Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Laptop - weißer Bildschirm nach Start (https://www.trojaner-board.de/133931-laptop-weisser-bildschirm-start.html)

Zuckerstueck 19.04.2013 14:55
Laptop - weißer Bildschirm nach Start
 
Hallo,

ich habe hier das Laptop eines Freundes (windows xp).
Nachdem er gestern im Netz war gibt es nur noch einen weißen Bildschirm nach dem Start her.
Bis das Laptop hochgefahren ist wird alles normal angezeigt.
Dann nur noch weißer Bildschirm und der Mauszeiger.
Ebenso wenn im abgesicherten Modus hochgefahren wird.
Woran liegt das und was können wir tun?
Die Daten auf der Festplatte sind sehr wichtig!
Herzlichen Dank schon mal

aharonov 19.04.2013 15:00
Hallo,

funktioniert aber der abgesicherte Modus mit Eingabeaufforderung noch, so dass du dort zum schwarzen Konsolenfenster gelangst?

Zuckerstueck 19.04.2013 15:41
Hallo, ja, das funktioniert

aharonov 19.04.2013 15:42
Prima, dann schleichen wir dort rein:


Lade dir auf einem Zweitrechner bitte OTL (von Oldtimer) herunter und speichere es auf einen USB-Stick (nicht in einen Unterordner!).
  • Schliesse diesen USB-Stick nun an den infizierten Rechner an.
  • Starte den infizierten Computer in den abgesicherten Modus mit Eingabeaufforderung. (Anleitung)
  • In der Kommandozeile gib nun notepad ein und drücke Enter.
    • Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Arbeitsplatz.
    • Lese hier nun den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
    • Schliesse Notepad wieder.
  • Gib nun bitte folgenden Befehl in die Kommandozeile ein und drücke Enter:
    e:\OTL.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
    Es sollte sich nun das Fenster von OTL öffnen.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) angezeigt und auf den USB-Stick gespeichert.
  • Poste bitte auf dem Zweitrechner den Inhalt dieser Logfiles hier in den Thread.

Zuckerstueck 19.04.2013 15:44
Wow, Du bist aber fix!! Vielen lieben Dank! Ich flitze schnell zur Nachbarin und lade es. Melde mich gleich :)

aharonov 19.04.2013 15:54
Ok, alles klar :)

Zuckerstueck 19.04.2013 16:33
so... hier nun der Inhalt von Extras:OTL Logfile:
Code:
OTL Extras logfile created on: 19.04.2013 17:07:47 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = e:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 87,71% Memory free
3,85 Gb Paging File | 3,80 Gb Available in Paging File | 98,70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,14 Gb Total Space | 32,97 Gb Free Space | 35,40% Space Free | Partition Type: NTFS
Drive D: | 85,25 Gb Total Space | 85,18 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive E: | 7,60 Gb Total Space | 7,55 Gb Free Space | 99,27% Space Free | Partition Type: FAT32
 
