Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Recovery Trojaner eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 08.05.2011, 01:02   #1
Dresad
 
Windows Recovery Trojaner eingefangen - Standard

Windows Recovery Trojaner eingefangen



Hallo liebes Board,

auch ich habe mir diesen dämlichen Windows Recovery Trojaner eingefangen und versucht ihn anhand dieser Anleitung zu entfernen

http://www.trojaner-board.de/96741-w...entfernen.html

d.h. ich habe:

1. rkill.exe durchgeführt (mehrmals) und die betreffenden prozesse erfolgreich "killen" können

2. malwarebytes scan (vollständig und quick variante) durchgeführt und die entsprechenden funde inkl. neustart entfernt

3. superanti-spyware komplett-scan durchlaufen lassen, die funde ebenfalls entfernt

4. desktop-objekte mit unhide.exe wieder sichtbar gemacht

5. antivir seine funde hinsichtlich des trojaners in quarantäne verschieben lassen

6. CCleaner durchlaufen lassen und alle Funde/Probleme beheben lassen

7. TDSSKiller (mehrmals) durchlaufen lassen, KEINE funde

8. in der Registry die Einträge von Windows Recovery entfernt

9. im Explorer kann ich jedoch immer noch nicht auf bestimmte Ordner zugreife, der Zugriff wird mir verweigert. Zudem laufen in meinem Taskmanager 2 Prozesse die ich nicht beenden kann "atieclxx.exe" und "csrss.exe".

10. Im Endeffekt gehe ich stark davon aus, dass mein System noch nicht sauber ist, daher habe ich auch den OTL-Scan zum Schluss gemacht

Im Folgenden eine Auflistung aller Logs der entsprechenden Programme:



Anti-Malware (4 Logs):

Nummer 1:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.05.2011 23:12:24
mbam-log-2011-05-07 (23-12-24).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 156265
Laufzeit: 1 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\Users\Es4d\AppData\Local\mlsuisj.dll (Trojan.Agent.U) -> Delete on reboot.
c:\Users\Es4d\AppData\Local\afelikuf.dll (Trojan.Agent.U) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mkocagifobawut (Trojan.Agent.U) -> Value: Mkocagifobawut -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yxiwoves (Trojan.Agent.U) -> Value: Yxiwoves -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Es4d\AppData\Local\Temp\AA4E.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\setup2587394688.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Es4d\downloads\titanpsetup_87e42b_de.exe (Adware.Casino) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\0.5166770300197895.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\mlsuisj.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\afelikuf.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.

Nummer 2

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.05.2011 23:30:25
mbam-log-2011-05-07 (23-30-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 330744
Laufzeit: 17 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\Users\Es4d\AppData\Local\mlsuisj.dll (Trojan.Agent.U) -> Delete on reboot.
c:\Users\Es4d\AppData\Local\afelikuf.dll (Trojan.Agent.U) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mkocagifobawut (Trojan.Agent.U) -> Value: Mkocagifobawut -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yxiwoves (Trojan.Agent.U) -> Value: Yxiwoves -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\downloads\APPZ\uiso9.3.6.2750\ezb.systems.ultraiso.premium.edition.v9.3.6.2750.multilingual.retail.incl.keymaker-zwt\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\mlsuisj.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\afelikuf.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.

Nummer 3

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6528

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.05.2011 23:44:43
mbam-log-2011-05-07 (23-44-43).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158596
Laufzeit: 1 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 18

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NuHveRXdmtu (Trojan.FakeAlert) -> Value: NuHveRXdmtu -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Es4d\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\nuhverxdmtu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3912048620-2732627897-2905044460-1003\$R6W4333.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\E895.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\setup1117902016.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\setup1214662132.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\setup1406622808.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\setup143053048.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\setup1807411292.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\setup1904171408.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\setup2445469868.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\setup2693197124.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\setup2762853728.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\setup3665289768.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\setup4166937324.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Local\Temp\tmp2F92.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Es4d\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

Nummer 4

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6528

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.05.2011 01:13:14
mbam-log-2011-05-08 (01-13-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 156147
Laufzeit: 1 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



ANTIVIR-FUNDE

Nummer 1


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\ProgramData\44359416.exe'
C:\ProgramData\44359416.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '497e107c.qua' verschoben!


