Avira-Echtzeitscanner findet Maleware

Johanna20 · 09.05.2013, 20:37

Hallo liebes Team,

im Avira-Ereignisprotokoll finde ich heute folgende Meldung:

Code:

ATTFilter

Exportierte Ereignisse:

09.05.2013 14:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Dokumente und Einstellungen\Gast 3\Lokale 
      Einstellungen\Temporary Internet Files\Content.IE5\IU0IT5ZG\ca[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'HTML/Framer.DO.229' [virus] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

09.05.2013 14:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Dokumente und Einstellungen\Gast 3\Lokale 
      Einstellungen\Temporary Internet Files\Content.IE5\IU0IT5ZG\crossdomain[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'HTML/Framer.DO.229' [virus] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

09.05.2013 14:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Dokumente und Einstellungen\Gast 3\Lokale 
      Einstellungen\Temporary Internet Files\Content.IE5\IU0IT5ZG\ca[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'HTML/Framer.DO.229' [virus] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

09.05.2013 14:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Dokumente und Einstellungen\Gast 3\Lokale 
      Einstellungen\Temporary Internet Files\Content.IE5\IU0IT5ZG\crossdomain[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'HTML/Framer.DO.229' [virus] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

Ein Rootkitscan mit Avira ergab ein verstecktes Objekt:

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 9. Mai 2013  20:25


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Microsoft Windows XP
Windowsversion : (Service Pack 3)  [5.1.2600]
Boot Modus     : Normal gebootet
Benutzername   : Gast 3
Computername   : VAIO

Versionsinformationen:
BUILD.DAT      : 13.0.0.3640          Bytes  18.04.2013 13:29:00
AVSCAN.EXE     : 13.6.0.1262   636984 Bytes  07.05.2013 17:28:09
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  28.11.2012 14:09:15
LUKE.DLL       : 13.6.0.1262    65080 Bytes  07.05.2013 17:28:40
AVSCPLR.DLL    : 13.6.0.1262    92216 Bytes  07.05.2013 17:28:09
AVREG.DLL      : 13.6.0.1262   247864 Bytes  07.05.2013 17:28:08
avlode.dll     : 13.6.2.1262   432184 Bytes  07.05.2013 17:28:07
avlode.rdf     : 13.0.0.46      15591 Bytes  28.03.2013 14:26:11
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 11:43:35
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 12:30:36
VBASE002.VDF   : 7.11.74.227     2048 Bytes  30.04.2013 12:30:36
VBASE003.VDF   : 7.11.74.228     2048 Bytes  30.04.2013 12:30:36
VBASE004.VDF   : 7.11.74.229     2048 Bytes  30.04.2013 12:30:36
VBASE005.VDF   : 7.11.74.230     2048 Bytes  30.04.2013 12:30:36
VBASE006.VDF   : 7.11.74.231     2048 Bytes  30.04.2013 12:30:36
VBASE007.VDF   : 7.11.74.232     2048 Bytes  30.04.2013 12:30:36
VBASE008.VDF   : 7.11.74.233     2048 Bytes  30.04.2013 12:30:36
VBASE009.VDF   : 7.11.74.234     2048 Bytes  30.04.2013 12:30:36
VBASE010.VDF   : 7.11.74.235     2048 Bytes  30.04.2013 12:30:37
VBASE011.VDF   : 7.11.74.236     2048 Bytes  30.04.2013 12:30:37
VBASE012.VDF   : 7.11.74.237     2048 Bytes  30.04.2013 12:30:37
VBASE013.VDF   : 7.11.74.238     2048 Bytes  30.04.2013 12:30:37
VBASE014.VDF   : 7.11.75.97    181248 Bytes  02.05.2013 10:31:44
VBASE015.VDF   : 7.11.75.183   217600 Bytes  03.05.2013 11:14:13
VBASE016.VDF   : 7.11.76.27    183808 Bytes  04.05.2013 13:57:27
VBASE017.VDF   : 7.11.76.101   194048 Bytes  06.05.2013 18:06:48
VBASE018.VDF   : 7.11.76.213   163328 Bytes  07.05.2013 22:39:32
VBASE019.VDF   : 7.11.77.41    134656 Bytes  08.05.2013 23:05:27
VBASE020.VDF   : 7.11.77.42      2048 Bytes  08.05.2013 23:05:28
VBASE021.VDF   : 7.11.77.43      2048 Bytes  08.05.2013 23:05:28
VBASE022.VDF   : 7.11.77.44      2048 Bytes  08.05.2013 23:05:28
VBASE023.VDF   : 7.11.77.45      2048 Bytes  08.05.2013 23:05:28
VBASE024.VDF   : 7.11.77.46      2048 Bytes  08.05.2013 23:05:28
VBASE025.VDF   : 7.11.77.47      2048 Bytes  08.05.2013 23:05:28
VBASE026.VDF   : 7.11.77.48      2048 Bytes  08.05.2013 23:05:28
VBASE027.VDF   : 7.11.77.49      2048 Bytes  08.05.2013 23:05:28
VBASE028.VDF   : 7.11.77.50      2048 Bytes  08.05.2013 23:05:28
VBASE029.VDF   : 7.11.77.51      2048 Bytes  08.05.2013 23:05:29
VBASE030.VDF   : 7.11.77.52      2048 Bytes  08.05.2013 23:05:29
VBASE031.VDF   : 7.11.77.112    91136 Bytes  09.05.2013 16:46:11
Engineversion  : 8.2.12.38 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 13:42:55
AESCRIPT.DLL   : 8.1.4.112     483709 Bytes  08.05.2013 23:05:46
AESCN.DLL      : 8.1.10.4      131446 Bytes  26.03.2013 17:55:30
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 15:58:06
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 13:12:39
AEPACK.DLL     : 8.3.2.12      754040 Bytes  08.05.2013 23:05:45
AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  08.03.2013 17:58:13
AEHEUR.DLL     : 8.1.4.348    5890425 Bytes  08.05.2013 23:05:42
AEHELP.DLL     : 8.1.25.10     258425 Bytes  08.05.2013 23:05:31
AEGEN.DLL      : 8.1.7.4       442741 Bytes  08.05.2013 23:05:30
AEEXP.DLL      : 8.4.0.26      201078 Bytes  03.05.2013 11:14:27
AEEMU.DLL      : 8.1.3.2       393587 Bytes  19.09.2012 13:42:55
AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 18:18:03
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 14:00:38
AVWINLL.DLL    : 13.6.0.480     26480 Bytes  12.02.2013 18:34:11
AVPREF.DLL     : 13.6.0.480     51056 Bytes  12.02.2013 18:34:24
AVREP.DLL      : 13.6.0.480    178544 Bytes  25.01.2013 08:25:03
AVARKT.DLL     : 13.6.0.1262   258104 Bytes  07.05.2013 17:28:00
AVEVTLOG.DLL   : 13.6.0.1262   164920 Bytes  07.05.2013 17:28:05
SQLITE3.DLL    : 3.7.0.1       397704 Bytes  25.01.2013 08:25:19
AVSMTP.DLL     : 13.6.0.480     62832 Bytes  12.02.2013 18:34:26
NETNT.DLL      : 13.6.0.480     16240 Bytes  12.02.2013 18:35:08
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  28.11.2012 14:09:40
RCTEXT.DLL     : 13.6.0.976     69344 Bytes  08.03.2013 13:58:59

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Suche nach Rootkits und aktiver Malware
Konfigurationsdatei...................: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Donnerstag, 9. Mai 2013  20:25

Der Suchlauf nach versteckten Objekten wird begonnen.
c:\windows\system32\tlntsvr.exe
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ.exe' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'SNDVOL32.EXE' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosBtHsp.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosBtHid.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosA2dp.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosBtMng.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'UIExec.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'VAIOUpdt.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '104' Modul(e) wurden durchsucht


Ende des Suchlaufs: Donnerstag, 9. Mai 2013  20:39
Benötigte Zeit: 13:59 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
   1011 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
   1011 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
 318780 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden

Für eine evt. Systembereinigung bitte ich freundlichst um eure Hilfe.

Vielen Dank!

cosinus · 09.05.2013, 23:10

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Johanna20 · 10.05.2013, 18:28

Hallo Cosinus,

vielen Dank für deine schnelle Antwort und deine Hilfe.

