
19:13:52.0987 1996 Vcsw - ok
19:13:53.0018 1996 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
19:13:53.0018 1996 vds - ok
19:13:53.0050 1996 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:13:53.0050 1996 vga - ok
19:13:53.0081 1996 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:13:53.0081 1996 VgaSave - ok
19:13:53.0112 1996 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:13:53.0112 1996 viaagp - ok
19:13:53.0128 1996 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:13:53.0128 1996 ViaC7 - ok
19:13:53.0143 1996 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
19:13:53.0143 1996 viaide - ok
19:13:53.0268 1996 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
19:13:53.0268 1996 Viewpoint Manager Service - ok
19:13:53.0284 1996 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:13:53.0284 1996 volmgr - ok
19:13:53.0299 1996 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:13:53.0299 1996 volmgrx - ok
19:13:53.0299 1996 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:13:53.0315 1996 volsnap - ok
19:13:53.0346 1996 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:13:53.0346 1996 vsmraid - ok
19:13:53.0408 1996 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
19:13:53.0408 1996 VSS - ok
19:13:53.0471 1996 [ 0E2357BF1E70E17EFB13D08FCE74FCBC ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
19:13:53.0471 1996 VzCdbSvc - ok
19:13:53.0502 1996 [ 99BCBD7F13779AE06944776A8D4BB5C3 ] VzFw C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
19:13:53.0502 1996 VzFw - ok
19:13:53.0518 1996 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
19:13:53.0518 1996 W32Time - ok
19:13:53.0564 1996 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:13:53.0564 1996 WacomPen - ok
19:13:53.0596 1996 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:13:53.0596 1996 Wanarp - ok
19:13:53.0596 1996 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:13:53.0596 1996 Wanarpv6 - ok
19:13:53.0627 1996 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:13:53.0642 1996 wcncsvc - ok
19:13:53.0642 1996 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:13:53.0642 1996 WcsPlugInService - ok
19:13:53.0658 1996 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
19:13:53.0658 1996 Wd - ok
19:13:53.0689 1996 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:13:53.0689 1996 Wdf01000 - ok
19:13:53.0736 1996 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:13:53.0736 1996 WdiServiceHost - ok
19:13:53.0736 1996 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:13:53.0736 1996 WdiSystemHost - ok
19:13:53.0783 1996 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
19:13:53.0783 1996 WebClient - ok
19:13:53.0845 1996 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:13:53.0845 1996 Wecsvc - ok
19:13:53.0861 1996 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:13:53.0861 1996 wercplsupport - ok
19:13:53.0923 1996 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
19:13:53.0923 1996 WerSvc - ok
19:13:53.0970 1996 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:13:53.0970 1996 WimFltr - ok
19:13:54.0001 1996 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:13:54.0017 1996 winachsf - ok
19:13:54.0064 1996 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:13:54.0079 1996 WinDefend - ok
19:13:54.0079 1996 WinHttpAutoProxySvc - ok
19:13:54.0126 1996 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:13:54.0142 1996 Winmgmt - ok
19:13:54.0204 1996 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:13:54.0220 1996 WinRM - ok
19:13:54.0282 1996 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:13:54.0282 1996 Wlansvc - ok
19:13:54.0313 1996 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:13:54.0313 1996 WmiAcpi - ok
19:13:54.0360 1996 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:13:54.0360 1996 wmiApSrv - ok
19:13:54.0422 1996 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:13:54.0438 1996 WMPNetworkSvc - ok
19:13:54.0469 1996 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:13:54.0469 1996 WPCSvc - ok
19:13:54.0469 1996 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:13:54.0485 1996 WPDBusEnum - ok
19:13:54.0563 1996 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:13:54.0563 1996 WpdUsb - ok
19:13:54.0719 1996 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:13:54.0719 1996 WPFFontCache_v0400 - ok
19:13:54.0766 1996 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:13:54.0766 1996 ws2ifsl - ok
19:13:54.0781 1996 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\system32\wscsvc.dll
19:13:54.0797 1996 wscsvc - ok
19:13:54.0797 1996 WSearch - ok
19:13:54.0906 1996 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
19:13:54.0922 1996 wuauserv - ok
19:13:54.0937 1996 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:13:54.0937 1996 WUDFRd - ok
19:13:54.0968 1996 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:13:54.0968 1996 wudfsvc - ok
19:13:54.0984 1996 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
19:13:54.0984 1996 XAudio - ok
19:13:55.0031 1996 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
19:13:55.0031 1996 XAudioService - ok
19:13:55.0031 1996 ================ Scan global ===============================
19:13:55.0046 1996 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:13:55.0109 1996 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
19:13:55.0124 1996 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
19:13:55.0156 1996 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
19:13:55.0171 1996 [Global] - ok
19:13:55.0171 1996 ================ Scan MBR ==================================
19:13:55.0187 1996 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:13:55.0374 1996 \Device\Harddisk0\DR0 - ok
19:13:55.0374 1996 ================ Scan VBR ==================================
19:13:55.0374 1996 [ 7F3126ACEB8CDB185FA08FB03FEF8415 ] \Device\Harddisk0\DR0\Partition1
19:13:55.0374 1996 \Device\Harddisk0\DR0\Partition1 - ok
19:13:55.0374 1996 ============================================================
19:13:55.0374 1996 Scan finished
19:13:55.0374 1996 ============================================================
19:13:55.0374 1504 Detected object count: 0
19:13:55.0374 1504 Actual detected object count: 0

M-K-D-B · 29.10.2012, 19:39

Servus,

wenn du schon ComboFix verwendest, dann poste auch bitte gleich noch die dazugehörige Logdatei:
C:\ComboFix.txt

Danke.

crossit · 31.10.2012, 18:12

kriege leider keinen log hin da ich die antiviren sachen nicht abstellen kann :S geht es nicht ohne? lg

M-K-D-B · 31.10.2012, 19:59

Servus,

du kannst Antivir rechts unten in der Taskleiste über das Regenschirmsymbol (rechtsklicke darauf -> Wähle Guard stoppen) deaktivieren.