Computer Name: ROLAND | User Name: Roly | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" = C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Disabled:GoogleToolbarNotifier -- (Google Inc.)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe" = C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe:*:Enabled:T-Online Profilverwaltung -- (Deutsche Telekom AG)
"C:\Programme\Windows Live\Contacts\wlcomm.exe" = C:\Programme\Windows Live\Contacts\wlcomm.exe:*:Enabled:Windows Live Communications Platform -- (Microsoft Corporation)
"C:\Programme\T-Online\T-Online_Software_6\Browser\browser.exe" = C:\Programme\T-Online\T-Online_Software_6\Browser\browser.exe:*:Enabled:T-Online Browser 6.0 -- (Deutsche Telekom AG)
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Outlook Express\msimn.exe" = C:\Programme\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)
"C:\WINDOWS\ehome\ehtray.exe" = C:\WINDOWS\ehome\ehtray.exe:*:Enabled:Media Center Tray Applet -- (Microsoft Corporation)
"C:\Programme\Sony\Image Converter 2\ImageConverter2.exe" = C:\Programme\Sony\Image Converter 2\ImageConverter2.exe:*:Enabled:Image Converter 2 -- (Sony Corporation)
"C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe" = C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe:*:Enabled:T-Online eMail-Anzeige -- (fun communications GmbH, hxxp://www.fun.de)
"C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe" = C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe:*:Enabled:T-Online StartCenter 6.0 -- (Deutsche Telekom AG)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()
"C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" = C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe:*:Enabled:hpgs2wnf Module -- ()
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Programme\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1C70BE80-35E0-46DA-B81D-5BF5652F8D80}" = AV Mode Button Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24960AC2-C413-4A86-B1C1-E4CCADCA44D3}" = VAIO Information FLOW
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3B29A786-5803-4E9E-9B58-3014A5B4E519}" = Norton AntiSpam
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{73D6801A-EA7C-4C48-BA22-B47813520262}" = InterVideo WinDVD BD for VAIO
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C44C027-7B9F-46F1-8FD8-5767403A7CA5}" = AppMon Utility
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{909790A9-20EE-4948-8E77-684C7D71954B}" = Ulead BD DiscRecorder
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.6
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B8E952E3-A823-443A-8493-39A0CCE0E3EB}" = HP Photo and Imaging 1.0 - Scanjet 3500c Series
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E4EC137E-AF36-40B3-8BB6-4F091ECDC9D9}" = VAIO Edit Components
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.30
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F68424BE-F5EE-4011-8D02-AD0DBB1BD758}" = BlackBerry Device Software Updater
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"CAL" = Canon Camera Access Library
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"ElsterFormular" = ElsterFormular
"Hemera Products" = Hemera Products
"hp deskjet 960c series" = hp deskjet 960c series (nur entfernen)
"hp deskjet 960c series_Driver" = hp deskjet 960c series
"ie8" = Windows Internet Explorer 8
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"MouseSuite98" = Sony USB Mouse
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"MyCamera" = Canon Utilities MyCamera
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Router Installationsprogramm und Monitor_is1" = Router Installationsprogramm und Monitor
"Skype_is1" = Skype 2.0
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2006 (Symantec Corporation)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.04.2013 07:15:09 | Computer Name = ROLAND | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 11.04.2013 07:15:25 | Computer Name = ROLAND | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 14.04.2013 15:21:37 | Computer Name = ROLAND | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung tosbtproc.exe, Version 1.2.14.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 14.04.2013 15:29:11 | Computer Name = ROLAND | Source = Norton Ghost | ID = 100
Description = Beschreibung: Fehler EC8F1780: Die Änderungen seit der letzten Sitzung
 können nicht ordnungsgemäß abgestimmt werden. Fehler EC8F1771: Die aktuellen Laufwerke
 auf diesem System können nicht aufgelistet werden. Fehler EC8F03EC: Die Storage
 Management Engine kann nicht initialisiert werden. Fehler EBAB03E9: Fehler in interner
 Anwendung: Unberechtigter Speicherzugriff c0000005: Anwendung hat versucht, den
 Speicher unter 00f70a78 zu lesen.  Details: 0xEBAB03E9  Quelle: Norton Ghost
 
Error - 14.04.2013 17:13:30 | Computer Name = ROLAND | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 14.04.2013 17:13:31 | Computer Name = ROLAND | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 14.04.2013 17:13:46 | Computer Name = ROLAND | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 19.04.2013 05:05:50 | Computer Name = ROLAND | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 19.04.2013 05:05:50 | Computer Name = ROLAND | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 19.04.2013 05:06:05 | Computer Name = ROLAND | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
[ System Events ]
Error - 19.04.2013 10:42:49 | Computer Name = ROLAND | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  AFD  avgio  avipbb  DMICall  Fips  intelppm  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  ssmdrv  Tcpip  Tosrfcom
V2IMount
 