OTL.Txt:

Code:

ATTFilter

OTL logfile created on: 10.05.2013 19:00:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,14% Memory free
3,85 Gb Paging File | 3,32 Gb Available in Paging File | 86,31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,51 Gb Total Space | 50,94 Gb Free Space | 68,37% Space Free | Partition Type: NTFS
Drive D: | 66,61 Gb Total Space | 24,50 Gb Free Space | 36,77% Space Free | Partition Type: NTFS
 
Computer Name: VAIO | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
PRC - C:\Programme\Join Air\UIExec.exe ()
PRC - C:\Programme\Join Air\AssistantServices.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Programme\Join Air\UIExec.exe ()
MOD - C:\Programme\Join Air\AssistantServices.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (UI Assistant Service) -- C:\Programme\Join Air\AssistantServices.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 CD 28 BD 9E 4D CE 01  [binary data]
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
 
 
O1 HOSTS File: ([2013.03.12 21:07:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Sony Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PrepareYourVAIO] C:\Programme\Sony\Prepare your VAIO\PYVAlert.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Programme\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Programme\Sony\VAIO Information FLOW\aiesc.html ()
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340059977391 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340059965048 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{188D77AD-BAE9-4C68-8B2C-EDE5171AD35C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.07.27 11:07:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.10 18:57:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.10 18:57:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2013.05.10 18:51:41 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.05.10 18:08:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.10 18:08:13 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.09 00:43:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
 
========== Files Created - No Company Name ==========
 
[2013.01.06 20:22:05 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2012.08.23 16:59:44 | 000,283,228 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\census.cache
[2012.08.23 16:59:29 | 000,197,503 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\ars.cache
[2012.08.23 15:25:33 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2012.05.29 15:17:11 | 000,006,656 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.26 00:48:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2012.05.25 08:28:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.05.24 18:15:15 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.05.24 18:07:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.05.24 18:04:55 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2012.05.24 17:58:53 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.07.27 11:03:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

OTL.Extras:

Code:

ATTFilter

OTL Extras logfile created on: 10.05.2013 19:00:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,14% Memory free
3,85 Gb Paging File | 3,32 Gb Available in Paging File | 86,31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,51 Gb Total Space | 50,94 Gb Free Space | 68,37% Space Free | Partition Type: NTFS
Drive D: | 66,61 Gb Total Space | 24,50 Gb Free Space | 36,77% Space Free | Partition Type: NTFS
 
Computer Name: VAIO | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\ICQ7M\ICQ.exe" = C:\Programme\ICQ7M\ICQ.exe:*:Enabled:ICQ7M -- (ICQ, LLC.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\ICQ7M\ICQ.exe" = C:\Programme\ICQ7M\ICQ.exe:*:Enabled:ICQ7M -- (ICQ, LLC.)
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24960AC2-C413-4A86-B1C1-E4CCADCA44D3}" = VAIO Information FLOW
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.30
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.17.903
"ie8" = Windows Internet Explorer 8
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"Picasa 3" = Picasa 3
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Skype_is1" = Skype 2.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.04.2013 12:49:55 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 24.04.2013 14:09:41 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 26.04.2013 05:37:38 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 26.04.2013 13:06:16 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 28.04.2013 07:14:43 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 02.05.2013 06:26:20 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 03.05.2013 19:37:49 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 05.05.2013 15:35:07 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 08.05.2013 18:59:39 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 09.05.2013 06:42:06 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
[ System Events ]
Error - 03.05.2013 19:37:52 | Computer Name = VAIO | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 04.05.2013 16:15:25 | Computer Name = VAIO | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
 
Error - 04.05.2013 16:15:25 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 04.05.2013 16:15:26 | Computer Name = VAIO | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst NVSvc.
 
Error - 05.05.2013 15:35:07 | Computer Name = VAIO | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 05.05.2013 15:35:07 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 08.05.2013 18:59:52 | Computer Name = VAIO | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 08.05.2013 18:59:52 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 09.05.2013 06:42:06 | Computer Name = VAIO | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 09.05.2013 06:42:06 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >

cosinus · 10.05.2013, 19:42

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die Endbenutzer-Lizenz.
Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls etwas schief geht.
Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es eine Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Johanna20 · 10.05.2013, 20:54

Combofix:

Code:

ATTFilter

ComboFix 13-05-10.03 - xxx 10.05.2013  21:09:43.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1425 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\xxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-10 bis 2013-05-10  ))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-09 22:32 . 2012-05-25 08:19	691592	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-04-09 22:32 . 2012-05-25 08:19	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-19 20:56 . 2013-03-19 20:57	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-19 20:56 . 2013-03-19 20:57	143872	----a-w-	c:\windows\system32\javacpl.cpl
2013-03-19 20:56 . 2012-05-31 20:39	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-19 20:56 . 2012-05-31 20:39	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2006-07-27 01:49	293888	----a-w-	c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2004-08-04 00:50	2031104	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2006-07-27 01:49	2152448	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-06 14:13 . 2012-12-20 14:53	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-02 01:57 . 2006-07-27 01:49	1867392	----a-w-	c:\windows\system32\win32k.sys
2013-03-02 01:53 . 2006-07-27 01:49	916480	----a-w-	c:\windows\system32\wininet.dll
2013-03-02 01:53 . 2006-07-27 01:49	43520	------w-	c:\windows\system32\licmgr10.dll
2013-03-02 01:53 . 2006-07-27 01:49	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-03-02 01:08 . 2006-07-27 01:48	385024	------w-	c:\windows\system32\html.iec
2013-02-27 11:22 . 2012-12-20 14:53	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-02-27 11:22 . 2012-12-20 14:53	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-02-27 07:56 . 2006-07-27 09:01	2067456	----a-w-	c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2012-05-24 17:39	12928	------w-	c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2006-07-27 01:49	12928	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PrepareYourVAIO"="c:\programme\Sony\Prepare your VAIO\PYVAlert.exe" [2005-01-21 118784]
"VAIO Update 5"="c:\programme\Sony\VAIO Update 5\VAIOUpdt.exe" [2012-01-17 1015912]
"UIExec"="c:\programme\Join Air\UIExec.exe" [2010-04-27 138072]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-2-2 1753088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 12:51	73728	----a-w-	c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 12:12	32768	----a-w-	c:\programme\Sony\ISB Utility\ISBMgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\ICQ7M\\ICQ.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [20.12.2012 16:53 37352]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCORE.EXE [12.08.2011 01:38 116608]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.12.2012 16:53 86752]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 Secunia Update Agent;Secunia Update Agent;c:\programme\Secunia\PSI\sua.exe --start-service --> c:\programme\Secunia\PSI\sua.exe --start-service [?]
R2 UI Assistant Service;UI Assistant Service;c:\programme\Join Air\AssistantServices.exe [29.08.2012 21:16 247152]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [27.07.2006 03:50 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [27.07.2006 03:50 226304]
R3 VUAgent;VUAgent;c:\programme\Sony\VAIO Update Common\VUAgent.exe [13.01.2012 10:53 939624]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [29.08.2012 21:16 9216]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [16.12.2011 16:19 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\programme\Secunia\PSI\PSIA.exe --start-service --> c:\programme\Secunia\PSI\PSIA.exe --start-service [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: &Google-Suche - c:\programme\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Ins Deutsche übersetzen - c:\programme\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Im Cache gespeicherte Seite - c:\programme\Google\GoogleToolbar1.dll/cmcache.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: RSS-Support-Site zu VAIO Information FLOW hinzufügen - c:\programme\Sony\VAIO Information FLOW\aiesc.html
IE: Verweisseiten - c:\programme\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Ähnliche Seiten - c:\programme\Google\GoogleToolbar1.dll/cmsimilar.html
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\programme\ICQ7M\ICQ.exe
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-10 21:20
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,d0,ea,f8,1d,e0,b3,42,bc,a4,47,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,d0,ea,f8,1d,e0,b3,42,bc,a4,47,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,d0,ea,f8,1d,e0,b3,42,bc,a4,47,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(2540)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2013-05-10  21:24:04
ComboFix-quarantined-files.txt  2013-05-10 19:24
.
Vor Suchlauf: 9 Verzeichnis(se), 54.587.105.280 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 54.857.752.576 Bytes frei
.
- - End Of File - - 3CF631E07F69D4D88B8A81823B18D54D

cosinus · 10.05.2013, 21:54

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Johanna20 · 11.05.2013, 20:07

Hallo Cosinus,

hier die Logs:

Gmer:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-11 01:49:06
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e FUJITSU_MHV2160BT_PL rev.0000004F 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\xxx~1\LOKALE~1\Temp\ugldypog.sys


---- System - GMER 2.1 ----

SSDT   BA6F6A14                                                                                                                                   ZwClose
SSDT   BA6F69CE                                                                                                                                   ZwCreateKey
SSDT   BA6F6A1E                                                                                                                                   ZwCreateSection
SSDT   BA6F69C4                                                                                                                                   ZwCreateThread
SSDT   BA6F69D3                                                                                                                                   ZwDeleteKey
SSDT   BA6F69DD                                                                                                                                   ZwDeleteValueKey
SSDT   BA6F6A0F                                                                                                                                   ZwDuplicateObject
SSDT   BA6F69E2                                                                                                                                   ZwLoadKey
SSDT   BA6F69B0                                                                                                                                   ZwOpenProcess
SSDT   BA6F69B5                                                                                                                                   ZwOpenThread
SSDT   BA6F6A37                                                                                                                                   ZwQueryValueKey
SSDT   BA6F69EC                                                                                                                                   ZwReplaceKey
SSDT   BA6F6A28                                                                                                                                   ZwRequestWaitReplyPort
SSDT   BA6F69E7                                                                                                                                   ZwRestoreKey
SSDT   BA6F6A23                                                                                                                                   ZwSetContextThread
SSDT   BA6F6A2D                                                                                                                                   ZwSetSecurityObject
SSDT   BA6F69D8                                                                                                                                   ZwSetValueKey
SSDT   BA6F6A32                                                                                                                                   ZwSystemDebugControl
SSDT   BA6F69BF                                                                                                                                   ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                   section is writeable [0xB910B360, 0x22144D, 0xE8000020]

