Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: weißer bildschirm beim rechnerstart

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.01.2013, 04:37   #1
metaldarts
 
weißer bildschirm beim rechnerstart - Standard

weißer bildschirm beim rechnerstart



hallo euch allen hier im board,

ich bin neu hier und hoffe, dass ihr mir helfen könnt und bedanke mich schonmal im vorraus, da ich bis jetzt nur positives über dieses forum gehört und gelesen habe und daher hoffe das ihr auch für mein problem eine lösung findet.

als ich heute nach der arbeit den rechner wieder hochfahren wollte, hab ich kurz meinen desktop gesehen und dann kam der berüchtigte weiße bildschirm.

gruß metaldarts

ps: inhalt der logs steht in den nächsten 2 antworten

Alt 15.01.2013, 04:43   #2
metaldarts
 
weißer bildschirm beim rechnerstart - Standard

weißer bildschirm beim rechnerstart



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.01.2013 02:14:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cindy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,30 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 62,45% Memory free
6,59 Gb Paging File | 4,55 Gb Available in Paging File | 69,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,58 Gb Total Space | 183,66 Gb Free Space | 63,87% Space Free | Partition Type: NTFS
 
Computer Name: CINDY-VAIO | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.15 02:12:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Downloads\OTL.exe
PRC - [2013.01.09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.29 05:20:10 | 001,475,096 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2012.09.16 13:19:02 | 001,053,848 | ---- | M] () -- C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
PRC - [2012.03.29 03:42:26 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.01.29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.06.20 20:47:18 | 000,108,400 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
PRC - [2010.06.18 06:07:12 | 000,423,280 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
PRC - [2010.06.01 02:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.06.01 02:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010.05.31 18:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010.05.31 18:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010.05.28 21:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.05.28 21:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.03.10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.03.04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.01.29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2013.01.14 21:50:12 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.10 21:08:50 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.29 05:14:21 | 002,377,736 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.11.29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2012.10.26 09:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012.09.19 11:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.09.16 13:19:02 | 001,053,848 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.29 03:42:26 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.02.18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2011.01.20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.06.21 17:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2010.06.20 20:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.06.20 20:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010.06.18 06:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.06.09 14:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010.06.08 22:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.06.08 16:00:04 | 000,836,608 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.06.01 02:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.05.31 18:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.05.28 21:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.05.28 21:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.03.04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.08 16:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.14 23:26:36 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2013.01.14 20:35:38 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013.01.13 12:26:26 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013.01.13 12:25:45 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013.01.13 12:25:45 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2013.01.13 12:25:42 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.07 16:53:30 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.07.07 16:53:30 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.05 17:00:38 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.05.10 08:26:40 | 000,137,728 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.26 10:19:38 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.08.26 10:16:50 | 010,603,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.24 21:06:24 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.06.23 21:04:45 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.06.23 21:04:43 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.06.23 21:04:43 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.06.23 21:04:43 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.06.23 21:04:09 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.06.23 21:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010.06.23 21:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010.05.31 22:36:54 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010.05.31 22:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010.05.31 22:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.28 21:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.05.28 21:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010.04.26 21:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010.04.21 15:40:20 | 000,124,416 | ---- | M] (Wireless Device) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tmnsusbser.sys -- (tmnsusbser)
DRV:64bit: - [2010.04.20 07:08:46 | 000,129,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tmusbnet.sys -- (tmusbnet)
DRV:64bit: - [2010.03.04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.21 16:16:54 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.10.12 14:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.09.10 14:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.01.19 19:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2007.05.14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012.09.19 10:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.02.11 19:13:10 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{1A637F39-357D-41E6-867C-9141E21085F6}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKCU\..\SearchScopes\{2E8F76D9-A835-49C3-B032-23A14862C720}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVEE_deDE409
IE - HKCU\..\SearchScopes\{8F3E2C01-E017-4AFA-910E-837210572316}: "URL" = Shopping.com Deutschland - der große Produkt- und Preisvergleich
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.14 21:50:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.14 21:50:13 | 000,000,000 | ---D | M]
 