Nummer 2

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\ProgramData\44359416.exe'
C:\ProgramData\44359416.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2

Beginne mit der Desinfektion:
C:\ProgramData\44359416.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '493e16fe.qua' verschoben!


Nummer 3


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Es4d\foaico.exe'
C:\Users\Es4d\foaico.exe
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
[HINWEIS] Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\foaico> wurde erfolgreich entfernt.
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b1e1c69.qua' verschoben!


Nummer 4

C:\Users\Es4d\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\3186ddbf-4b8ae476
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48cd63a9.qua' verschoben!
C:\Users\Es4d\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\1f62c23a-2ecc5018
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.EH
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '505c4c3b.qua' verschoben!
C:\Users\Es4d\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-559a7c9b
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3

Bei Scan Nummer 5 gab es keine Funde mehr


SUPERANTISPYWARE LOG

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/08/2011 at 01:01 AM

Application Version : 4.52.1000

Core Rules Database Version : 7011
Trace Rules Database Version: 4823

Scan type : Complete Scan
Total Scan Time : 00:26:01

Memory items scanned : 661
Memory threats detected : 0
Registry items scanned : 15022
Registry threats detected : 1
File items scanned : 38606
File threats detected : 17

Adware.Tracking Cookie
C:\Users\Es4d\AppData\Roaming\Microsoft\Windows\Cookies\es4d@atdmt[3].txt
.partyaccount.com [ C:\Users\Es4d\AppData\Roaming\Mozilla-Cache\Party\PartyPoker\cookies.txt ]
.partyaccount.com [ C:\Users\Es4d\AppData\Roaming\Mozilla-Cache\Party\PartyPoker\cookies.txt ]
.partyaccount.com [ C:\Users\Es4d\AppData\Roaming\Mozilla-Cache\Party\PartyPoker\cookies.txt ]
.partyaccount.com [ C:\Users\Es4d\AppData\Roaming\Mozilla-Cache\Party\PartyPoker\cookies.txt ]
.partyaccount.com [ C:\Users\Es4d\AppData\Roaming\Mozilla-Cache\Party\PartyPoker\cookies.txt ]
secure.partyaccount.com [ C:\Users\Es4d\AppData\Roaming\Mozilla-Cache\Party\PartyPoker\cookies.txt ]
.zedo.com [ C:\Users\Es4d\AppData\Roaming\Mozilla-Cache\Party\PartyPoker\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Es4d\AppData\Roaming\Mozilla-Cache\Party\PartyPoker\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Es4d\AppData\Roaming\Mozilla-Cache\Party\PartyPoker\cookies.txt ]
earlyexperience.partyaccount.com [ C:\Users\Es4d\AppData\Roaming\Mozilla-Cache\Party\PartyPoker\cookies.txt ]
earlyexperience.partyaccount.com [ C:\Users\Es4d\AppData\Roaming\Mozilla-Cache\Party\PartyPoker\cookies.txt ]

Adware.PTech
(x86) HKU\S-1-5-21-3912048620-2732627897-2905044460-1003\Software\PTech

Trojan.Agent/Gen-IExplorer[Fake]
C:\USERS\ES4D\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
C:\USERS\ES4D\APPDATA\LOCAL\TEMP\RARSFX1\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-PEC
C:\USERS\ES4D\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\EXPLORER.EXE
C:\USERS\ES4D\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\EXPLORER.EXE