Error - 19.04.2013 11:05:44 | Computer Name = ROLAND | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 19.04.2013 11:05:57 | Computer Name = ROLAND | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 19.04.2013 11:06:01 | Computer Name = ROLAND | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 19.04.2013 11:06:56 | Computer Name = ROLAND | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 19.04.2013 11:06:56 | Computer Name = ROLAND | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 19.04.2013 11:06:56 | Computer Name = ROLAND | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 19.04.2013 11:06:56 | Computer Name = ROLAND | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
Error - 19.04.2013 11:06:56 | Computer Name = ROLAND | Source = Service Control Manager | ID = 7001
Description = Der Dienst "VAIO Entertainment File Import Service" ist vom Dienst
 "VAIO Entertainment Database Service" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde:  %%1068
 
Error - 19.04.2013 11:06:56 | Computer Name = ROLAND | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  AFD  avgio  avipbb  DMICall  Fips  intelppm  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  ssmdrv  Tcpip  Tosrfcom
V2IMount
 
 
< End of report >
--- --- ---











Hier der Inhalt von OTLOTL Logfile:
Code:
OTL logfile created on: 19.04.2013 17:07:47 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = e:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 87,71% Memory free
3,85 Gb Paging File | 3,80 Gb Available in Paging File | 98,70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,14 Gb Total Space | 32,97 Gb Free Space | 35,40% Space Free | Partition Type: NTFS
Drive D: | 85,25 Gb Total Space | 85,18 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive E: | 7,60 Gb Total Space | 7,55 Gb Free Space | 99,27% Space Free | Partition Type: FAT32
 
Computer Name: ROLAND | User Name: Roly | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.19 16:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- e:\OTL.exe
PRC - [2008.04.14 04:22:38 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2011.07.02 07:50:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 12:51:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.14 21:55:12 | 000,571,288 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010.03.22 15:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009.09.08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2006.08.18 17:51:24 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006.06.13 08:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006.06.07 09:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006.05.26 00:58:54 | 000,086,016 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2006.05.18 10:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2006.05.18 10:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2006.05.08 04:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006.04.27 17:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.04.27 17:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006.04.27 17:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.04.13 13:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006.04.04 14:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2006.02.21 16:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006.01.25 18:30:00 | 001,160,800 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006.01.25 18:30:00 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2006.01.25 18:30:00 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006.01.25 18:30:00 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006.01.25 18:29:00 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006.01.25 18:29:00 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006.01.25 18:28:00 | 000,045,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2006.01.25 18:26:00 | 000,072,312 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2006.01.25 18:24:00 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2006.01.25 18:24:00 | 000,133,744 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005.11.28 13:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005.11.28 13:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005.11.25 13:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.14 13:37:48 | 002,066,024 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005.10.14 13:37:28 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Stopped] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005.09.09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Stopped] -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005.07.14 19:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005.01.20 15:12:06 | 000,079,472 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004.03.13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2011.07.02 07:50:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.02 07:50:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.08.27 14:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2010.08.22 21:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2009.12.22 17:42:53 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009.10.23 21:35:39 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 20:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007.04.23 14:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2006.07.26 09:13:30 | 000,754,688 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115S.sys -- (AVerM115S)
DRV - [2006.07.21 17:39:58 | 000,005,376 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2006.06.30 10:27:00 | 000,075,264 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006.06.28 02:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20060628.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2006.06.28 02:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20060628.020\NAVENG.SYS -- (NAVENG)
DRV - [2006.06.06 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.06.06 05:20:00 | 000,088,444 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.06.06 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.06.06 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.06.06 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.06.06 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.06.06 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006.05.26 00:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006.03.17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006.03.17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006.03.06 11:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006.02.08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006.02.02 23:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006.01.31 18:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.01.25 18:30:00 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006.01.25 18:30:00 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006.01.25 18:26:00 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2006.01.25 18:24:00 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006.01.25 18:24:00 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\Programme\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005.12.14 17:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005.12.05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005.11.28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.11.24 13:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.11.11 15:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - [2005.10.18 09:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.10.18 09:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.10.18 09:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.10.14 13:37:40 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005.10.14 13:37:38 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005.09.21 02:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)
DRV - [2005.09.20 08:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.12.23 04:47:10 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004.11.22 06:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004.11.01 05:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2000.12.05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000.11.09 12:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
 