[2012.06.16 15:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\mozilla\Extensions
[2012.10.26 20:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\3wukbtox.default\extensions
[2013.01.14 21:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.14 21:50:02 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2013.01.14 21:50:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.14 21:50:13 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.20 21:03:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Glow = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bekmjjakgojplnhahcilegeiklenjbgb\1.0_0\
CHR - Extension: 8 Ball Pool = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhljoejlbnebcpflalenbmpnanjbikof\3.0.0_0\
CHR - Extension: YouTube = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Poolbillard = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb\1.0.4_0\
CHR - Extension: Google-Suche = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Egg Snatch = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpnfdfjnajgdmhbnphmnlcllehkpkong\1.5.0_0\
CHR - Extension: Poppit = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: ICQ Sparberater = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.4.9_0\
CHR - Extension: 4shared.com = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\noebaifjopccondbkcieccphcpijhdne\2.3.18.20_0\
CHR - Extension: MondoCuisto - Eine Schneckenfarm = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofcbbmgpbacggkkondcdkikpcgocgmki\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWOW64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ICQ Sparberater) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager firma\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BE8025B-1720-4652-BDD9-EBAC0EAE9070}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D5E2C5B-41C9-4832-B170-B956472A8A1B}: DhcpNameServer = 192.168.123.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B525EFE0-794F-4767-9C01-7F43B2CB3278}: NameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8AB449-A88B-420F-9B67-64B9AC47EA7E}: NameServer = 10.129.32.1 10.74.83.22
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\vmp.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\vmp.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f47f758-fef5-11e0-b23e-5442496e5bc8}\Shell - "" = AutoRun
O33 - MountPoints2\{0f47f758-fef5-11e0-b23e-5442496e5bc8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{0f47f76f-fef5-11e0-b23e-5442496e5bc8}\Shell - "" = AutoRun
O33 - MountPoints2\{0f47f76f-fef5-11e0-b23e-5442496e5bc8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2cfbb2fd-8da4-11e0-adc9-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{2cfbb2fd-8da4-11e0-adc9-001e101f4da1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4507bbe5-e80b-11e1-8ce3-5442496e5bc8}\Shell - "" = AutoRun
O33 - MountPoints2\{4507bbe5-e80b-11e1-8ce3-5442496e5bc8}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{6aaaaec2-b5f0-11e0-9507-5442496e5bc8}\Shell - "" = AutoRun
O33 - MountPoints2\{6aaaaec2-b5f0-11e0-9507-5442496e5bc8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{861af0d3-bd12-11e0-b091-5442496e5bc8}\Shell - "" = AutoRun
O33 - MountPoints2\{861af0d3-bd12-11e0-b091-5442496e5bc8}\Shell\AutoRun\command - "" = D:\.\autorun.exe
O33 - MountPoints2\{958b31dc-1ff1-11e0-8746-5442496e5bc8}\Shell - "" = AutoRun
O33 - MountPoints2\{958b31dc-1ff1-11e0-8746-5442496e5bc8}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{decb6f93-863d-11e0-a515-5442496e5bc8}\Shell - "" = AutoRun
O33 - MountPoints2\{decb6f93-863d-11e0-a515-5442496e5bc8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{decb6f9f-863d-11e0-a515-5442496e5bc8}\Shell - "" = AutoRun
O33 - MountPoints2\{decb6f9f-863d-11e0-a515-5442496e5bc8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{fda928f0-7063-11e1-8f30-5442496e5bc8}\Shell - "" = AutoRun
O33 - MountPoints2\{fda928f0-7063-11e1-8f30-5442496e5bc8}\Shell\AutoRun\command - "" = D:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.15 01:27:44 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Malwarebytes
[2013.01.15 01:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.15 01:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.15 01:26:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.15 01:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.15 01:26:34 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\Programs
[2013.01.14 23:58:40 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013.01.14 21:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.13 12:25:41 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll
[2013.01.04 18:20:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012.12.28 15:57:57 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\Canon Easy-PhotoPrint EX
[2012.12.28 15:57:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2012.12.28 15:57:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2012.12.28 15:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5100 series Benutzerregistrierung