---- Registry - GMER 2.1 ----

Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\52C5174E411704F49A511C59D1D45702\Usage@DefaultFeature  1118506510

---- EOF - GMER 2.1 ----

MBAR:

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.828000 GHz
Memory total: 2145497088, free: 1566748672

------------ Kernel report ------------
     05/11/2013 11:22:43
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
SI3132.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
SiWinAcc.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
SiRemFil.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\w39n51.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\drivers\ti21sony.sys
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\System32\Drivers\SonyNC.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\tosrfcom.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\tosporte.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\usbvm321.sys
\SystemRoot\System32\Drivers\STREAM.SYS
\SystemRoot\System32\Drivers\USBCAMD2.SYS
\SystemRoot\system32\DRIVERS\SonyImgF.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\DMICall.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR6
Upper Device Object: 0xffffffff89ae9300
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009e\
Lower Device Object: 0xffffffff89ae73f0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff89bde030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xffffffff8a4e7c70
Lower Device Driver Name: \Driver\ti21sony\
Driver name found: ti21sony
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a602ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
Lower Device Object: 0xffffffff8a604940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.05.11.03
Downloaded database version: v2013.05.07.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a602ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a67ee08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a602ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a6579e8, DeviceName: \Device\00000085\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a604940, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe156d830, 0xffffffff8a602ab8, 0xffffffff885a2910
Lower DeviceData: 0xffffffffe388b200, 0xffffffff8a604940, 0xffffffff8880dd60
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BF2354C3

Partition information:

    Partition 0 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 16611147

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 16611210  Numsec = 156264255
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 172875465  Numsec = 139701240

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff89bde030, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89c05e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89bde030, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a4e7c70, DeviceName: \Device\00000095\, DriverName: \Driver\ti21sony\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff89ae9300, DeviceName: \Device\Harddisk2\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a590a98, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89ae9300, DeviceName: \Device\Harddisk2\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89ae73f0, DeviceName: \Device\0000009e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Read File: File "c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\Programme\Gemeinsame Dateien\System\ado\MDACReadme.htm" is compressed (flags = 1)
Read File: File "c:\Programme\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "c:\Programme\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\$ncsp$.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\Channels anzeigen.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\Administrator\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\LocalService\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\NetworkService\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\smscfg.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Windows.Forms.resources\1.0.5000.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.5000.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.5000.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.5000.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Mobile.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.5000.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Installer\iProData\verfile.tic" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\al.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ConfigWizards.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\default.disco" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ieexec.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\l_except.nlp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\_dataperfcounters.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\_NetworkingPerfCounters.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1031\ConfigShortcut.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1031\WizardsShortcut.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.828000 GHz
Memory total: 2145497088, free: 1676169216

=======================================

cosinus · 12.05.2013, 20:50

Bitte die Anleitungen sorgfältiger lesen und umsetzen, du hast das falsche Log von MBAR gepostet

Johanna20 · 12.05.2013, 23:12

Hallo Cosinus,

sorry, bitte entschuldige meinen Fehler.

Mbar:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.11.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
xxx :: VAIO [administrator]

11.05.2013 12:30:16
mbar-log-2013-05-11 (12-30-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27120
Time elapsed: 59 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Heute hatte ich leider eine weitere Meldung von Avira:

Code:

ATTFilter

Exportierte Ereignisse:

12.05.2013 22:29 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Dokumente und Einstellungen\Gast 3\Lokale 
      Einstellungen\Temporary Internet Files\Content.IE5\2Q1ARVB7\ca[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'HTML/Framer.DO.229' [virus] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

12.05.2013 22:29 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Dokumente und Einstellungen\Gast 3\Lokale 
      Einstellungen\Temporary Internet Files\Content.IE5\P3H5W86U\crossdomain[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'HTML/Framer.DO.229' [virus] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

12.05.2013 22:29 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Dokumente und Einstellungen\Gast 3\Lokale 
      Einstellungen\Temporary Internet Files\Content.IE5\2Q1ARVB7\ca[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'HTML/Framer.DO.229' [virus] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

12.05.2013 22:29 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Dokumente und Einstellungen\Gast 3\Lokale 
      Einstellungen\Temporary Internet Files\Content.IE5\P3H5W86U\crossdomain[1].htm'
      wurde ein Virus oder unerwünschtes Programm 'HTML/Framer.DO.229' [virus] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

Für deine Mühe danke ich dir recht herzlich.

cosinus · 13.05.2013, 09:13

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Johanna20 · 13.05.2013, 20:15

aswMBR.text:

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-13 19:24:38
-----------------------------
19:24:38.718    OS Version: Windows 5.1.2600 Service Pack 3
19:24:38.718    Number of processors: 2 586 0xF06
19:24:38.718    ComputerName: VAIO  UserName: 
19:24:40.765    Initialize success
19:31:08.468    AVAST engine defs: 13051300
19:35:55.421    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
19:35:55.421    Disk 0 Vendor: FUJITSU_MHV2160BT_PL 0000004F Size: 152627MB BusType: 3
19:35:55.421    Disk 1  \Device\Harddisk1\DR4 -> \Device\00000095
19:35:55.421    Disk 1 Vendor: (  Size: 152627MB BusType: 0
19:35:55.656    Disk 0 MBR read successfully
19:35:55.671    Disk 0 MBR scan
19:35:55.765    Disk 0 Windows XP default MBR code
19:35:55.781    Disk 0 Partition 1 00     12  Compaq diag NTFS         8110 MB offset 63
19:35:55.796    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        76300 MB offset 16611210
19:35:55.796    Disk 0 Partition - 00     0F Extended LBA             68213 MB offset 172875465
19:35:55.828    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        68213 MB offset 172875528
19:35:55.843    Disk 0 scanning sectors +312576705
19:35:56.031    Disk 0 scanning C:\WINDOWS\system32\drivers
19:36:37.390    Service scanning
19:37:44.843    Modules scanning
19:38:09.937    Disk 0 trace - called modules:
19:38:10.000    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys 
19:38:10.000    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a67aab8]
19:38:10.000    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000085[0x8a67e9e8]
19:38:10.000    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a67dd98]
19:38:11.656    AVAST engine scan C:\WINDOWS
19:38:31.265    AVAST engine scan C:\WINDOWS\system32
19:50:35.734    AVAST engine scan C:\WINDOWS\system32\drivers
19:51:17.812    AVAST engine scan C:\Dokumente und Einstellungen\xxx
19:52:26.796    AVAST engine scan C:\Dokumente und Einstellungen\All Users
19:54:46.015    Scan finished successfully
20:01:03.937    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\MBR.dat"
20:01:03.937    The log file has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\aswMBR.txt"

TDSSKiller:

Code:

ATTFilter

20:38:26.0468 2768  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:38:26.0937 2768  ============================================================
20:38:26.0937 2768  Current date / time: 2013/05/13 20:38:26.0937
20:38:26.0937 2768  SystemInfo:
20:38:26.0937 2768  
20:38:26.0937 2768  OS Version: 5.1.2600 ServicePack: 3.0
20:38:26.0937 2768  Product type: Workstation
20:38:26.0937 2768  ComputerName: VAIO
20:38:26.0937 2768  UserName: xxx
20:38:26.0937 2768  Windows directory: C:\WINDOWS
20:38:26.0937 2768  System windows directory: C:\WINDOWS
20:38:26.0937 2768  Processor architecture: Intel x86
20:38:26.0937 2768  Number of processors: 2
20:38:26.0937 2768  Page size: 0x1000
20:38:26.0937 2768  Boot type: Normal boot
20:38:26.0937 2768  ============================================================
20:38:31.0093 2768  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:38:31.0093 2768  ============================================================
20:38:31.0093 2768  \Device\Harddisk0\DR0:
20:38:31.0093 2768  MBR partitions:
20:38:31.0093 2768  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFD778A, BlocksNum 0x950673F
20:38:31.0125 2768  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA4DDF08, BlocksNum 0x853ABB9
20:38:31.0125 2768  ============================================================
20:38:31.0187 2768  C: <-> \Device\Harddisk0\DR0\Partition1
20:38:31.0234 2768  D: <-> \Device\Harddisk0\DR0\Partition2
20:38:31.0234 2768  ============================================================
20:38:31.0234 2768  Initialize success
20:38:31.0234 2768  ============================================================
20:40:58.0234 2112  ============================================================
20:40:58.0234 2112  Scan started
20:40:58.0234 2112  Mode: Manual; SigCheck; TDLFS; 
20:40:58.0234 2112  ============================================================
20:40:58.0656 2112  ================ Scan system memory ========================
20:40:58.0656 2112  System memory - ok
20:40:58.0656 2112  ================ Scan services =============================
20:40:58.0859 2112  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Programme\SUPERAntiSpyware\SASCORE.EXE
20:41:00.0343 2112  !SASCORE ( UnsignedFile.Multi.Generic ) - warning
20:41:00.0343 2112  !SASCORE - detected UnsignedFile.Multi.Generic (1)
20:41:00.0875 2112  Abiosdsk - ok
20:41:00.0875 2112  abp480n5 - ok
20:41:01.0031 2112  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:41:05.0312 2112  ACPI - ok
20:41:05.0359 2112  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:41:05.0500 2112  ACPIEC - ok
20:41:05.0640 2112  [ 2486C8E3F14496341E90CF2AB8BC82ED ] AdobeActiveFileMonitor4.0 C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
20:41:05.0656 2112  AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - warning
20:41:05.0656 2112  AdobeActiveFileMonitor4.0 - detected UnsignedFile.Multi.Generic (1)
20:41:05.0671 2112  adpu160m - ok
20:41:05.0765 2112  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:41:06.0000 2112  aec - ok
20:41:06.0046 2112  [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:41:06.0062 2112  AegisP ( UnsignedFile.Multi.Generic ) - warning
20:41:06.0062 2112  AegisP - detected UnsignedFile.Multi.Generic (1)
20:41:06.0171 2112  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:41:06.0250 2112  AFD - ok
20:41:06.0250 2112  Aha154x - ok
20:41:06.0250 2112  aic78u2 - ok
20:41:06.0265 2112  aic78xx - ok
20:41:06.0296 2112  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:41:06.0437 2112  Alerter - ok
20:41:06.0500 2112  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
20:41:06.0578 2112  ALG - ok
20:41:06.0593 2112  AliIde - ok
20:41:06.0593 2112  amsint - ok
20:41:06.0765 2112  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
20:41:06.0781 2112  AntiVirSchedulerService - ok
20:41:06.0890 2112  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
20:41:06.0906 2112  AntiVirService - ok
20:41:07.0015 2112  [ B21FCBC58CB13BAC70F74B5AC5DA7409 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:41:07.0109 2112  ApfiltrService - ok
20:41:07.0234 2112  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
20:41:07.0375 2112  AppMgmt - ok
20:41:07.0468 2112  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:41:07.0625 2112  Arp1394 - ok
20:41:07.0625 2112  asc - ok
20:41:07.0625 2112  asc3350p - ok
20:41:07.0640 2112  asc3550 - ok
20:41:07.0796 2112  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:41:07.0843 2112  aspnet_state - ok
20:41:07.0890 2112  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:41:08.0031 2112  AsyncMac - ok
20:41:08.0109 2112  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:41:08.0218 2112  atapi - ok
20:41:08.0234 2112  Atdisk - ok
20:41:08.0296 2112  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:41:08.0437 2112  Atmarpc - ok
20:41:08.0500 2112  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:41:08.0625 2112  AudioSrv - ok
20:41:08.0671 2112  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:41:08.0781 2112  audstub - ok
20:41:08.0859 2112  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:41:08.0890 2112  avgntflt - ok
20:41:09.0000 2112  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:41:09.0031 2112  avipbb - ok
20:41:09.0062 2112  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:41:09.0093 2112  avkmgr - ok
20:41:09.0109 2112  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:41:09.0218 2112  Beep - ok
20:41:09.0437 2112  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:41:09.0906 2112  BITS - ok
20:41:09.0984 2112  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
20:41:10.0046 2112  Browser - ok
20:41:10.0171 2112  catchme - ok
20:41:10.0203 2112  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:41:10.0328 2112  cbidf2k - ok
20:41:10.0390 2112  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:41:10.0531 2112  CCDECODE - ok
20:41:10.0531 2112  cd20xrnt - ok
20:41:10.0578 2112  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:41:10.0703 2112  Cdaudio - ok
20:41:10.0750 2112  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:41:10.0906 2112  Cdfs - ok
20:41:10.0953 2112  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:41:11.0093 2112  Cdrom - ok
20:41:11.0093 2112  Changer - ok
20:41:11.0140 2112  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:41:11.0250 2112  CiSvc - ok
20:41:11.0281 2112  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:41:11.0406 2112  ClipSrv - ok
20:41:11.0500 2112  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:41:11.0609 2112  clr_optimization_v2.0.50727_32 - ok
20:41:11.0656 2112  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:41:11.0781 2112  CmBatt - ok
20:41:11.0781 2112  CmdIde - ok
20:41:11.0796 2112  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:41:11.0953 2112  Compbatt - ok
20:41:11.0953 2112  COMSysApp - ok
20:41:11.0984 2112  Cpqarray - ok
20:41:12.0062 2112  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:41:12.0156 2112  CryptSvc - ok
20:41:12.0171 2112  dac2w2k - ok
20:41:12.0171 2112  dac960nt - ok
20:41:12.0406 2112  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:41:12.0593 2112  DcomLaunch - ok
20:41:12.0671 2112  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:41:12.0796 2112  Dhcp - ok
20:41:12.0828 2112  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:41:12.0968 2112  Disk - ok
20:41:12.0984 2112  dmadmin - ok
20:41:13.0406 2112  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:41:14.0203 2112  dmboot - ok
20:41:14.0265 2112  [ 526192BF7696F72E29777BF4A180513A ] DMICall         C:\WINDOWS\system32\DRIVERS\DMICall.sys
20:41:14.0375 2112  DMICall - ok
20:41:14.0484 2112  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:41:14.0687 2112  dmio - ok
20:41:14.0750 2112  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:41:14.0875 2112  dmload - ok
20:41:14.0937 2112  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:41:15.0062 2112  dmserver - ok
20:41:15.0125 2112  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:41:15.0281 2112  DMusic - ok
20:41:15.0359 2112  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:41:15.0437 2112  Dnscache - ok
20:41:15.0546 2112  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:41:15.0718 2112  Dot3svc - ok
20:41:15.0734 2112  dpti2o - ok
20:41:15.0734 2112  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:41:15.0875 2112  drmkaud - ok
20:41:16.0000 2112  [ D57A8FC800B501AC05B10D00F66D127A ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:41:16.0109 2112  E100B - ok
20:41:16.0218 2112  [ 389CF2CDED384BE477C3B3F15747D495 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:41:16.0343 2112  e1express - ok
20:41:16.0406 2112  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:41:16.0562 2112  EapHost - ok
20:41:16.0796 2112  [ B03BCD810A2EE089FA08E47B5200BE31 ] ehRecvr         C:\WINDOWS\eHome\ehRecvr.exe
20:41:16.0906 2112  ehRecvr - ok
20:41:16.0968 2112  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:41:17.0078 2112  ERSvc - ok
20:41:17.0171 2112  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
20:41:17.0218 2112  Eventlog - ok
20:41:17.0406 2112  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
20:41:17.0531 2112  EventSystem - ok
20:41:17.0656 2112  [ 56DED3ADE453272E6A0AD582D945D1A4 ] EvtEng          C:\Programme\Intel\Wireless\Bin\EvtEng.exe
20:41:17.0687 2112  EvtEng ( UnsignedFile.Multi.Generic ) - warning
20:41:17.0687 2112  EvtEng - detected UnsignedFile.Multi.Generic (1)
20:41:17.0781 2112  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:41:18.0000 2112  Fastfat - ok
20:41:18.0109 2112  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:41:18.0203 2112  FastUserSwitchingCompatibility - ok
20:41:18.0234 2112  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
20:41:18.0359 2112  Fdc - ok
20:41:18.0390 2112  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:41:18.0515 2112  Fips - ok
20:41:18.0546 2112  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
20:41:18.0671 2112  Flpydisk - ok
20:41:18.0796 2112  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:41:19.0015 2112  FltMgr - ok
20:41:19.0109 2112  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:41:19.0140 2112  FontCache3.0.0.0 - ok
20:41:19.0171 2112  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:41:19.0312 2112  Fs_Rec - ok
20:41:19.0406 2112  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:41:19.0578 2112  Ftdisk - ok
20:41:19.0640 2112  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:41:19.0781 2112  Gpc - ok
20:41:19.0890 2112  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
20:41:19.0984 2112  gusvc - ok
20:41:20.0078 2112  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:41:20.0187 2112  HDAudBus - ok
20:41:20.0296 2112  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:41:20.0406 2112  helpsvc - ok
20:41:20.0421 2112  HidServ - ok
20:41:20.0453 2112  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:41:20.0562 2112  HidUsb - ok
20:41:20.0640 2112  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:41:20.0796 2112  hkmsvc - ok
20:41:20.0796 2112  hpn - ok
20:41:20.0953 2112  [ ACC46DDA7FECE95A253AE88CEA172E12 ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:41:21.0109 2112  HSFHWAZL - ok
20:41:21.0671 2112  [ C9F4E7DA78A02623ABF78A4A34CE79B1 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:41:23.0109 2112  HSF_DPV - ok
20:41:23.0312 2112  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:41:23.0390 2112  HTTP - ok
20:41:23.0437 2112  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:41:23.0546 2112  HTTPFilter - ok