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 3A E2 BA 18 31 CE 01  [binary data]
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&mkt=de-de&FORM=IE0000
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes\{26FF75D8-7A4C-451B-BBE7-A8CC22F0FC44}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK_deDE350
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.12.08 20:37:42 | 000,000,820 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Sony Corp.)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppMon Utility] C:\Programme\Sony\AppMonUtil\AppMonUtility.exe (Sony Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Epg Service] C:\Programme\InterVideo\DVDEX\TvtvEpgAcq.exe File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [IS CfgWiz] C:\Programme\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Programme\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run:  C:\Programme\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Audio Filter.lnk = C:\Programme\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Dokumente und Einstellungen\Roly\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342005163156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006 Winlogon: Shell - (C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\mcafee.ini) - C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\mcafee.ini ()
O20 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1920x1200.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1920x1200.bmp
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.18 12:34:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.19 14:32:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.04.19 11:01:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mmk
[2013.04.16 18:02:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roly\Desktop\ferrari360 spider berlin
[2013.03.26 19:53:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roly\Eigene Dateien\ACOUSTIC PICKUP TESTS
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.19 17:09:25 | 000,503,968 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.19 17:09:25 | 000,477,976 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.19 17:09:25 | 000,103,908 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.19 17:09:25 | 000,086,316 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.19 17:05:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.19 17:04:03 | 000,087,372 | ---- | M] () -- C:\WINDOWS\uxkusew.erk
[2013.04.19 17:04:03 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.19 17:04:02 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3300159558-126359597-3874169104-1006.job
[2013.04.19 17:04:01 | 000,061,359 | ---- | M] () -- C:\WINDOWS\szym.sol
[2013.04.19 17:01:25 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.04.19 14:47:20 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.04.19 14:20:10 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3300159558-126359597-3874169104-1006UA.job
[2013.04.19 14:16:11 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.19 11:01:54 | 000,069,871 | ---- | M] () -- C:\WINDOWS\vyhysij.fyt
[2013.04.19 11:01:43 | 000,228,636 | ---- | M] () -- C:\WINDOWS\xtfkq.qyx
[2013.04.19 11:00:38 | 000,018,274 | ---- | M] () -- C:\WINDOWS\slzcya.cjy
[2013.04.19 10:59:46 | 000,161,601 | ---- | M] () -- C:\WINDOWS\xjrgpll.muk
[2013.04.16 19:21:11 | 000,042,702 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\roly bw pose.jpg
[2013.04.16 19:20:00 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3300159558-126359597-3874169104-1006Core.job
[2013.04.16 18:09:39 | 000,143,803 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_4.jpg
[2013.04.16 18:09:35 | 000,176,990 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_3.jpg
[2013.04.16 16:47:07 | 000,046,375 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\food.jpg
[2013.04.14 21:22:53 | 000,000,099 | ---- | M] () -- C:\WINDOWS\WirelessFTP.INI
[2013.04.13 14:37:20 | 000,401,811 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\see me.png
[2013.04.12 13:22:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.04.11 13:14:16 | 000,338,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.11 12:08:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.04.10 13:21:04 | 000,002,361 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\Google Chrome.lnk
[2013.04.09 18:14:28 | 000,444,066 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\ferrari 355 chiptuning.pdf
[2013.04.09 18:13:09 | 000,443,701 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\porsche carrera 4s chiptuning.pdf
[2013.04.09 18:11:51 | 000,443,776 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl350 chiptuning.pdf
[2013.04.09 18:10:43 | 000,444,647 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl500 chiptuning.pdf
[2013.04.09 14:38:32 | 000,000,858 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2013.04.08 11:32:57 | 000,085,326 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\rockerz.jpg
[2013.04.06 01:18:02 | 000,395,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\designo magno.jpg
[2013.03.27 21:59:44 | 000,043,397 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\muzos job.jpg
[2013.03.27 21:08:59 | 000,000,278 | ---- | M] () -- C:\WINDOWS\hpqcopy.INI
[2013.03.26 22:39:38 | 000,024,878 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\violinist incognito.jpg
[2013.03.26 21:50:38 | 000,048,210 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\Aftershow Backstage Jürgen and Me.jpg
[2013.03.25 14:21:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3300159558-126359597-3874169104-1006.job
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.19 11:01:50 | 000,087,372 | ---- | C] () -- C:\WINDOWS\uxkusew.erk
[2013.04.19 11:01:50 | 000,069,871 | ---- | C] () -- C:\WINDOWS\vyhysij.fyt
[2013.04.19 11:01:43 | 000,228,636 | ---- | C] () -- C:\WINDOWS\xtfkq.qyx
[2013.04.19 10:59:46 | 000,161,601 | ---- | C] () -- C:\WINDOWS\xjrgpll.muk
[2013.04.19 10:59:46 | 000,061,359 | ---- | C] () -- C:\WINDOWS\szym.sol
[2013.04.19 10:57:06 | 000,018,274 | ---- | C] () -- C:\WINDOWS\slzcya.cjy
[2013.04.16 19:21:10 | 000,042,702 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\roly bw pose.jpg
[2013.04.16 18:09:39 | 000,143,803 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_4.jpg
[2013.04.16 18:09:35 | 000,176,990 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_3.jpg
[2013.04.16 16:47:07 | 000,046,375 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\food.jpg
[2013.04.13 14:37:19 | 000,401,811 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\see me.png
[2013.04.09 18:14:28 | 000,444,066 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\ferrari 355 chiptuning.pdf
[2013.04.09 18:13:09 | 000,443,701 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\porsche carrera 4s chiptuning.pdf
[2013.04.09 18:11:51 | 000,443,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl350 chiptuning.pdf
[2013.04.09 18:10:43 | 000,444,647 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl500 chiptuning.pdf
[2013.04.09 14:38:32 | 000,000,858 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2013.04.08 11:32:56 | 000,085,326 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\rockerz.jpg
[2013.04.06 01:18:02 | 000,395,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\designo magno.jpg
[2013.03.27 21:59:43 | 000,043,397 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\muzos job.jpg
[2013.03.26 22:39:38 | 000,024,878 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\violinist incognito.jpg
[2013.02.05 17:12:27 | 001,656,816 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.10.04 05:39:47 | 000,153,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\mcafee.ini
[2012.02.14 22:22:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009.10.24 21:13:07 | 000,056,320 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.23 21:19:18 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.08.18 12:32:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---