[2012.12.28 15:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5100 series
[2012.12.28 15:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMSetup
[2012.12.28 15:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2012.12.28 15:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2012.12.28 15:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012.12.28 15:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5100 series Manual
[2012.12.28 15:42:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012.12.28 15:42:28 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012.12.28 15:40:50 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.15 02:12:28 | 000,000,000 | ---- | M] () -- C:\Users\Cindy\defogger_reenable
[2013.01.15 02:07:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.15 02:04:39 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 02:04:39 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 02:03:23 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.15 02:03:23 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.15 02:03:23 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.15 02:03:23 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.15 02:03:23 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.15 01:57:16 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.15 01:57:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.15 01:56:58 | 2653,503,488 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.15 01:34:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.15 01:26:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.15 01:17:21 | 000,000,004 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\skype.ini
[2013.01.15 01:13:16 | 000,517,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.15 00:48:50 | 000,946,195 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.01.15 00:48:50 | 000,051,013 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.01.14 23:58:40 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013.01.14 23:26:36 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2013.01.14 22:37:37 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013.01.14 20:35:38 | 000,062,368 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2013.01.13 12:26:26 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2013.01.13 12:25:45 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2013.01.13 12:25:45 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2013.01.13 12:25:42 | 000,065,008 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2013.01.10 20:48:31 | 000,129,953 | ---- | M] () -- C:\test.xml
[2013.01.04 17:58:47 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.12.28 15:46:44 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2012.12.28 15:43:40 | 000,002,356 | ---- | M] () -- C:\Users\Public\Desktop\Canon MG5100 series Online-Handbuch.lnk
[2012.12.23 18:44:18 | 000,108,112 | ---- | M] () -- C:\Users\Cindy\Documents\__www.corel.com_corel_paintproX5.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.15 02:12:28 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\defogger_reenable
[2013.01.15 01:26:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.15 01:13:03 | 000,517,248 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.14 22:37:37 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013.01.14 22:19:41 | 000,000,004 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\skype.ini
[2012.12.28 15:46:44 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2012.12.28 15:43:40 | 000,002,356 | ---- | C] () -- C:\Users\Public\Desktop\Canon MG5100 series Online-Handbuch.lnk
[2012.12.28 15:42:19 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1748D.TBL
[2012.12.28 15:42:19 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC1748D.TBL
[2012.12.28 12:31:44 | 000,001,141 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2012.12.23 18:44:16 | 000,108,112 | ---- | C] () -- C:\Users\Cindy\Documents\__www.corel.com_corel_paintproX5.pdf
[2012.10.14 10:01:27 | 000,003,584 | ---- | C] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.11 09:50:49 | 000,076,528 | ---- | C] () -- C:\Users\Cindy\AppData\Local\recently-used.xbel
[2012.09.16 13:19:02 | 001,053,848 | ---- | C] () -- C:\Windows\SysWow64\ieconfig_1und1_svc.exe
[2012.06.08 14:33:17 | 000,084,015 | ---- | C] () -- C:\Users\Cindy\ESt2011_Gebhardt_Cindy.elfo
[2011.10.07 10:13:03 | 000,946,195 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2011.09.19 08:51:08 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011.08.17 17:51:10 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\{AC40098D-42AA-4F54-82A0-758D4D48AD38}
[2011.07.08 15:48:14 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.04.29 16:17:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.01.22 18:03:24 | 000,495,616 | ---- | C] () -- C:\Windows\SysWow64\TX32.DLL
[2011.01.22 18:03:24 | 000,000,260 | ---- | C] () -- C:\Windows\SysWow64\IC32.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.08.05 13:01:26 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\1&1
[2011.08.13 19:18:13 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\2monkeys