20:41:23.0562 2112  i2omgmt - ok
20:41:23.0562 2112  i2omp - ok
20:41:23.0609 2112  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:41:23.0750 2112  i8042prt - ok
20:41:23.0875 2112  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:41:23.0937 2112  IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:41:23.0937 2112  IDriverT - detected UnsignedFile.Multi.Generic (1)
20:41:24.0453 2112  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:41:25.0312 2112  idsvc - ok
20:41:25.0421 2112  [ A16DEDF58C40D8236578F0FBB520EA6D ] Image Converter video recording monitor for VAIO Entertainment C:\Programme\Sony\Image Converter 2\IcVzMon.exe
20:41:25.0468 2112  Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - warning
20:41:25.0468 2112  Image Converter video recording monitor for VAIO Entertainment - detected UnsignedFile.Multi.Generic (1)
20:41:25.0515 2112  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:41:25.0640 2112  Imapi - ok
20:41:25.0781 2112  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:41:25.0906 2112  ImapiService - ok
20:41:25.0906 2112  ini910u - ok
20:41:25.0921 2112  IntelIde - ok
20:41:25.0984 2112  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:41:26.0109 2112  intelppm - ok
20:41:26.0140 2112  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
20:41:26.0281 2112  Ip6Fw - ok
20:41:26.0328 2112  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:41:26.0468 2112  IpFilterDriver - ok
20:41:26.0515 2112  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:41:26.0656 2112  IpInIp - ok
20:41:26.0781 2112  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:41:26.0890 2112  IpNat - ok
20:41:26.0968 2112  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:41:27.0109 2112  IPSec - ok
20:41:27.0156 2112  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:41:27.0234 2112  IRENUM - ok
20:41:27.0265 2112  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:41:27.0406 2112  isapnp - ok
20:41:27.0609 2112  [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
20:41:27.0625 2112  JavaQuickStarterService - ok
20:41:27.0656 2112  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:41:27.0765 2112  Kbdclass - ok
20:41:27.0875 2112  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:41:28.0078 2112  kmixer - ok
20:41:28.0140 2112  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:41:28.0203 2112  KSecDD - ok
20:41:28.0296 2112  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:41:28.0328 2112  lanmanserver - ok
20:41:28.0437 2112  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:41:28.0515 2112  lanmanworkstation - ok
20:41:28.0515 2112  lbrtfdc - ok
20:41:28.0562 2112  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:41:28.0671 2112  LmHosts - ok
20:41:28.0718 2112  [ 09721F2C56681A83C93ECDFAB8B102A9 ] massfilter      C:\WINDOWS\system32\drivers\massfilter.sys
20:41:28.0796 2112  massfilter - ok
20:41:28.0890 2112  [ 52404CC76E9D53843BDF97564BB16BED ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe
20:41:29.0078 2112  McrdSvc - ok
20:41:29.0140 2112  [ E246A32C445056996074A397DA56E815 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:41:29.0203 2112  mdmxsdk - ok
20:41:29.0265 2112  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:41:29.0406 2112  Messenger - ok
20:41:29.0468 2112  [ DED60230E3019C508769EC3C15BCDA44 ] MHN             C:\WINDOWS\System32\mhn.dll
20:41:29.0578 2112  MHN ( UnsignedFile.Multi.Generic ) - warning
20:41:29.0578 2112  MHN - detected UnsignedFile.Multi.Generic (1)
20:41:29.0593 2112  [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:41:29.0656 2112  MHNDRV ( UnsignedFile.Multi.Generic ) - warning
20:41:29.0656 2112  MHNDRV - detected UnsignedFile.Multi.Generic (1)
20:41:29.0828 2112  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
20:41:29.0875 2112  Microsoft Office Groove Audit Service - ok
20:41:29.0906 2112  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:41:30.0046 2112  mnmdd - ok
20:41:30.0125 2112  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
20:41:30.0250 2112  mnmsrvc - ok
20:41:30.0312 2112  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:41:30.0437 2112  Modem - ok
20:41:30.0468 2112  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:41:30.0593 2112  Mouclass - ok
20:41:30.0640 2112  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:41:30.0750 2112  mouhid - ok
20:41:30.0796 2112  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:41:30.0953 2112  MountMgr - ok
20:41:30.0953 2112  mraid35x - ok
20:41:31.0046 2112  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:41:31.0265 2112  MRxDAV - ok
20:41:31.0546 2112  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:41:31.0718 2112  MRxSmb - ok
20:41:31.0921 2112  [ F1534ACA143CA86CD57672953754FAB0 ] MSCSPTISRV      C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
20:41:31.0953 2112  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
20:41:31.0953 2112  MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
20:41:32.0000 2112  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
20:41:32.0109 2112  MSDTC - ok
20:41:32.0140 2112  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:41:32.0265 2112  Msfs - ok
20:41:32.0265 2112  MSIServer - ok
20:41:32.0296 2112  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:41:32.0421 2112  MSKSSRV - ok
20:41:32.0453 2112  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:41:32.0546 2112  MSPCLOCK - ok
20:41:32.0562 2112  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:41:32.0687 2112  MSPQM - ok
20:41:32.0718 2112  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:41:32.0828 2112  mssmbios - ok
20:41:32.0859 2112  MSSQL$VAIO_VEDB - ok
20:41:32.0937 2112  [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
20:41:33.0000 2112  MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning
20:41:33.0000 2112  MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)
20:41:33.0046 2112  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
20:41:33.0156 2112  MSTEE - ok
20:41:33.0265 2112  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:41:33.0312 2112  Mup - ok
20:41:33.0390 2112  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:41:33.0531 2112  NABTSFEC - ok
20:41:33.0765 2112  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:41:34.0031 2112  napagent - ok
20:41:34.0156 2112  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:41:34.0375 2112  NDIS - ok
20:41:34.0406 2112  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:41:34.0515 2112  NdisIP - ok
20:41:34.0562 2112  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:41:34.0593 2112  NdisTapi - ok
20:41:34.0625 2112  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:41:34.0750 2112  Ndisuio - ok
20:41:34.0796 2112  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:41:35.0000 2112  NdisWan - ok
20:41:35.0046 2112  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:41:35.0109 2112  NDProxy - ok
20:41:35.0171 2112  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:41:35.0312 2112  NetBIOS - ok
20:41:35.0406 2112  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:41:35.0609 2112  NetBT - ok
20:41:35.0718 2112  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:41:35.0906 2112  NetDDE - ok
20:41:35.0968 2112  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:41:36.0171 2112  NetDDEdsdm - ok
20:41:36.0218 2112  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:41:36.0312 2112  Netlogon - ok
20:41:36.0468 2112  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
20:41:36.0578 2112  Netman - ok
20:41:36.0687 2112  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:41:36.0765 2112  NetTcpPortSharing - ok
20:41:36.0828 2112  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:41:36.0984 2112  NIC1394 - ok
20:41:37.0125 2112  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:41:37.0156 2112  Nla - ok
20:41:37.0218 2112  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:41:37.0343 2112  Npfs - ok
20:41:37.0640 2112  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:41:38.0203 2112  Ntfs - ok
20:41:38.0234 2112  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
20:41:38.0328 2112  NtLmSsp - ok
20:41:38.0593 2112  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:41:39.0078 2112  NtmsSvc - ok
20:41:39.0125 2112  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:41:39.0250 2112  Null - ok
20:41:41.0156 2112  [ 4F56E52F7CE6AC737ADB1BB2A1854592 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:41:44.0781 2112  nv - ok
20:41:44.0906 2112  [ CAF1661B3A97BB8D47B60C7EB222C58A ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
20:41:44.0984 2112  NVSvc - ok
20:41:45.0015 2112  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:41:45.0140 2112  NwlnkFlt - ok
20:41:45.0171 2112  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:41:45.0312 2112  NwlnkFwd - ok
20:41:45.0625 2112  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
20:41:46.0015 2112  odserv - ok
20:41:46.0078 2112  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:41:46.0187 2112  ohci1394 - ok
20:41:46.0281 2112  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:41:46.0375 2112  ose - ok
20:41:46.0437 2112  [ 17BB6B38DE8C2BDA692CA1DB0CEA7325 ] PACSPTISVR      C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
20:41:46.0453 2112  PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
20:41:46.0453 2112  PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
20:41:46.0515 2112  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
20:41:46.0687 2112  Parport - ok
20:41:46.0703 2112  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:41:46.0828 2112  PartMgr - ok
20:41:46.0890 2112  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:41:47.0031 2112  ParVdm - ok
20:41:47.0062 2112  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:41:47.0218 2112  PCI - ok
20:41:47.0234 2112  PCIDump - ok
20:41:47.0250 2112  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:41:47.0359 2112  PCIIde - ok
20:41:47.0421 2112  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:41:47.0609 2112  Pcmcia - ok
20:41:47.0609 2112  PDCOMP - ok
20:41:47.0609 2112  PDFRAME - ok
20:41:47.0625 2112  PDRELI - ok
20:41:47.0625 2112  PDRFRAME - ok
20:41:47.0625 2112  perc2 - ok
20:41:47.0656 2112  perc2hib - ok
20:41:47.0750 2112  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
20:41:47.0781 2112  PlugPlay - ok
20:41:47.0796 2112  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:41:47.0890 2112  PolicyAgent - ok
20:41:47.0937 2112  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:41:48.0062 2112  PptpMiniport - ok
20:41:48.0078 2112  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:41:48.0187 2112  ProtectedStorage - ok
20:41:48.0265 2112  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:41:48.0390 2112  PSched - ok
20:41:48.0468 2112  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\WINDOWS\system32\DRIVERS\psi_mf.sys
20:41:48.0500 2112  PSI - ok
20:41:48.0515 2112  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:41:48.0625 2112  Ptilink - ok
20:41:48.0687 2112  [ 0C8DA0A8B0D227319C285E0EAE65DEFD ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:41:48.0734 2112  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
20:41:48.0734 2112  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
20:41:48.0734 2112  ql1080 - ok
20:41:48.0750 2112  Ql10wnt - ok
20:41:48.0750 2112  ql12160 - ok
20:41:48.0750 2112  ql1240 - ok
20:41:48.0765 2112  ql1280 - ok
20:41:48.0812 2112  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:41:48.0921 2112  RasAcd - ok
20:41:49.0015 2112  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:41:49.0187 2112  RasAuto - ok