aharonov 19.04.2013 17:04
Hi,

der Schritt 1 sollte deinen Rechner entsperren, so dass du die weiteren Schritte dann wieder im normalen Modus von Windows ausführen kannst.


Schritt 1

Erstelle zuerst auf einem Zweitrechner das Fixskript:
  • Drücke dazu bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste, schreibe "notepad" in das Ausführen Fenster und drücke OK.
  • Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
    (Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.)
    Code:
    :OTL
    O20 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006 Winlogon: Shell - (C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\mcafee.ini) - C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\mcafee.ini ()
    [2013.04.19 11:01:50 | 000,087,372 | ---- | C] () -- C:\WINDOWS\uxkusew.erk
    [2013.04.19 11:01:50 | 000,069,871 | ---- | C] () -- C:\WINDOWS\vyhysij.fyt
    [2013.04.19 11:01:43 | 000,228,636 | ---- | C] () -- C:\WINDOWS\xtfkq.qyx
    [2013.04.19 10:59:46 | 000,161,601 | ---- | C] () -- C:\WINDOWS\xjrgpll.muk
    [2013.04.19 10:59:46 | 000,061,359 | ---- | C] () -- C:\WINDOWS\szym.sol
    [2013.04.19 10:57:06 | 000,018,274 | ---- | C] () -- C:\WINDOWS\slzcya.cjy
    [2013.04.19 11:01:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mmk