Trojan.Agent/CDesc[Generic]
C:\USERS\ES4D\DOWNLOADS\ANM24I\ANTWAIN.DLL


OTL-LOGS

Extras.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.05.2011 01:24:17 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Es4d\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 109,58 Gb Total Space | 18,79 Gb Free Space | 17,15% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Es4d | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8AA7EE74-114A-FFFF-B1D2-AED4707763C9}" = ccc-utility64
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A4BC24CB-F8C7-27FB-41D5-47A405031A41}" = ATI Catalyst Install Manager
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DAD20769-75D8-4C1D-80E3-D545563FE9EF}_is1" = QTTabBar 1.5.0.0 Alpha 4
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0271C003-CED0-2354-818F-A872734088B1}" = CCC Help Dutch
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E40FED6-E0D6-0AA2-BA08-75B6C1E2D02F}" = CCC Help Swedish
"{1FE69600-3A33-FFFF-C488-F3E40DBC2F68}" = CCC Help Czech
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 20
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BE51320-174A-44EC-8041-50E35E091283}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FC5CB84-9110-DE89-379B-34E87AB8BDC1}" = CCC Help Italian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3662480D-028D-BE4E-DEC1-775818519CC2}" = CCC Help Norwegian
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B1168DE-1F8C-471C-AC49-0CA52F096170}" = VAIO Content Metadata Intelligent Network Service Manager
"{3BA4FBA3-35EE-3E3B-62D8-606AF0722950}" = ccc-core-static
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{48E29469-216B-1AE3-B156-A2DAA48E709E}" = Catalyst Control Center InstallProxy
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D029068-CE21-848B-5654-1409E47507BB}" = CCC Help Chinese Traditional
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4E7FD54B-D551-70C1-CEE7-88FD59BE8063}" = CCC Help English
"{51BEF30C-58E4-490F-BA40-A2F12AB8B5F9}" = VAIO Content Metadata Manager Settings
"{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}" = MusicStation
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52AF7D37-EECF-535F-5226-E0DD16543CD1}" = CCC Help Thai
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54108D57-A606-774B-BA31-6C9363B0B33A}" = Catalyst Control Center Graphics Light
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{575E77D1-29E9-28EC-7D28-F5ABAB72C270}" = Catalyst Control Center Graphics Full Existing
"{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F2D882B-A663-4EB5-9851-48CC6C75FD2D}" = VAIO Content Metadata Intelligent Network Service Manager
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6529B443-1BD5-D7D3-7DAF-D6AD2C98C38A}" = CCC Help Finnish
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7010F660-F97B-4565-9BA2-F985FFFB42B1}" = VAIO Mode Switch
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73330752-80F1-65AE-721D-8AA10AEFF99B}" = CCC Help Turkish
"{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A512C74-7780-43A1-93DA-29C23D0DF374}" = VAIO Content Metadata XML Interface Library
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Funktion Einstellungen
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E1D9B1F-A5AE-737C-E0BC-96C42D19E2CC}" = CCC Help Russian
"{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{876172CF-1095-181F-B037-6A713235417F}" = Catalyst Control Center Graphics Previews Vista
"{8AFAF619-1FD7-71BD-26F1-8EED9C1C8A8D}" = Catalyst Control Center Graphics Previews Common
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE47674-9AD3-B099-C6E4-7FB9F0D14D38}" = CCC Help Spanish
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{9B00435C-61FA-BB7F-4B7A-98FCC4881C3F}" = CCC Help French
"{9D179733-28AD-DF80-B74A-5A0F9FD4E332}" = CCC Help Japanese
"{9D912275-85FD-45F6-9AF3-388A0F8AADB2}" = VAIO Content Metadata Intelligent Network Service Manager
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A1432157-D6B5-BD3C-42C8-E54BEED3EB0E}" = CCC Help Korean
"{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AB30697D-E02D-2FD7-2EF4-E60887B4B22E}" = CCC Help Chinese Standard
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{ACE78B09-BD0C-E6A4-1250-2482B5A126B8}" = Catalyst Control Center Graphics Full New
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2A7278B-6D98-8640-760B-3D34485D1AD6}" = CCC Help Portuguese
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBA68DFD-AA0F-2CD0-932A-17442B41A350}" = CCC Help Danish
"{BBB3F622-D848-4CDA-B282-CC53627432F0}" = Microsoft Application Compatibility Toolkit 5.5
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E23CBEC5-533E-054A-4109-95751B7C3A81}" = CCC Help German
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{F0A034FE-0951-EF71-145E-F0DF36F5A203}" = Catalyst Control Center Core Implementation
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F0F05BDF-4AE4-096C-C8E9-4B4DAD2DE13D}" = CCC Help Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C91479-BDAC-4B42-0B7B-54D37EB63A12}" = CCC Help Hungarian
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F52EE3CE-A6B2-63E2-9445-EC92EEC1FB90}" = Catalyst Control Center Localization All
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FBBF5D9C-1989-4933-AE4E-19EE368385B4}" = VAIO Entertainment Platform
"{FC55ADF1-53B6-269F-92F7-413AB697EE48}" = CCC Help Greek
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Acropolis Deluxe" = Acropolis Deluxe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Babel Deluxe" = Babel Deluxe
"Bookworm Deluxe" = Bookworm Deluxe
"Cake Mania" = Cake Mania (remove only)
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"eToro" = eToro
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Gehirnjogging 4" = Gehirnjogging 4
"GTA2" = GTA2
"JDownloader" = JDownloader
"Kalima Deluxe" = Kalima Deluxe
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"Luxor Amun Rising Deluxe" = Luxor Amun Rising Deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = VAIO Marketing Tools
"MFU Module" = 
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"OpenAL" = OpenAL
"Planescape - Torment" = Planescape - Torment
"PowerISO" = PowerISO
"Puzzle Quest_is1" = Puzzle Quest
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.2.9
"Text Express Deluxe" = Text Express Deluxe
"TVUPlayer" = TVUPlayer 2.5.3.1
"UltraISO_is1" = UltraISO Premium V9.36
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"VAIO SR screensaver" = VAIO SR screensaver
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Word Mojo Deluxe" = Word Mojo Deluxe
"ZoneAlarm" = ZoneAlarm
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