20:41:49.0250 2112  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:41:49.0390 2112  Rasl2tp - ok
20:41:49.0531 2112  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:41:49.0656 2112  RasMan - ok
20:41:49.0687 2112  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:41:49.0828 2112  RasPppoe - ok
20:41:49.0843 2112  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:41:49.0984 2112  Raspti - ok
20:41:50.0093 2112  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:41:50.0296 2112  Rdbss - ok
20:41:50.0312 2112  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:41:50.0421 2112  RDPCDD - ok
20:41:50.0546 2112  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:41:50.0750 2112  rdpdr - ok
20:41:50.0859 2112  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:41:50.0921 2112  RDPWD - ok
20:41:51.0046 2112  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:41:51.0234 2112  RDSessMgr - ok
20:41:51.0312 2112  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:41:51.0453 2112  redbook - ok
20:41:51.0578 2112  [ 1B2857EF12D79A9F9ADBA14B0637CBF8 ] RegSrvc         C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
20:41:51.0578 2112  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
20:41:51.0578 2112  RegSrvc - detected UnsignedFile.Multi.Generic (1)
20:41:51.0640 2112  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:41:51.0796 2112  RemoteAccess - ok
20:41:51.0890 2112  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:41:52.0046 2112  RemoteRegistry - ok
20:41:52.0093 2112  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:41:52.0250 2112  RpcLocator - ok
20:41:52.0484 2112  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\System32\rpcss.dll
20:41:52.0687 2112  RpcSs - ok
20:41:52.0796 2112  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:41:53.0000 2112  RSVP - ok
20:41:53.0296 2112  [ 6C5155CC0E805C7BE6028BFF7AC14524 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
20:41:53.0437 2112  S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
20:41:53.0437 2112  S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
20:41:53.0468 2112  [ 1CC074E0D48383D4E9BFFC6A26C2A58A ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:41:53.0484 2112  s24trans ( UnsignedFile.Multi.Generic ) - warning
20:41:53.0484 2112  s24trans - detected UnsignedFile.Multi.Generic (1)
20:41:53.0515 2112  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:41:53.0609 2112  SamSs - ok
20:41:53.0671 2112  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
20:41:53.0687 2112  SASDIFSV - ok
20:41:53.0734 2112  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
20:41:53.0750 2112  SASKUTIL - ok
20:41:53.0812 2112  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:41:54.0000 2112  SCardSvr - ok
20:41:54.0125 2112  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:41:54.0265 2112  Schedule - ok
20:41:54.0312 2112  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:41:54.0375 2112  Secdrv - ok
20:41:54.0406 2112  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:41:54.0531 2112  seclogon - ok
20:41:54.0562 2112  Secunia PSI Agent - ok
20:41:54.0562 2112  Secunia Update Agent - ok
20:41:54.0609 2112  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
20:41:54.0718 2112  SENS - ok
20:41:54.0781 2112  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
20:41:54.0937 2112  Serial - ok
20:41:54.0984 2112  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:41:55.0093 2112  Sfloppy - ok
20:41:55.0281 2112  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:41:55.0593 2112  SharedAccess - ok
20:41:55.0671 2112  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:41:55.0687 2112  ShellHWDetection - ok
20:41:55.0781 2112  [ 716A724A447C559F122EA140D636FA48 ] SI3132          C:\WINDOWS\system32\DRIVERS\SI3132.sys
20:41:55.0875 2112  SI3132 - ok
20:41:55.0890 2112  [ 72CF151FB410E544904DBC7D7F29B796 ] SiFilter        C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
20:41:55.0906 2112  SiFilter - ok
20:41:55.0906 2112  Simbad - ok
20:41:55.0921 2112  [ 62FD549ACF2943F89612A8777295FA57 ] SiRemFil        C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
20:41:55.0937 2112  SiRemFil - ok
20:41:55.0984 2112  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:41:56.0093 2112  SLIP - ok
20:41:56.0156 2112  [ BE6038E0A7D2E2FE69107E41A0265831 ] SNC             C:\WINDOWS\system32\Drivers\SonyNC.sys
20:41:56.0187 2112  SNC - ok
20:41:56.0281 2112  [ C483FC0ADD8B074286600B9620EF2C16 ] SonyImgF        C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
20:41:56.0312 2112  SonyImgF ( UnsignedFile.Multi.Generic ) - warning
20:41:56.0312 2112  SonyImgF - detected UnsignedFile.Multi.Generic (1)
20:41:56.0312 2112  Sparrow - ok
20:41:56.0343 2112  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:41:56.0468 2112  splitter - ok
20:41:56.0546 2112  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:41:56.0609 2112  Spooler - ok
20:41:56.0687 2112  [ 3980B48DFF300A7E4139F5C64DA65F5C ] SPTISRV         C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
20:41:56.0765 2112  SPTISRV ( UnsignedFile.Multi.Generic ) - warning
20:41:56.0765 2112  SPTISRV - detected UnsignedFile.Multi.Generic (1)
20:41:56.0765 2112  SQLAgent$VAIO_VEDB - ok
20:41:56.0812 2112  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:41:56.0906 2112  sr - ok
20:41:57.0093 2112  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:41:57.0218 2112  srservice - ok
20:41:57.0437 2112  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:41:57.0750 2112  Srv - ok
20:41:57.0796 2112  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:41:57.0859 2112  SSDPSRV - ok
20:41:57.0906 2112  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:41:57.0921 2112  ssmdrv - ok
20:41:58.0000 2112  [ 3DBADE5B4AA47C245A69E99D72B8E73B ] SSScsiSV        C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
20:41:58.0093 2112  SSScsiSV ( UnsignedFile.Multi.Generic ) - warning
20:41:58.0093 2112  SSScsiSV - detected UnsignedFile.Multi.Generic (1)
20:41:58.0765 2112  [ 784B73BD9D1C0FBA6CA96E8976F4B0E6 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
20:41:59.0328 2112  STHDA - ok
20:41:59.0546 2112  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:41:59.0875 2112  stisvc - ok
20:41:59.0906 2112  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:42:00.0046 2112  streamip - ok
20:42:00.0078 2112  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:42:00.0187 2112  swenum - ok
20:42:00.0250 2112  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:42:00.0390 2112  swmidi - ok
20:42:00.0406 2112  SwPrv - ok
20:42:00.0406 2112  symc810 - ok
20:42:00.0406 2112  symc8xx - ok
20:42:00.0421 2112  sym_hi - ok
20:42:00.0421 2112  sym_u3 - ok
20:42:00.0484 2112  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:42:00.0609 2112  sysaudio - ok
20:42:00.0703 2112  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:42:00.0859 2112  SysmonLog - ok
20:42:01.0015 2112  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:42:01.0171 2112  TapiSrv - ok
20:42:01.0390 2112  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:42:01.0625 2112  Tcpip - ok
20:42:01.0671 2112  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:42:01.0796 2112  TDPIPE - ok
20:42:01.0828 2112  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:42:01.0984 2112  TDTCP - ok
20:42:02.0031 2112  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:42:02.0171 2112  TermDD - ok
20:42:02.0343 2112  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
20:42:02.0515 2112  TermService - ok
20:42:02.0593 2112  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:42:02.0609 2112  Themes - ok
20:42:02.0781 2112  [ 26587CE8E6C6F16B8B4E7E2C16FA00BF ] ti21sony        C:\WINDOWS\system32\drivers\ti21sony.sys
20:42:02.0843 2112  ti21sony - ok
20:42:02.0921 2112  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
20:42:03.0046 2112  TlntSvr - ok
20:42:03.0109 2112  [ E362D54FD394999C4178936396664E57 ] toshidpt        C:\WINDOWS\system32\drivers\Toshidpt.sys
20:42:03.0125 2112  toshidpt ( UnsignedFile.Multi.Generic ) - warning
20:42:03.0125 2112  toshidpt - detected UnsignedFile.Multi.Generic (1)
20:42:03.0140 2112  TosIde - ok
20:42:03.0187 2112  [ D626E0AF9232D8799D3A449530F3C220 ] tosporte        C:\WINDOWS\system32\DRIVERS\tosporte.sys
20:42:03.0203 2112  tosporte ( UnsignedFile.Multi.Generic ) - warning
20:42:03.0203 2112  tosporte - detected UnsignedFile.Multi.Generic (1)
20:42:03.0296 2112  [ 0EC5206059D97A8DC785BE73FB457EC7 ] Tosrfbd         C:\WINDOWS\system32\Drivers\tosrfbd.sys
20:42:03.0359 2112  Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
20:42:03.0359 2112  Tosrfbd - detected UnsignedFile.Multi.Generic (1)
20:42:03.0406 2112  [ 33498B8F0B2CA549C2B7FFC1B3C0F1BC ] Tosrfbnp        C:\WINDOWS\system32\Drivers\tosrfbnp.sys
20:42:03.0437 2112  Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
20:42:03.0437 2112  Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
20:42:03.0484 2112  [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom        C:\WINDOWS\system32\Drivers\tosrfcom.sys
20:42:03.0546 2112  Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
20:42:03.0546 2112  Tosrfcom - detected UnsignedFile.Multi.Generic (1)
20:42:03.0593 2112  [ 5DBF390AAB62DD0D4D43A9278614E001 ] Tosrfhid        C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
20:42:03.0640 2112  Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
20:42:03.0640 2112  Tosrfhid - detected UnsignedFile.Multi.Generic (1)
20:42:03.0656 2112  [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds        C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
20:42:03.0687 2112  tosrfnds ( UnsignedFile.Multi.Generic ) - warning
20:42:03.0687 2112  tosrfnds - detected UnsignedFile.Multi.Generic (1)
20:42:03.0734 2112  [ 0D86D15CAFF2B3203C785D604EC7C942 ] TosRfSnd        C:\WINDOWS\system32\drivers\TosRfSnd.sys
20:42:03.0765 2112  TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
20:42:03.0765 2112  TosRfSnd - detected UnsignedFile.Multi.Generic (1)
20:42:03.0796 2112  [ C582B7716F0BE7E65505365F4F941587 ] Tosrfusb        C:\WINDOWS\system32\Drivers\tosrfusb.sys
20:42:03.0843 2112  Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
20:42:03.0843 2112  Tosrfusb - detected UnsignedFile.Multi.Generic (1)
20:42:03.0906 2112  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:42:04.0046 2112  TrkWks - ok
20:42:04.0109 2112  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:42:04.0234 2112  Udfs - ok
20:42:04.0421 2112  [ 30B78A6296127B7A793CF42CA61B29B0 ] UI Assistant Service C:\Programme\Join Air\AssistantServices.exe
20:42:04.0437 2112  UI Assistant Service - ok
20:42:04.0437 2112  ultra - ok
20:42:04.0687 2112  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:42:05.0187 2112  Update - ok
20:42:05.0296 2112  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:42:05.0484 2112  upnphost - ok
20:42:05.0515 2112  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
20:42:05.0656 2112  UPS - ok
20:42:05.0703 2112  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:42:05.0828 2112  usbccgp - ok
20:42:05.0859 2112  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:42:06.0046 2112  usbehci - ok
20:42:06.0156 2112  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:42:06.0296 2112  usbhub - ok
20:42:06.0359 2112  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:42:06.0468 2112  usbscan - ok
20:42:06.0515 2112  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:42:06.0625 2112  USBSTOR - ok
20:42:06.0656 2112  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:42:06.0765 2112  usbuhci - ok