    :commands
    [emptytemp]
  • Speichere dann die Datei als fix.txt auf den USB-Stick, wo die OTL.exe liegt.
Danach führe folgendermassen den Fix aus:
  • Schliesse den USB-Stick wieder an den infizierten Rechner an und starte diesen in den abgesicherten Modus mit Eingabeaufforderung.
  • Gib nun bitte folgenden Befehl in die Kommandozeile ein und drücke Enter:
    e:\OTL.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
    Es sollte sich nun das Fenster von OTL öffnen.
  • Klicke auf den Fix Button.
  • Drücke dann OK, um den Fix von einem File zu laden.
  • Wähle die erstellte fix.txt auf dem USB-Stick aus. Ihr Inhalt wird in die Textbox eingefügt.
  • Klicke nun erneut auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach einem Neustart versuche wieder in den normalen Modus zu booten.
  • Auf deinem USB-Stick sollte im Ordner _OTL ein Log-File (\_OTL\MovedFiles\<time_date>.txt) erstellt worden sein.
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
  • Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
  • Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
  • Schliesse bitte alle anderen Programme.
  • Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Sollte sich ein Fenster mit folgender Warnung öffnen
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    dann klicke unbedingt auf No.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Show all
  • Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
  • Starte den Scan mit einem Klick auf Scan.
  • Mache gar nichts am Computer, während der Scan läuft!
  • Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
  • Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
  • Füge bitte den Inhalt des Logfiles hier in deine Thread ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.



Schritt 3

Verschiebe die OTL.exe vom USB-Stick auf deinen Desktop und starte sie.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von Gmer
  • Log von OTL

Zuckerstueck 20.04.2013 10:33
Hier nun das Ergebnis zu Schritt 1:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\mcafee.ini deleted successfully.
C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\mcafee.ini moved successfully.
C:\WINDOWS\uxkusew.erk moved successfully.
C:\WINDOWS\vyhysij.fyt moved successfully.
C:\WINDOWS\xtfkq.qyx moved successfully.
C:\WINDOWS\xjrgpll.muk moved successfully.
C:\WINDOWS\szym.sol moved successfully.
C:\WINDOWS\slzcya.cjy moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mmk folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 4046094 bytes
->Temporary Internet Files folder emptied: 1166302 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 6575118 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 48314417 bytes

User: Roly
->Temp folder emptied: 276000177 bytes
->Temporary Internet Files folder emptied: 115665052 bytes
->Java cache emptied: 849989 bytes
->Google Chrome cache emptied: 431983765 bytes
->Flash cache emptied: 18298 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3619047 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6672674 bytes
RecycleBin emptied: 422737 bytes

Total Files Cleaned = 854,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04202013_111924

Hallo,

wenn ich gmer laufen lasse bricht er nach einer Zeit mit einer Fehlermeldung ab.
2yli5or0.exe hat ein Problem festgestellt und muss beendet werden. ;-(
Hier sind drei Buttons. "debug", "problembericht senden" und "nicht senden"

aharonov 20.04.2013 12:00
Hallo,

dann überspring Gmer und mach mit dem nächsten Schritt (OTL) weiter.

Zuckerstueck 20.04.2013 12:22
Inhalt von OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 20.04.2013 13:10:03 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Roly\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 55,93% Memory free
3,85 Gb Paging File | 2,95 Gb Available in Paging File | 76,65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,14 Gb Total Space | 31,77 Gb Free Space | 34,11% Space Free | Partition Type: NTFS
Drive D: | 85,25 Gb Total Space | 85,18 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
 