OTL.TxtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.05.2011 01:24:17 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Es4d\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 109,58 Gb Total Space | 18,79 Gb Free Space | 17,15% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Es4d | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Es4d\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Es4d\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV:64bit: - (yksvc) -- C:\Windows\SysNative\yk62x64.dll (Marvell)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (shpf) -- C:\Windows\SysNative\drivers\shpf.sys (Sony Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.4
FF - prefs.js..extensions.enabledItems: chineseperakun@gmail.com:2.1
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3
FF - prefs.js..extensions.enabledItems: ppkun-hande@gmail.com:1.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.5
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {5C655500-E712-41e7-9349-CE462F844B19}:0.8.1
FF - prefs.js..extensions.enabledItems: firefox-extension@shareaholic.com:2.2.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {198B6134-00EA-407D-9E35-2A3A467A54FE}:1.9.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.04 03:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.04 03:43:43 | 000,000,000 | ---D | M]
 
[2010.05.04 18:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Es4d\AppData\Roaming\mozilla\Extensions
[2011.05.07 22:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions
[2011.04.04 13:53:10 | 000,000,000 | ---D | M] (RSS Ticker) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
[2011.02.20 21:57:45 | 000,000,000 | ---D | M] (Quick Translator) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\{5C655500-E712-41e7-9349-CE462F844B19}
[2010.06.08 22:41:55 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010.08.10 15:28:11 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2010.09.11 12:41:54 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.11 11:45:53 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011.01.05 15:12:15 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.08.10 15:28:11 | 000,000,000 | ---D | M] (Perapera-kun: Popup Japanese, Chinese, and Korean Translator) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\chineseperakun@gmail.com
[2011.02.23 21:47:47 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\firebug@software.joehewitt.com
[2010.11.29 22:19:36 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\firefox@tvunetworks.com
[2011.02.20 22:02:01 | 000,000,000 | ---D | M] (Shareaholic) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\firefox-extension@shareaholic.com
[2010.08.15 15:56:16 | 000,000,000 | ---D | M] (Chinese-German Dictionary for Perapera-kun) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\ppkun-hande@gmail.com
[2010.06.14 21:34:45 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\smarterwiki@wikiatic.com
[2010.09.11 15:53:18 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\vshare@toolbar
[2011.02.20 22:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\firefox-extension@shareaholic.com\chrome
[2011.02.20 22:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Es4d\AppData\Roaming\mozilla\Firefox\Profiles\4rgz3pyc.default\extensions\firefox-extension@shareaholic.com\defaults
[2010.05.05 20:28:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.05 20:28:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.05.07 22:46:18 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ES4D\APPDATA\LOCAL\{198B6134-00EA-407D-9E35-2A3A467A54FE}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2006.03.22 04:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011.01.04 03:43:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.01.04 03:43:42 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.01.04 03:43:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.01.04 03:43:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.01.04 03:43:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.16 02:09:06 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1                activate.adobe.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [VMSwitch] C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Es4d\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Es4d\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{978cc5bb-4ab5-11e0-beac-002643ae61c7}\Shell - "" = AutoRun
O33 - MountPoints2\{978cc5bb-4ab5-11e0-beac-002643ae61c7}\Shell\AutoRun\command - "" = D:\pushinst.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.08 01:22:43 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Es4d\Desktop\OTL.exe