[2011.07.13 22:38:06 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Amazon
[2012.10.10 12:35:55 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Canon
[2012.12.01 20:55:22 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.06.08 13:53:09 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\elsterformular
[2011.07.08 17:29:44 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\FriendsGamesNetwork
[2011.09.25 19:42:28 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\funkitron
[2012.01.21 13:30:35 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\gtk-2.0
[2011.12.19 12:13:39 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Hephaestus
[2012.02.10 15:33:51 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\ICQ
[2011.08.12 10:17:38 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\iMaxGen
[2010.12.12 11:40:39 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\InternetManager_Z
[2012.05.06 13:44:44 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\IrfanView
[2012.05.20 21:09:14 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\OpenOffice.org
[2011.05.29 14:23:50 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Opera
[2011.12.20 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\PlayFirst
[2011.01.04 17:35:29 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Playrix Entertainment
[2011.01.22 18:04:40 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\ProtectDisc
[2012.07.13 02:28:36 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\SoftGrid Client
[2011.08.01 17:08:58 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\SPORE
[2011.08.10 12:40:12 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\streamWriter
[2011.05.25 18:12:55 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\T-Mobile
[2011.08.18 23:43:14 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\T-Mobile Internet Manager
[2010.12.11 18:22:54 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\TP
[2012.11.25 11:31:58 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\TuneUp Software
[2012.10.11 10:46:41 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Ulead Systems
[2011.02.09 21:33:54 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\ViquaSoft
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:28DB0DC4
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:9DA44E6B
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:30E0D641
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:AE75CCC8
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:8DD36B71
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:F43B7E8F
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:76466F4C
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:2C678471
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:EC7C9796
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:A1D3FEF0
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:E1D818F7
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:7AF9CAEB
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:0F8EA19A
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:E5DE9C8F
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:AC0528D9
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:DDEB08FD
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:CA99FD89
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:CB0FEE2B
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:B12D1A7D
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:8140CB50
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:6C049F97
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:663B62CA
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:43D34EF3
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:91486201
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:F35AE645
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:B1FBBD09
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:4F96D8E6
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:708BB0FA
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:5CE2502D
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:ADDDF689
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:71FA8B7F
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:880F0FEF
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:293ADB24
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:D667795F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5A15BCD4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0C988F7D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E222F217
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:996104FC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:58A2C544
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:628C9914
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:ECC979BD
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:561568A4
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:59846E5E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B268A25C
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:79112E1D