Computer Name: ROLAND | User Name: Roly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.19 16:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roly\Desktop\OTL.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Dropbox\bin\Dropbox.exe
PRC - [2012.12.03 09:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2012.09.17 12:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.11.08 21:51:22 | 000,796,080 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe
PRC - [2011.11.08 21:51:22 | 000,111,960 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
PRC - [2011.11.08 21:51:20 | 001,226,152 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
PRC - [2011.11.02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011.07.02 07:50:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 12:51:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.20 10:50:48 | 002,848,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2010.11.02 13:25:13 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.14 21:55:12 | 001,501,080 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010.09.14 21:55:12 | 000,571,288 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010.09.14 21:55:10 | 006,996,888 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010.05.12 17:14:40 | 000,984,576 | ---- | M] (Deutsche Telekom AG, T-Com) -- C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\InfoCockpit.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.09.08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
PRC - [2006.08.18 17:51:24 | 001,119,888 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006.08.05 14:13:02 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006.06.22 16:11:18 | 000,029,696 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\AppMonUtil\AppMonUtility.exe
PRC - [2006.06.06 05:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2006.05.26 00:58:54 | 000,086,016 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2006.04.13 13:36:36 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006.04.04 14:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006.03.07 17:46:06 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006.02.21 16:59:00 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.02.21 16:58:34 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006.02.14 12:11:46 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2006.02.07 21:53:00 | 002,134,016 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\WLANSet\WLANSet.exe
PRC - [2006.02.02 22:19:10 | 001,753,088 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006.01.27 18:17:50 | 000,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006.01.26 15:06:38 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006.01.25 18:31:00 | 000,218,240 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
PRC - [2006.01.25 18:30:00 | 000,749,696 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
PRC - [2006.01.25 18:30:00 | 000,214,672 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
PRC - [2006.01.25 18:30:00 | 000,202,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
PRC - [2006.01.25 18:29:00 | 000,192,112 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
PRC - [2006.01.25 18:29:00 | 000,169,584 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
PRC - [2006.01.25 18:29:00 | 000,052,848 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
PRC - [2006.01.25 18:28:00 | 000,120,464 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\CfgWiz.exe
PRC - [2006.01.25 18:24:00 | 000,133,744 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2006.01.23 21:47:32 | 000,073,728 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005.12.27 13:58:10 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005.12.22 17:46:42 | 005,649,408 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
PRC - [2005.11.28 13:38:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005.11.28 13:38:42 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005.10.14 13:37:48 | 002,066,024 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe
PRC - [2005.10.14 13:37:44 | 001,537,648 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\GhostTray.exe
PRC - [2005.10.14 13:37:28 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2005.09.09 03:24:30 | 000,102,400 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005.03.03 21:47:18 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2005.02.17 14:51:12 | 000,132,752 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\CfgWiz.exe
PRC - [2004.11.17 13:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe
PRC - [2004.08.19 02:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe
PRC - [2004.02.20 14:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ISB Utility\ISBMgr.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002.04.11 05:19:36 | 000,077,824 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002.04.11 05:19:34 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2002.03.14 16:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2001.11.09 12:31:19 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.20 13:07:21 | 000,045,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Temp\~WSC.tmp
MOD - [2013.04.20 13:07:13 | 000,053,248 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Temp\~WSB.tmp
MOD - [2013.04.20 13:07:12 | 000,118,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Temp\~WSA.tmp
MOD - [2013.02.15 01:29:35 | 000,057,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\InfoCockpit.PluginI#\b6aaa2cf90aaad04aea34879cbb2e2af\InfoCockpit.PluginInterface.ni.dll
MOD - [2013.02.15 01:29:34 | 001,495,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\InfoCockpit\92d8026ecb6342e908cc81599270a263\InfoCockpit.ni.exe
MOD - [2013.02.15 01:26:55 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
MOD - [2013.01.09 14:05:53 | 000,035,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ToUtil\2db4d119a2518f99d7b8bb3f7b330b56\ToUtil.ni.dll
MOD - [2013.01.09 14:05:41 | 000,696,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\log4net\d0e13b69ea5b8ae52bc6b8dc38b7ed44\log4net.ni.dll
MOD - [2013.01.09 14:05:38 | 000,029,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\InfoCockpit.SkinInt#\9714d97f1f57e53f90b0b52f3ec721d5\InfoCockpit.SkinInterface.ni.dll