[2011.05.08 00:33:07 | 000,000,000 | ---D | C] -- C:\Users\Es4d\AppData\Roaming\SUPERAntiSpyware.com
[2011.05.08 00:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.05.08 00:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011.05.08 00:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.05.08 00:33:03 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.05.08 00:15:28 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Es4d\Desktop\TDSSKiller.exe
[2011.05.08 00:11:04 | 011,065,088 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Es4d\SUPERAntiSpyware.exe
[2011.05.07 23:09:13 | 000,000,000 | ---D | C] -- C:\Users\Es4d\AppData\Roaming\Malwarebytes
[2011.05.07 23:09:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.07 23:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.07 23:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.07 23:09:05 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.07 23:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.07 23:08:36 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Es4d\mbam-setup.exe
[2011.05.07 22:52:51 | 000,000,000 | ---D | C] -- C:\Users\Es4d\AppData\Roaming\Avira
[2011.05.07 22:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.05.07 22:49:59 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.05.07 22:49:59 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.05.07 22:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.05.07 22:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.05.07 22:46:18 | 000,000,000 | ---D | C] -- C:\Users\Es4d\AppData\Local\{198B6134-00EA-407D-9E35-2A3A467A54FE}
[2011.05.04 20:39:24 | 000,000,000 | ---D | C] -- C:\Users\Es4d\AppData\Local\SKIDROW
[2011.05.04 20:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2011.05.04 13:31:35 | 000,000,000 | ---D | C] -- C:\Users\Es4d\AppData\Roaming\HP
[2011.05.04 13:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011.05.04 13:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.05.04 13:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011.05.04 13:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011.05.04 13:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.05.04 13:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.05.04 13:24:11 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2011.04.27 00:45:35 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.04.27 00:45:34 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011.04.27 00:45:34 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.04.27 00:45:34 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.04.27 00:45:25 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011.04.27 00:45:25 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011.04.27 00:45:25 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011.04.27 00:45:25 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011.04.27 00:45:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011.04.27 00:45:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011.04.27 00:45:24 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011.04.27 00:45:21 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011.04.27 00:45:21 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011.04.19 13:50:51 | 000,000,000 | ---D | C] -- C:\Users\Es4d\Desktop\wordpress
[2011.04.19 13:41:26 | 000,000,000 | ---D | C] -- C:\Users\Es4d\Desktop\Fahrtkosten
[2011.04.19 13:26:49 | 000,000,000 | ---D | C] -- C:\Users\Es4d\Desktop\Bewerbung
[2011.04.19 13:26:20 | 000,000,000 | ---D | C] -- C:\Users\Es4d\Desktop\sourcing_asia
[2011.04.19 13:25:39 | 000,000,000 | ---D | C] -- C:\Users\Es4d\Desktop\WP THEMES
[2011.04.14 02:47:37 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.04.14 02:47:37 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.04.14 02:47:37 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.04.14 02:47:36 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011.04.14 02:47:36 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011.04.14 02:47:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.14 02:47:36 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.04.14 02:47:35 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.14 02:47:35 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.14 02:47:35 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.04.14 02:47:34 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.14 02:47:34 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.04.14 02:47:34 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.14 