20:42:06.0937 2112  [ C7F4158EA3915F4194AEE233FF8D4728 ] usbvm321        C:\WINDOWS\system32\Drivers\usbvm321.sys
20:42:06.0984 2112  usbvm321 - ok
20:42:07.0109 2112  [ FB1A8F8CBD361FC1F0D144D5018C97F3 ] VAIO Entertainment TV Device Arbitration Service C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
20:42:07.0203 2112  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
20:42:07.0203 2112  VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
20:42:07.0343 2112  [ 1D5425783D92F34C63075FA0C4E2C3D5 ] VAIO Event Service C:\Programme\Sony\VAIO Event Service\VESMgr.exe
20:42:07.0359 2112  VAIO Event Service ( UnsignedFile.Multi.Generic ) - warning
20:42:07.0359 2112  VAIO Event Service - detected UnsignedFile.Multi.Generic (1)
20:42:08.0500 2112  [ 3F8C67061B6C0795068BB2BB252FA374 ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
20:42:10.0453 2112  VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
20:42:10.0453 2112  VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1)
20:42:10.0546 2112  [ DED309AF31CB6EBE06D72CC1A10D5566 ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
20:42:10.0593 2112  VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning
20:42:10.0593 2112  VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1)
20:42:11.0015 2112  [ A530CD1825C86E4EF32518B5E192BF09 ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
20:42:11.0734 2112  VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
20:42:11.0734 2112  VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1)
20:42:11.0843 2112  [ 6A2E7F4A28F410FDF975F21B6880FC65 ] VAIOMediaPlatform-Mobile-Gateway C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
20:42:11.0921 2112  VAIOMediaPlatform-Mobile-Gateway ( UnsignedFile.Multi.Generic ) - warning
20:42:11.0921 2112  VAIOMediaPlatform-Mobile-Gateway - detected UnsignedFile.Multi.Generic (1)
20:42:11.0937 2112  Vcsw - ok
20:42:12.0000 2112  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:42:12.0109 2112  VgaSave - ok
20:42:12.0109 2112  ViaIde - ok
20:42:12.0218 2112  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:42:12.0343 2112  VolSnap - ok
20:42:12.0515 2112  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
20:42:12.0750 2112  VSS - ok
20:42:13.0281 2112  [ BDB755F9B3E01BF33993C10C007202DF ] VUAgent         C:\Programme\Sony\VAIO Update Common\VUAgent.exe
20:42:13.0781 2112  VUAgent - ok
20:42:13.0953 2112  [ 0BD64CCEA7B4BF25CA2FB9BF1444DFD9 ] VzCdbSvc        C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
20:42:14.0000 2112  VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
20:42:14.0000 2112  VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
20:42:14.0078 2112  [ E81E8C7DC7EBC6CEDE156EAAD5EF9C8E ] VzFw            C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
20:42:14.0093 2112  VzFw ( UnsignedFile.Multi.Generic ) - warning
20:42:14.0093 2112  VzFw - detected UnsignedFile.Multi.Generic (1)
20:42:14.0234 2112  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
20:42:14.0343 2112  W32Time - ok
20:42:15.0109 2112  [ B1F126E7E28877106D60E6FF3998D033 ] w39n51          C:\WINDOWS\system32\DRIVERS\w39n51.sys
20:42:16.0375 2112  w39n51 - ok
20:42:16.0421 2112  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:42:16.0531 2112  Wanarp - ok
20:42:16.0578 2112  [ 2E8BA025D65DD49D15EA66973E2A15DF ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
20:42:16.0687 2112  wceusbsh - ok
20:42:16.0687 2112  WDICA - ok
20:42:16.0765 2112  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:42:16.0906 2112  wdmaud - ok
20:42:16.0968 2112  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:42:17.0187 2112  WebClient - ok
20:42:17.0562 2112  [ C1D5CBD8AA0D674DA1BA1BB189696396 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:42:18.0234 2112  winachsf - ok
20:42:18.0437 2112  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:42:18.0546 2112  winmgmt - ok
20:42:18.0609 2112  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:42:18.0718 2112  WmdmPmSN - ok
20:42:19.0093 2112  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
20:42:19.0578 2112  Wmi - ok
20:42:19.0687 2112  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:42:19.0796 2112  WmiApSrv - ok
20:42:19.0859 2112  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:42:19.0890 2112  WpdUsb - ok
20:42:19.0968 2112  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:42:20.0078 2112  WS2IFSL - ok
20:42:20.0140 2112  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:42:20.0265 2112  wscsvc - ok
20:42:20.0312 2112  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:42:20.0437 2112  WSTCODEC - ok
20:42:20.0468 2112  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:42:20.0593 2112  wuauserv - ok
20:42:20.0687 2112  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:42:20.0781 2112  WudfPf - ok
20:42:20.0828 2112  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:42:20.0906 2112  WudfRd - ok
20:42:20.0953 2112  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:42:21.0000 2112  WudfSvc - ok
20:42:21.0296 2112  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:42:21.0687 2112  WZCSVC - ok
20:42:21.0796 2112  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:42:22.0031 2112  xmlprov - ok
20:42:22.0109 2112  [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbmdm6k     C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
20:42:22.0562 2112  ZTEusbmdm6k - ok
20:42:22.0640 2112  [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbnmea      C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
20:42:22.0703 2112  ZTEusbnmea - ok
20:42:22.0781 2112  [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbser6k     C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
20:42:22.0859 2112  ZTEusbser6k - ok
20:42:22.0859 2112  ================ Scan global ===============================
20:42:22.0921 2112  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
20:42:23.0093 2112  [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
20:42:23.0281 2112  [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
20:42:23.0359 2112  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
20:42:23.0359 2112  [Global] - ok
20:42:23.0359 2112  ================ Scan MBR ==================================
20:42:23.0406 2112  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:42:24.0265 2112  \Device\Harddisk0\DR0 - ok
20:42:24.0265 2112  ================ Scan VBR ==================================
20:42:24.0281 2112  [ F2F83307A8DE19A6A9E6363A031BA125 ] \Device\Harddisk0\DR0\Partition1
20:42:24.0281 2112  \Device\Harddisk0\DR0\Partition1 - ok
20:42:24.0281 2112  [ 86A1223EBBA6E2776494E3FBB3C43BF0 ] \Device\Harddisk0\DR0\Partition2
20:42:24.0296 2112  \Device\Harddisk0\DR0\Partition2 - ok
20:42:24.0296 2112  ============================================================
20:42:24.0296 2112  Scan finished
20:42:24.0296 2112  ============================================================
20:42:24.0406 3164  Detected object count: 35
20:42:24.0406 3164  Actual detected object count: 35
20:46:41.0859 3164  !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0859 3164  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0859 3164  AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0859 3164  AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0859 3164  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0859 3164  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0859 3164  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0859 3164  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0859 3164  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0859 3164  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0859 3164  Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0859 3164  Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0859 3164  MHN ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0859 3164  MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0859 3164  MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0859 3164  MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0859 3164  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0859 3164  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0875 3164  MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0875 3164  MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0875 3164  PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0875 3164  PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0875 3164  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0875 3164  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0875 3164  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0875 3164  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0875 3164  S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0875 3164  S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0875 3164  s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0875 3164  s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0875 3164  SonyImgF ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0875 3164  SonyImgF ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0875 3164  SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0875 3164  SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0875 3164  SSScsiSV ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0875 3164  SSScsiSV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0875 3164  toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0875 3164  toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0890 3164  tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0890 3164  tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0890 3164  Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0890 3164  Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0890 3164  Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0890 3164  Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0890 3164  Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0890 3164  Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0890 3164  Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0890 3164  Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0890 3164  tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0890 3164  tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0890 3164  TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0890 3164  TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0890 3164  Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0890 3164  Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0890 3164  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0890 3164  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0890 3164  VAIO Event Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0890 3164  VAIO Event Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0890 3164  VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0890 3164  VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0906 3164  VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0906 3164  VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0906 3164  VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0906 3164  VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0906 3164  VAIOMediaPlatform-Mobile-Gateway ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0906 3164  VAIOMediaPlatform-Mobile-Gateway ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0906 3164  VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0906 3164  VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:41.0906 3164  VzFw ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:41.0906 3164  VzFw ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 14.05.2013, 10:25