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.01.2013 02:14:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cindy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,30 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 62,45% Memory free
6,59 Gb Paging File | 4,55 Gb Available in Paging File | 69,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,58 Gb Total Space | 183,66 Gb Free Space | 63,87% Space Free | Partition Type: NTFS
 
Computer Name: CINDY-VAIO | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Pro X5 durchsuchen] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [Snapfish Fotobuch] -- "C:\Program Files (x86)\Snapfish\Snapfish Fotobuch\Snapfish Fotobuch.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Pro X5 durchsuchen] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [Snapfish Fotobuch] -- "C:\Program Files (x86)\Snapfish\Snapfish Fotobuch\Snapfish Fotobuch.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{358D90E7-30CB-4A76-A07B-2B04BB286DB2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3F38F337-B875-47A6-8B27-5AF1E4524595}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5BA19E0F-4E3A-4793-9B9F-19B6FD8DC3AC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5C46A571-69C7-4F3E-8728-14B1C809CA6C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5D9A4E34-87C6-4BEA-AA41-5EE0AD4CAA51}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6135DA51-0119-4202-9551-1DCE5661E65B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{77FF86C6-0EFB-4920-AC03-958A067921CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7E14F1EB-F32D-48E6-8166-6BD257D24807}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{A4A62EB5-F34D-4D99-B5B1-2FBD00066F97}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A50C53F7-6115-4F93-8C50-4247E5046016}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BF9E6C24-61A2-436F-9752-9BCFD2D08412}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E946B175-C5C1-4050-83B1-70F5BF22EE1F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F2F59137-DA70-4DED-A136-E4DEE597C291}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A8BAFD-7DEB-42DC-8480-21FE3AD088AD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{0F0E23C2-1341-4870-A984-6C8EEFA9008F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1AF16DAB-5CB5-476A-A625-45D4CE18ADD2}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{1BF06D37-509F-4CE4-8EA8-85A41904D941}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{23081AFD-B11E-4D27-B2C8-00667315503E}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohds.exe | 
"{23A3CAF7-24D9-4D81-8D77-5FF424E2D6F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{45F48F6E-F9EE-4F3C-85F9-5EB4015B819C}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{58311E5E-FD55-41F7-AA4D-49758F97FFC5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{63E4FA4B-047C-4864-B973-4B08679D9DEF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{66C88231-0209-4546-943D-5BAFA20EDEB6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6D025FB8-813A-4222-9727-D8FDF24601F0}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohcimp.exe | 
"{6F61832D-0A22-4D63-82C5-976A5F6EAA0F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7ADAF930-B3C6-4A6A-8EE0-E84670A57C73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B6FD927-5160-4EEA-A23D-D224FBED2BEC}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{7F478057-6E37-41A1-BC5C-556065B5EA96}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8C1A229B-ABAB-4FCC-BAE4-5309A45E1BEA}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{94C506A0-6CEA-46AD-AA43-00972E922141}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{976047A4-AC02-492C-BEAA-ED3DBC6E296A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{988B8BA2-1358-4434-8727-0B1CF1F5B0EE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{A5C66509-AC45-48B8-B8A0-29C2958C345B}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{A9A57427-D5E7-4772-9A6B-7D47A2BCCA3D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{AA8CFE94-63B4-4749-8C00-5A1F2BF4D2A6}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{C2DA2238-19A3-4228-B076-A61F01032697}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{C93326E8-9399-4651-897E-BEB374A0439D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{E1D4F07B-0E48-4302-BAA2-B6CE3B2F761F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E1E6301D-49F7-47E9-9A20-695ABAABC4E5}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe | 
"{E5445DA8-BDFE-4C5B-987B-AB0BAF4264FE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{E998D3F9-AB1C-473E-9613-8754E9C2FEDC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EF27D84B-15E0-4C4A-B72F-197661CF5BA6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F7BE8332-420C-45C0-A9C5-AE8FA68FC7A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1551A29F-B1B0-43CA-90B5-E6E5186F683E}" = PSPPro64
"{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = Corel PaintShop Pro X5
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{13EC74A6-4707-4D26-B9B9-E173403F3B08}" = Quick Web Access
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15002A1B-C1E7-4E91-A3EC-5502BF924A32}" = Setup