02:47:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.14 02:47:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.04.14 02:47:27 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.04.14 02:47:27 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.14 02:47:27 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.04.14 02:47:27 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.04.14 02:47:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.14 02:47:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.04.14 02:47:27 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.04.14 02:47:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.14 02:47:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.04.14 02:47:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.04.14 02:47:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.04.14 02:47:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.04.14 02:47:10 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011.04.14 02:47:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011.04.14 02:47:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.04.14 02:47:07 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011.04.14 02:47:07 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011.04.14 02:47:07 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011.04.14 02:47:07 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011.04.14 02:47:07 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011.04.14 02:47:07 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011.04.14 02:47:07 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011.04.14 02:47:07 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.08 01:22:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Es4d\Desktop\OTL.exe
[2011.05.08 01:09:33 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.08 01:09:33 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.08 01:09:33 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.08 01:09:33 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.08 01:09:33 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.08 01:09:31 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.08 01:09:31 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.08 01:02:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.08 01:02:03 | 3195,228,160 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.08 00:52:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3912048620-2732627897-2905044460-1003UA.job
[2011.05.08 00:48:02 | 000,504,657 | ---- | M] () -- C:\Users\Es4d\unhide.exe
[2011.05.08 00:33:05 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.05.08 00:15:11 | 001,280,815 | ---- | M] () -- C:\Users\Es4d\tdsskiller.zip
[2011.05.08 00:11:19 | 011,065,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Es4d\SUPERAntiSpyware.exe
[2011.05.07 23:58:28 | 000,000,359 | ---- | M] () -- C:\Users\Es4d\Desktop\Papierkorb - Verknüpfung.lnk
[2011.05.07 23:08:39 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Es4d\mbam-setup.exe
[2011.05.07 23:03:11 | 001,006,778 | ---- | M] () -- C:\Users\Es4d\rkill.com
[2011.05.07 22:49:11 | 052,718,176 | ---- | M] () -- C:\Users\Es4d\avira_antivir_personal_de.exe
[2011.05.07 22:46:19 | 000,000,120 | ---- | M] () -- C:\Users\Es4d\AppData\Local\Kkovexem.dat
[2011.05.07 22:46:19 | 000,000,000 | ---- | M] () -- C:\Users\Es4d\AppData\Local\Hkibuqaz.bin
[2011.05.07 22:44:28 | 000,000,336 | ---- | M] () -- C:\ProgramData\44359416
[2011.05.06 14:49:17 | 003,268,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.05.06 10:52:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3912048620-2732627897-2905044460-1003Core.job
[2011.05.04 23:32:00 | 733,316,539 | ---- | M] () -- C:\Users\Es4d\Desktop\TA_1108.avi
[2011.05.04 13:29:35 | 000,245,229 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011.05.02 13:37:57 | 000,034,114 | ---- | M] () -- C:\Users\Es4d\Desktop\14864_008.jpg
[2011.05.01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Es4d\Desktop\TDSSKiller.exe
[2011.04.29 13:35:14 | 000,044,176 | ---- | M] () -- C:\Users\Es4d\Desktop\bksy.jpg
[2011.04.27 21:58:26 | 000,065,358 | ---- | M] () -- C:\Users\Es4d\Desktop\18d659d7467b082cae55d5629041718e_image_document_large_featured_borderless.jpg
[2011.04.26 14:01:26 | 010,018,322 | ---- | M] () -- C:\Users\Es4d\Desktop\immosaad_flickr.jpg
[2011.04.24 01:02:24 | 000,310,372 | ---- | M] () -- C:\Users\Es4d\Desktop\24042011418.jpg
[2011.04.23 03:33:12 | 000,037,677 | ---- | M] () -- C:\Users\Es4d\Desktop\thumbs_hornoxe.com_picdump203_007.jpg
[2011.04.22 01:57:12 | 000,031,512 | ---- | M] () -- C:\Users\Es4d\Desktop\365667.zip