Führe anschließend den folgenden Schritt aus:

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Lösche die vorhandene ComboFix.exe von deinem Desktop und lade dir das Programmvom folgenden Downloadspiegel neue herunter:

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

crossit · 02.11.2012, 23:22

Hey,
habe probiert die Log-Datei zu erstellen leider funktioniert das nicht... Der PC fängt an nach infizierten Dateien zu suchen aber dann kommt ein schwarzer Bildschirm und das wars ... Er reagiert nicht mehr :S

M-K-D-B · 03.11.2012, 11:05

Servus,

Dann führen wir ComboFix im abgesicherten Modus mit Netzwerkunterstützung aus.

Schritt 1
Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern.

Schritt 2
Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste und kopiere folgendes in die Ausführen Zeile

Code:

ATTFilter

"%userprofile%\Desktop\Combofix.exe" /killall

Bestätige mit Ok. ComboFix startet automatisch.
Poste bitte die C:\Combofix.txt hier in dein Thema.

Bitte poste mit deiner nächsten Antwort

die Logdatei von ComboFix.

crossit · 05.11.2012, 11:01

nach deiner anleitung kann ich combofix normal starten aber es scant nicht wirklichlich... habe 1 stunde gewartet und dann wurde mein bildschirm schwarz

M-K-D-B · 05.11.2012, 18:13

Servus,

ok, dann machen wir das jetzt anders.

Starte deinen Rechner wieder im abgesicherten Modus mit Netzwerkunterstützung und führe dort OTL aus.

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
SRV - [2011.06.26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=TB50TRie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-21-3638178994-2510745473-2292205814-1000..\Run: [MSServer] rundll32.exe C:\Users\Vaio\AppData\Local\Temp\mlJAsPhF.dll,#1 File not found
O4 - Startup: C:\Users\Vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
[2012.10.11 22:20:52 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.10.26 14:57:17 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.10.11 22:20:56 | 000,000,754 | ---- | C] () -- C:\Users\Vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

:commands
[Emptytemp]

Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Berichte, ob du nun anschließend wieder in den normalen Modus starten kannst!

crossit · 05.11.2012, 20:02

okay hier der scan

Zitat:

All processes killed
========== OTL ==========
Service PEVSystemStart stopped successfully!
Service PEVSystemStart deleted successfully!
C:\ComboFix\pev.3XE moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_USERS\S-1-5-21-3638178994-2510745473-2292205814-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ not found.
Registry key HKEY_USERS\S-1-5-21-3638178994-2510745473-2292205814-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3638178994-2510745473-2292205814-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKU\S-1-5-21-3638178994-2510745473-2292205814-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_USERS\S-1-5-21-3638178994-2510745473-2292205814-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3638178994-2510745473-2292205814-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3638178994-2510745473-2292205814-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_USERS\S-1-5-21-3638178994-2510745473-2292205814-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
Registry value HKEY_USERS\S-1-5-21-3638178994-2510745473-2292205814-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-3638178994-2510745473-2292205814-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer deleted successfully.
File move failed. C:\Users\Vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk scheduled to be moved on reboot.
File C:\ProgramData\lsass.exe not found.
File C:\ProgramData\lsass.exe not found.
C:\ProgramData\0tbpw.pad moved successfully.
File C:\Users\Vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 157 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Desktop

User: Links

User: Public

User: Vaio
->Temp folder emptied: 202300 bytes
->Temporary Internet Files folder emptied: 280704374 bytes
->Apple Safari cache emptied: 178338816 bytes
->Flash cache emptied: 55777 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 618 bytes

Total Files Cleaned = 438,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11052012_195356

das ist hier nachdem ich es im normalen modus gestartet habe als zusatz gekommen...

Zitat:

Files\Folders moved on Reboot...
File\Folder C:\Users\Vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

M-K-D-B · 06.11.2012, 15:44

Servus,

funktioniert der normale Modus nun wieder?

M-K-D-B · 10.11.2012, 11:45

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

29.10.2012, 09:57	#4
M-K-D-B /// TB-Ausbilder	GVU-Trojaner - Problem Servus, Entweder du beantwortest meine Fragen, oder wir können uns die Bereinigung schenken. Warum ist das Service Packe 2 für Windows Vista nicht installiert? Warum hast du ComboFix ohne Anweisung ausgeführt? Bitte poste noch die Logdatei von TDSSKiller.

29.10.2012, 19:39	#6
M-K-D-B /// TB-Ausbilder	GVU-Trojaner - Problem Servus, wenn du schon ComboFix verwendest, dann poste auch bitte gleich noch die dazugehörige Logdatei: C:\ComboFix.txt Danke.

06.11.2012, 15:44	#14
M-K-D-B /// TB-Ausbilder	GVU-Trojaner - Problem Servus, funktioniert der normale Modus nun wieder?

10.11.2012, 11:45	#15
M-K-D-B /// TB-Ausbilder	GVU-Trojaner - Problem Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

GVU-Trojaner - Problem

Log-Analyse und Auswertung: GVU-Trojaner - Problem