"{15180A90-1FC0-47E4-A150-3AECEF07B3B6}" = Corel PaintShop Pro X5
"{1522E36C-3739-41E4-8CD3-A4AFEA70086A}" = PSPPContent
"{153DD765-C8C6-4893-8CEF-D965351D82EC}" = PSPPHelp
"{154B0B16-ABCD-4A06-B0B7-8146B7A89B25}" = IPM_PSP_COM
"{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = ICA
"{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{20536917-E2DF-45D9-B41F-9AC0CAFFE48A}" = Media Gallery
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = PMB VAIO Edition Plug-in
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3DB5EA77-4A14-4EC9-8BFC-73BC848BDE73}" = Media Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{592ED299-14EF-4C0E-93B4-B687CD5A2EBE}_is1" = posterXXL.de Bestellsoftware 4.80
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5B23E5AD-23E2-45C8-A24C-97D3A23FB6EE}" = Carcassonne
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = 
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{924306A0-2C14-4F4E-8201-0B0791DA10B4}_is1" = Cradle of Persia
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = 
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Mobile WLAN-Router
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus
"{C491CA52-B4DA-2753-5B4F-0CC9F1C89E6C}" = myphotobook.de
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = 
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D8FF4505-5977-4116-8DE4-2AF7174E70AC}" = Media Gallery
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 Königs- Edition
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{EC136321-1AE5-4A7F-B01C-5380D666175B}" = ICQ Sparberater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.108
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"1&1 EasyLogin" = 1&1 EasyLogin
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Audio 180%" = Audio 180%
"BFG-1 Pinguin 100 Faelle" = 1 Pinguin 100 Fälle
"BFG-Alice Greenfingers 2" = Alice Greenfingers 2
"BFG-Atlantis" = Atlantis
"BFG-Atlantis Sky Patrol" = Atlantis Sky Patrol
"BFG-Avalon Legends Solitaire" = Avalon Legends Solitaire
"BFG-Be Rich" = Be Rich
"BFG-Bubble Odyssey" = Bubble Odyssey
"BFG-Build-a-lot 2 - Town of the Year" = Build-a-lot 2: Town of the Year
"BFGC" = Big Fish Games: Game Manager
"BFG-Das Smaragd-Riff" = Das Smaragd-Riff
"BFG-Diner Dash" = Diner Dash
"BFG-Diner Dash 2 Restaurant Rescue" = Diner Dash 2 Restaurant Rescue
"BFG-Diner Dash 5 - Boom Sammleredition" = Diner Dash 5: Boom Sammleredition
"BFG-Emerald Tale" = Emerald Tale
"BFG-Farm Frenzy - Frische Fische" = Farm Frenzy: Frische Fische
"BFG-Farm Frenzy - Helden der Wikinger" = Farm Frenzy: Helden der Wikinger
"BFG-Farm Frenzy 2" = Farm Frenzy 2
"BFG-Farm Frenzy 3" = Farm Frenzy 3
"BFG-Farm Frenzy 3 - American Pie" = Farm Frenzy 3: American Pie
"BFG-Farm Frenzy 3 - Ice Age" = Farm Frenzy 3: Ice Age
"BFG-Farm Frenzy 3 - Russisches Roulette" = Farm Frenzy 3: Russisches Roulette
"BFG-Farm Frenzy Pizza Party" = Farm Frenzy Pizza Party
"BFG-Farmscapes" = Farmscapes
"BFG-Gardenscapes" = Gardenscapes
"BFG-Go-Go Gourmet" = Go-Go Gourmet
"BFG-Hotel Giant 2" = Hotel Giant 2
"BFG-Jewelleria" = Jewelleria
"BFG-Luxor 2" = Luxor 2
"BFG-Miriel The Magical Merchant" = Miriel The Magical Merchant
"BFG-Penguins` Journey" = Penguins` Journey
"BFG-Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"BFG-Ranch Rush" = Ranch Rush
"BFG-Ranch Rush 2 - Sara's Island Experiment" = Ranch Rush 2: Sara's Island Experiment
"BFG-Shop-n-Spree" = Shop-n-Spree
"BFG-Wonderburg" = Wonderburg
"BFG-Zoo Empire" = Zoo Empire
"BFG-Zuma Deluxe" = Zuma Deluxe
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Corel Applications" = Corel Applications
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"Digital Editions" = Adobe Digital Editions
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"EOS Utility" = Canon Utilities EOS Utility
"fotokasten comfort_is1" = fotokasten comfort 5.0
"Google Chrome" = Google Chrome
"ICQToolbar" = ICQ Toolbar
"InstallShield_{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"IrfanView" = IrfanView (remove only)
"king.com" = king.com (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MyCamera" = Canon Utilities MyCamera
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OnlineFotoservice" = OnlineFotoservice
"Opera 12.11.1661" = Opera 12.11
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Plants vs. Zombies" = Plants vs. Zombies
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Shop it Up!" = Shop it Up!
"Snapfish Fotobuch" = Snapfish Fotobuch
"splashtop" = Quick Web Access
"streamWriter_is1" = streamWriter
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Update Engine" = Sony Ericsson Update Engine
"VAIO Help and Support" = 
"VAIO screensaver" = VAIO screensaver
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSBoxGO 1.0.0.0" = XSBoxGO 1.0.0.0
"Zeitungs-Druckerei_is1" = DATA BECKER Zeitungs-Druckerei
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{BA786D68-3AD8-42DC-8BE1-9E09B4737A27}_is1" = Vistaprint Fotobücher
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.11.2012 07:20:10 | Computer Name = Cindy-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 Bytemobile Boot Time Load Driver.  System Error: Das System kann die angegebene Datei
 nicht finden.  .
 