[2011.04.20 15:28:32 | 000,050,185 | ---- | M] () -- C:\Users\Es4d\Desktop\geht das nicht so.JPG
[2011.04.20 01:06:41 | 000,731,944 | ---- | M] () -- C:\Users\Es4d\Desktop\Volontariatszeugnis.pdf
[2011.04.19 14:09:48 | 000,000,895 | ---- | M] () -- C:\Users\Es4d\Desktop\index.htm
[2011.04.19 14:09:33 | 000,000,424 | ---- | M] () -- C:\Users\Es4d\Desktop\index.php
[2011.04.19 14:00:54 | 000,000,040 | ---- | M] () -- C:\Users\Es4d\Desktop\.htaccess
[2011.04.13 12:44:21 | 001,232,179 | ---- | M] () -- C:\Users\Es4d\Desktop\22-24.pdf
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.08 00:48:01 | 000,504,657 | ---- | C] () -- C:\Users\Es4d\unhide.exe
[2011.05.08 00:33:05 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.05.08 00:15:05 | 001,280,815 | ---- | C] () -- C:\Users\Es4d\tdsskiller.zip
[2011.05.07 23:58:28 | 000,000,359 | ---- | C] () -- C:\Users\Es4d\Desktop\Papierkorb - Verknüpfung.lnk
[2011.05.07 23:03:09 | 001,006,778 | ---- | C] () -- C:\Users\Es4d\rkill.com
[2011.05.07 22:49:00 | 052,718,176 | ---- | C] () -- C:\Users\Es4d\avira_antivir_personal_de.exe
[2011.05.07 22:46:19 | 000,000,120 | ---- | C] () -- C:\Users\Es4d\AppData\Local\Kkovexem.dat
[2011.05.07 22:46:19 | 000,000,000 | ---- | C] () -- C:\Users\Es4d\AppData\Local\Hkibuqaz.bin
[2011.05.07 22:44:28 | 000,000,336 | ---- | C] () -- C:\ProgramData\44359416
[2011.05.06 10:13:32 | 733,316,539 | ---- | C] () -- C:\Users\Es4d\Desktop\TA_1108.avi
[2011.05.04 13:24:23 | 000,245,229 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.05.04 13:24:23 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.05.02 13:37:56 | 000,034,114 | ---- | C] () -- C:\Users\Es4d\Desktop\14864_008.jpg
[2011.04.29 13:35:13 | 000,044,176 | ---- | C] () -- C:\Users\Es4d\Desktop\bksy.jpg
[2011.04.27 21:58:25 | 000,065,358 | ---- | C] () -- C:\Users\Es4d\Desktop\18d659d7467b082cae55d5629041718e_image_document_large_featured_borderless.jpg
[2011.04.26 14:01:13 | 010,018,322 | ---- | C] () -- C:\Users\Es4d\Desktop\immosaad_flickr.jpg
[2011.04.24 13:01:25 | 000,310,372 | ---- | C] () -- C:\Users\Es4d\Desktop\24042011418.jpg
[2011.04.23 03:33:11 | 000,037,677 | ---- | C] () -- C:\Users\Es4d\Desktop\thumbs_hornoxe.com_picdump203_007.jpg
[2011.04.22 02:01:41 | 000,079,325 | ---- | C] () -- C:\Users\Es4d\Desktop\Boardwalk Empire - 01x01 - Boardwalk Empire.FQM.English.C.orig.Addic7ed.com.srt
[2011.04.22 01:57:11 | 000,031,512 | ---- | C] () -- C:\Users\Es4d\Desktop\365667.zip
[2011.04.20 15:28:32 | 000,050,185 | ---- | C] () -- C:\Users\Es4d\Desktop\geht das nicht so.JPG
[2011.04.20 01:06:39 | 000,731,944 | ---- | C] () -- C:\Users\Es4d\Desktop\Volontariatszeugnis.pdf
[2011.04.19 14:09:47 | 000,000,895 | ---- | C] () -- C:\Users\Es4d\Desktop\index.htm
[2011.04.19 14:00:54 | 000,000,040 | ---- | C] () -- C:\Users\Es4d\Desktop\.htaccess
[2011.04.13 12:44:08 | 001,232,179 | ---- | C] () -- C:\Users\Es4d\Desktop\22-24.pdf
[2010.07.16 01:57:02 | 000,005,788 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.05 23:54:20 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.05 22:55:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.05.04 19:16:26 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.11.24 04:53:20 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.11.24 04:35:37 | 000,002,835 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
[2009.11.24 04:30:31 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.08.17 22:19:56 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.08.17 22:19:53 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.08.17 22:19:53 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.08.17 22:19:50 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.08.17 12:30:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010.05.18 10:38:10 | 000,000,000 | -HSD | M] -- C:\Users\Es4d\AppData\Roaming\.#
[2010.09.11 12:41:53 | 000,000,000 | ---D | M] -- C:\Users\Es4d\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.23 17:49:42 | 000,000,000 | ---D | M] -- C:\Users\Es4d\AppData\Roaming\FileZilla
[2011.02.14 10:47:36 | 000,000,000 | ---D | M] -- C:\Users\Es4d\AppData\Roaming\Lingo4u
[2010.05.04 13:14:52 | 000,000,000 | ---D | M] -- C:\Users\Es4d\AppData\Roaming\Protector Suite
[2011.01.19 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\Es4d\AppData\Roaming\Rovio
[2010.12.06 11:31:41 | 000,000,000 | ---D | M] -- C:\Users\Es4d\AppData\Roaming\Wordpress
[2010.11.18 20:13:21 | 000,000,000 | ---D | M] -- C:\Users\Es4d\AppData\Roaming\Zylom
[2011.02.25 13:03:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
         