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Johanna20 · 14.05.2013, 19:48

Hallo Cosinus,

habe die weiteren Schritte durchgeführt,
anbei die Logs:

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by xxx on 14.05.2013 at 19:35:29,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.05.2013 at 19:37:35,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.300 - Datei am 14/05/2013 um 19:40:26 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : xxx - VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\xxx\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Programme\Gemeinsame Dateien\DVDVideoSoft\TB

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\Description
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S3].txt - [995 octets] - [14/05/2013 19:40:26]

########## EOF - C:\AdwCleaner[S3].txt - [1054 octets] ##########

OTL:

Code:

ATTFilter

OTL logfile created on: 14.05.2013 19:54:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,78% Memory free
3,85 Gb Paging File | 3,45 Gb Available in Paging File | 89,73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,51 Gb Total Space | 50,92 Gb Free Space | 68,34% Space Free | Partition Type: NTFS
Drive D: | 66,61 Gb Total Space | 24,50 Gb Free Space | 36,77% Space Free | Partition Type: NTFS
 
Computer Name: VAIO | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
PRC - C:\Programme\Join Air\UIExec.exe ()
PRC - C:\Programme\Join Air\AssistantServices.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Programme\Join Air\UIExec.exe ()
MOD - C:\Programme\Join Air\AssistantServices.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (UI Assistant Service) -- C:\Programme\Join Air\AssistantServices.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\xxx~1\LOKALE~1\Temp\catchme.sys File not found
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 88 91 E0 B6 4D CE 01  [binary data]
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-733493074-855486701-2436803248-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
 
 
O1 HOSTS File: ([2013.03.12 21:07:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Sony Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PrepareYourVAIO] C:\Programme\Sony\Prepare your VAIO\PYVAlert.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Programme\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Programme\Sony\VAIO Information FLOW\aiesc.html ()
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-733493074-855486701-2436803248-1006\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340059977391 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340059965048 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.07.27 11:07:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.14 19:34:48 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.14 19:30:58 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\xxx\Desktop\JRT.exe
[2013.05.13 20:36:56 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\xxx\Desktop\tdsskiller.exe
[2013.05.13 19:13:06 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\xxx\Desktop\aswMBR.exe
[2013.05.11 11:18:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Desktop\mbar-1.05.0.1001
[2013.05.10 21:06:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.05.10 21:06:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.05.10 21:06:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.05.10 21:06:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.05.10 21:05:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.10 21:02:37 | 005,068,844 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\xxx\Desktop\ComboFix.exe
[2013.05.10 18:57:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.14 19:45:51 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.05.14 19:43:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.14 19:43:40 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.14 19:32:05 | 000,628,743 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\adwcleaner.exe
[2013.05.14 19:31:00 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\xxx\Desktop\JRT.exe
[2013.05.13 20:37:08 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\xxx\Desktop\tdsskiller.exe
[2013.05.13 20:01:03 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\MBR.dat
[2013.05.13 19:13:06 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\xxx\Desktop\aswMBR.exe
[2013.05.11 11:15:20 | 012,917,756 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\mbar-1.05.0.1001.zip
[2013.05.11 00:46:17 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\gmer_2.1.19163.exe
[2013.05.10 21:02:37 | 005,068,844 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\xxx\Desktop\ComboFix.exe
[2013.05.10 18:57:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2013.05.09 00:43:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
 
========== Files Created - No Company Name ==========
 
[2013.05.14 19:32:03 | 000,628,743 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\adwcleaner.exe
[2013.05.13 20:01:03 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\MBR.dat
[2013.05.11 11:15:15 | 012,917,756 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\mbar-1.05.0.1001.zip
[2013.05.11 00:46:15 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\gmer_2.1.19163.exe
[2013.05.10 21:06:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.05.10 21:06:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.05.10 21:06:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.05.10 21:06:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.05.10 21:06:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.06 20:22:05 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2012.08.23 16:59:44 | 000,283,228 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\census.cache
[2012.08.23 16:59:29 | 000,197,503 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\ars.cache
[2012.08.23 15:25:33 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2012.05.29 15:17:11 | 000,006,656 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.26 00:48:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2012.05.25 08:28:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.05.24 18:15:15 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.05.24 18:07:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.05.24 18:04:55 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2012.05.24 17:58:53 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.07.27 11:03:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

OTL-Extras:

Code:

ATTFilter

OTL Extras logfile created on: 14.05.2013 19:54:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,78% Memory free
3,85 Gb Paging File | 3,45 Gb Available in Paging File | 89,73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,51 Gb Total Space | 50,92 Gb Free Space | 68,34% Space Free | Partition Type: NTFS
Drive D: | 66,61 Gb Total Space | 24,50 Gb Free Space | 36,77% Space Free | Partition Type: NTFS
 
Computer Name: VAIO | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\ICQ7M\ICQ.exe" = C:\Programme\ICQ7M\ICQ.exe:*:Enabled:ICQ7M -- (ICQ, LLC.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\ICQ7M\ICQ.exe" = C:\Programme\ICQ7M\ICQ.exe:*:Enabled:ICQ7M -- (ICQ, LLC.)
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24960AC2-C413-4A86-B1C1-E4CCADCA44D3}" = VAIO Information FLOW
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.30
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.17.903
"ie8" = Windows Internet Explorer 8
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"Picasa 3" = Picasa 3
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Skype_is1" = Skype 2.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.05.2013 06:26:20 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 03.05.2013 19:37:49 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 05.05.2013 15:35:07 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 08.05.2013 18:59:39 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 09.05.2013 06:42:06 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 10.05.2013 15:37:01 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 13.05.2013 12:48:30 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 13.05.2013 14:11:08 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 13.05.2013 15:34:34 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 14.05.2013 13:14:13 | Computer Name = VAIO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
[ System Events ]
Error - 13.05.2013 14:11:15 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 13.05.2013 14:11:54 | Computer Name = VAIO | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst
 auf Anwendungsebene.
 
Error - 13.05.2013 14:11:54 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 13.05.2013 14:11:56 | Computer Name = VAIO | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst NVSvc.
 
Error - 13.05.2013 15:34:34 | Computer Name = VAIO | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 13.05.2013 15:34:34 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 14.05.2013 13:14:14 | Computer Name = VAIO | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 14.05.2013 13:14:14 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 14.05.2013 13:14:14 | Computer Name = VAIO | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst NVSvc.
 
Error - 14.05.2013 13:14:44 | Computer Name = VAIO | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst NVSvc.
 
 
< End of report >

cosinus · 15.05.2013, 10:18

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Johanna20 · 15.05.2013, 22:57

.......toll, das freut mich; dank deiner Hilfe!

Hier die weiteren Logs:

Malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.15.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
xxx :: VAIO [Administrator]

15.05.2013 11:46:29
mbam-log-2013-05-15 (11-46-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 403101
Laufzeit: 3 Stunde(n), 47 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6b3bfd013c4b7146b1936cadfe7503e6
# engine=13505
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-28 07:28:53
# local_time=2013-03-28 08:28:53 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 97 16630 229922223 9250 0
# scanned=82453
# found=0
# cleaned=0
# scan_time=12120
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6b3bfd013c4b7146b1936cadfe7503e6
# engine=13835
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-15 05:45:11
# local_time=2013-05-15 07:45:11 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 97 14186 234063201 6739 0
# scanned=100202
# found=0
# cleaned=0
# scan_time=12666

12.05.2013, 20:50	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Avira-Echtzeitscanner findet Maleware Bitte die Anleitungen sorgfältiger lesen und umsetzen, du hast das falsche Log von MBAR gepostet __________________ Logfiles bitte immer in CODE-Tags posten

Avira-Echtzeitscanner findet Maleware

Plagegeister aller Art und deren Bekämpfung: Avira-Echtzeitscanner findet Maleware