Error - 25.11.2012 07:20:10 | Computer Name = Cindy-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 Bytemobile Kernel Network Provider.  System Error: Das System kann die angegebene 
Datei nicht finden.  .
 
Error - 25.11.2012 08:31:24 | Computer Name = Cindy-VAIO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 25.11.2012 08:37:17 | Computer Name = Cindy-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 Bytemobile Boot Time Load Driver.  System Error: Das System kann die angegebene Datei
 nicht finden.  .
 
Error - 25.11.2012 08:37:17 | Computer Name = Cindy-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 Bytemobile Kernel Network Provider.  System Error: Das System kann die angegebene 
Datei nicht finden.  .
 
Error - 25.11.2012 11:00:52 | Computer Name = Cindy-VAIO | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 25.11.2012 19:31:42 | Computer Name = Cindy-VAIO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 29.11.2012 18:28:32 | Computer Name = Cindy-VAIO | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 29.11.2012 19:49:25 | Computer Name = Cindy-VAIO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 06.12.2012 08:01:35 | Computer Name = Cindy-VAIO | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
[ System Events ]
Error - 14.01.2013 21:27:28 | Computer Name = Cindy-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "VAIO Entertainment Common Service" ist vom Dienst "Remotedesktopdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 14.01.2013 21:27:28 | Computer Name = Cindy-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "VAIO Entertainment Common Service" ist vom Dienst "Remotedesktopdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 14.01.2013 21:30:01 | Computer Name = Cindy-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "VAIO Entertainment Common Service" ist vom Dienst "Remotedesktopdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 14.01.2013 21:30:01 | Computer Name = Cindy-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "VAIO Entertainment Common Service" ist vom Dienst "Remotedesktopdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 14.01.2013 21:30:01 | Computer Name = Cindy-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "VAIO Entertainment Common Service" ist vom Dienst "Remotedesktopdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 14.01.2013 21:30:01 | Computer Name = Cindy-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "VAIO Entertainment Common Service" ist vom Dienst "Remotedesktopdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 14.01.2013 21:30:01 | Computer Name = Cindy-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "VAIO Content Folder Watcher" ist vom Dienst "Remotedesktopdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 14.01.2013 21:32:28 | Computer Name = Cindy-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "VAIO Entertainment Common Service" ist vom Dienst "Remotedesktopdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 14.01.2013 21:32:28 | Computer Name = Cindy-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "VAIO Entertainment Common Service" ist vom Dienst "Remotedesktopdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 14.01.2013 21:32:28 | Computer Name = Cindy-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "VAIO Entertainment Common Service" ist vom Dienst "Remotedesktopdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         
--- --- ---
__________________


Alt 15.01.2013, 04:46   #3
metaldarts
 
weißer bildschirm beim rechnerstart - Standard

weißer bildschirm beim rechnerstart



GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-15 03:39:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Cindy\AppData\Local\Temp\fgtyqpob.sys


---- User code sections - GMER 2.0 ----

.text C:\Windows\SysWOW64\ieconfig_1und1_svc.exe[2060] C:\Windows\SysWOW64\wsock32.dll!recv + 82 00000000730b17fa 2 bytes [0B, 73]
.text C:\Windows\SysWOW64\ieconfig_1und1_svc.exe[2060] C:\Windows\SysWOW64\wsock32.dll!recvfrom + 88 00000000730b1860 2 bytes [0B, 73]
.text C:\Windows\SysWOW64\ieconfig_1und1_svc.exe[2060] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 98 00000000730b1942 2 bytes [0B, 73]
.text C:\Windows\SysWOW64\ieconfig_1und1_svc.exe[2060] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 109 00000000730b194d 2 bytes [0B, 73]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076421401 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076421419 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076421431 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007642144a 2 bytes [42, 76]
.text ... * 9
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764214dd 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764214f5 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007642150d 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076421525 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007642153d 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076421555 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007642156d 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076421585 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007642159d 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764215b5 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764215cd 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764216b2 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764216bd 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076421401 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076421419 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076421431 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007642144a 2 bytes [42, 76]
.text ... * 9
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764214dd 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764214f5 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007642150d 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076421525 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007642153d 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076421555 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007642156d 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076421585 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007642159d 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764215b5 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764215cd 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764216b2 2 bytes [42, 76]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764216bd 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076421401 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076421419 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076421431 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007642144a 2 bytes [42, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764214dd 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764214f5 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007642150d 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076421525 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007642153d 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076421555 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007642156d 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076421585 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007642159d 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764215b5 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764215cd 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764216b2 2 bytes [42, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764216bd 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076421401 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076421419 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076421431 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007642144a 2 bytes [42, 76]
.text ... * 9
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764214dd 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764214f5 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007642150d 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076421525 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007642153d 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076421555 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007642156d 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076421585 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007642159d 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764215b5 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764215cd 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764216b2 2 bytes [42, 76]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764216bd 2 bytes [42, 76]