--- --- ---


So, ich habe nun wirklich versucht, euch genügend Informationen für den Anfang zu geben. Ich hoffe, ihr könnt mir weiterhelfen bei den (hoffentlich) letzten Schritten, um das System wieder sauber zu bekommen.

Besten Dank im Voraus!



Gruß, Dresad

Alt 08.05.2011, 14:40   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Trojaner eingefangen - Standard

Windows Recovery Trojaner eingefangen



Mach bitte einen Vollscan mit aktualisiertem Malwarebytes und poste das Log.
__________________

__________________

Antwort

Themen zu Windows Recovery Trojaner eingefangen
0x00000001, 132.exe, 64-bit, ad.yieldmanager.com, adobe after effects, adware.casino, anfang, antivir, autorun, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, converter, data restore, document, entfernen, error, extras.txt, flash player, google, heuristics.shuriken, home, hängen, install.exe, jdownloader, kaspersky, location, logfile, mp3, officejet, oldtimer, otl-scan, otl.txt, plug-in, popup, poweriso, rarsfx0, realtek, recycle.bin, registry, riskware.tool.ck, rootkit.tdss.gen, scan, sched.exe, searchplugins, security, shell32.dll, shortcut, software, start menu, system, syswow64, taskmanager, third party, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojan.agent.u, trojaner, trojaner eingefangen, webcheck, windows, windows recovery entfernen




Ähnliche Themen: Windows Recovery Trojaner eingefangen


  1. File Recovery Virus eingefangen
    Log-Analyse und Auswertung - 11.09.2012 (1)
  2. Windows Recovery + Trojaner
    Log-Analyse und Auswertung - 05.06.2011 (1)
  3. windows xp recovery eingefangen!!
    Plagegeister aller Art und deren Bekämpfung - 03.06.2011 (7)
  4. Windows Recovery Trojaner und weitere Probleme
    Log-Analyse und Auswertung - 01.06.2011 (3)
  5. Windows 7 Recovery Trojaner
    Log-Analyse und Auswertung - 27.05.2011 (30)
  6. Windows Recovery eingefangen!
    Log-Analyse und Auswertung - 18.05.2011 (37)
  7. windows recovery trojaner
    Log-Analyse und Auswertung - 14.05.2011 (43)
  8. Windows Recovery Trojaner - Malewarebytes durchgeführt was nun?
    Log-Analyse und Auswertung - 11.05.2011 (29)
  9. Trojaner eingefangen: Windows Recovery
    Log-Analyse und Auswertung - 10.05.2011 (20)
  10. Windows Recovery eingefangen
    Log-Analyse und Auswertung - 09.05.2011 (24)
  11. Windows recovery eingefangen
    Log-Analyse und Auswertung - 04.05.2011 (31)
  12. Trojaner Fake.AV / Windows Recovery?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (10)
  13. Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!
    Log-Analyse und Auswertung - 30.04.2011 (6)
  14. Windows recovery trojaner weg?
    Log-Analyse und Auswertung - 28.04.2011 (18)
  15. Windows Recovery eingefangen - OTL Logs angefügt
    Log-Analyse und Auswertung - 27.04.2011 (1)
  16. Windows Recovery eingefangen
    Log-Analyse und Auswertung - 23.04.2011 (7)
  17. windows recovery trojaner
    Log-Analyse und Auswertung - 22.04.2011 (1)

Zum Thema Windows Recovery Trojaner eingefangen - Hallo liebes Board, auch ich habe mir diesen dämlichen Windows Recovery Trojaner eingefangen und versucht ihn anhand dieser Anleitung zu entfernen http://www.trojaner-board.de/96741-w...entfernen.html d.h. ich habe: 1. rkill.exe durchgeführt (mehrmals) und - Windows Recovery Trojaner eingefangen...
Archiv
Du betrachtest: Windows Recovery Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.