---- Threads - GMER 2.0 ----

Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [824:4720] 000000001004afd0
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [824:4456] 000000001004ae90
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [824:4484] 0000000010059c40
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [824:4512] 0000000010059c40
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [824:4496] 000000001005d512
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [824:4524] 000000007293345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [824:4808] 000000007293345e
Thread C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1732:1904] 0000000072fbc71a
Thread C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1732:1908] 0000000072fbc71a
Thread C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1732:1912] 0000000072fbc71a
Thread C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1732:1916] 0000000072fbc71a
Thread C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1732:1920] 0000000072fbc71a
Thread C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1732:1992] 0000000072f052c9
Thread C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1732:4228] 0000000074761a8f
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [824] 00000000752b0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1732] 0000000074b00000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [1800] 0000000076620000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [5116] 0000000074b60000

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0c6076a27abb (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\c44619cae25b (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9452EAB6-0A4F-447A-B767-FC15522A754F}\Connection@Name isatap.{7B96B545-4764-490A-8187-2ED61101964B}
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27abb
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619cae25b
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{9452EAB6-0A4F-447A-B767-FC15522A754F}@InterfaceName isatap.{7B96B545-4764-490A-8187-2ED61101964B}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{9452EAB6-0A4F-447A-B767-FC15522A754F}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\0c6076a27abb (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\c44619cae25b (not active ControlSet)

---- EOF - GMER 2.0 ----
__________________

Antwort

Themen zu weißer bildschirm beim rechnerstart
arbeit, bildschirm, board, desktop, forum, heute, hochfahren, hoffe, lösung, neu, problem, rechner, rechners, rechnerstart, schonmal, weiße, weißer, weißer bildschirm




Ähnliche Themen: weißer bildschirm beim rechnerstart


  1. Weißer Bildschirm beim Start von Windows 7
    Log-Analyse und Auswertung - 12.06.2020 (13)
  2. Weißer Bildschirm beim Internetsurfen
    Plagegeister aller Art und deren Bekämpfung - 21.11.2015 (11)
  3. weißer Bildschirm beim Starten
    Plagegeister aller Art und deren Bekämpfung - 28.10.2014 (3)
  4. Weißer Bildschirm beim Start
    Plagegeister aller Art und deren Bekämpfung - 27.10.2014 (2)
  5. Weißer Bildschirm beim Starten und
    Log-Analyse und Auswertung - 04.08.2014 (15)
  6. Weißer Bildschirm Beim Windows Start
    Plagegeister aller Art und deren Bekämpfung - 21.10.2013 (6)
  7. Weißer Bildschirm beim Systemstart
    Plagegeister aller Art und deren Bekämpfung - 04.08.2013 (7)
  8. Beim booten weißer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (9)
  9. Weißer Bildschirm beim Start von Windows 7
    Log-Analyse und Auswertung - 21.06.2013 (10)
  10. Weißer Bildschirm beim Hochfahren Windows 7
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (14)
  11. weißer bildschirm beim start
    Plagegeister aller Art und deren Bekämpfung - 03.05.2013 (17)
  12. Weißer Bildschirm beim Start von Windows
    Log-Analyse und Auswertung - 07.10.2012 (6)
  13. Weißer Bildschirm beim Starten
    Log-Analyse und Auswertung - 12.09.2012 (12)
  14. Weißer Bildschirm beim Windows-7-Start
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (5)
  15. Weißer Bildschirm beim Verbinden mit Netzwerk/Internet
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (4)
  16. Blauer Bildschirm beim booten von USB (Bekämpfung d."Weißer Bildschirm-please wait")
    Log-Analyse und Auswertung - 08.07.2012 (6)
  17. Weißer Bildschirm beim Starten
    Plagegeister aller Art und deren Bekämpfung - 17.04.2012 (7)

Zum Thema weißer bildschirm beim rechnerstart - hallo euch allen hier im board, ich bin neu hier und hoffe, dass ihr mir helfen könnt und bedanke mich schonmal im vorraus, da ich bis jetzt nur positives über - weißer bildschirm beim rechnerstart...
Archiv
Du betrachtest: weißer bildschirm beim rechnerstart auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.