MOD - [2013.01.09 13:21:10 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 13:20:16 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013.01.09 13:19:36 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013.01.09 13:19:28 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013.01.09 13:19:21 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013.01.09 13:19:08 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2011.10.14 18:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010.09.14 21:55:14 | 000,022,424 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010.09.14 21:30:38 | 000,659,456 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010.08.22 21:01:36 | 007,187,456 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010.08.22 21:01:08 | 000,325,632 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010.08.22 21:01:06 | 001,954,304 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010.08.22 21:01:06 | 000,847,360 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010.08.22 20:32:34 | 000,119,808 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010.05.12 17:14:06 | 000,318,464 | ---- | M] () -- C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\InfoCockpit.SkinManager.dll
MOD - [2010.01.28 13:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.04.02 14:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006.10.09 17:12:30 | 000,224,256 | ---- | M] () -- C:\WINDOWS\system32\psisrndr.ax
MOD - [2006.10.09 17:12:14 | 000,235,008 | ---- | M] () -- C:\WINDOWS\system32\psisdecd.dll
MOD - [2005.11.28 16:45:50 | 000,040,960 | ---- | M] () -- C:\Programme\Sony\VAIO Camera Utility\VCULib.dll
MOD - [2005.11.28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005.11.28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005.11.28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005.10.07 13:19:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\5U870Prp.ax
MOD - [2005.09.09 03:24:30 | 000,102,400 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
MOD - [2005.08.05 14:26:04 | 000,167,936 | ---- | M] () -- C:\WINDOWS\system32\wstpager.ax
MOD - [2005.08.05 14:26:04 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005.08.05 14:26:02 | 000,062,976 | ---- | M] () -- C:\WINDOWS\system32\mpeg2data.ax
MOD - [2005.08.05 13:02:02 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005.08.05 13:01:14 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\msnp.ax
MOD - [2005.07.22 21:30:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
MOD - [2005.05.20 17:42:20 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2005.03.09 21:30:28 | 001,212,416 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU
MOD - [2004.12.30 10:34:56 | 001,073,152 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Ulead Systems\Mpeg\vorbis.dll
MOD - [2004.12.30 10:34:00 | 000,053,248 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Ulead Systems\Mpeg\ogg.dll
MOD - [2004.10.14 10:18:24 | 000,040,960 | ---- | M] () -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll
MOD - [2004.07.20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2002.04.11 05:19:42 | 000,024,576 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002.04.11 05:19:36 | 000,077,824 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2011.07.02 07:50:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 12:51:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.14 21:55:12 | 000,571,288 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010.03.22 15:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009.09.08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2006.08.18 17:51:24 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006.06.13 08:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006.06.07 09:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006.05.26 00:58:54 | 000,086,016 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2006.05.18 10:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2006.05.18 10:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2006.05.08 04:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006.04.27 17:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.04.27 17:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006.04.27 17:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.04.13 13:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006.04.04 14:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2006.02.21 16:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006.01.25 18:30:00 | 001,160,800 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006.01.25 18:30:00 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2006.01.25 18:30:00 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006.01.25 18:30:00 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006.01.25 18:29:00 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006.01.25 18:29:00 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006.01.25 18:28:00 | 000,045,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2006.01.25 18:26:00 | 000,072,312 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2006.01.25 18:24:00 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2006.01.25 18:24:00 | 000,133,744 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005.11.28 13:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005.11.28 13:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005.11.25 13:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.14 13:37:48 | 002,066,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005.10.14 13:37:28 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005.09.09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005.07.14 19:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005.01.20 15:12:06 | 000,079,472 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004.03.13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2011.07.02 07:50:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.02 07:50:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.08.27 14:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2010.08.22 21:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2009.12.22 17:42:53 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009.10.23 21:35:39 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 20:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007.04.23 14:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2006.07.26 09:13:30 | 000,754,688 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVerM115S.sys -- (AVerM115S)
DRV - [2006.07.21 17:39:58 | 000,005,376 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2006.06.30 10:27:00 | 000,075,264 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006.06.28 02:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20060628.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2006.06.28 02:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20060628.020\NAVENG.SYS -- (NAVENG)
DRV - [2006.06.06 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.06.06 05:20:00 | 000,088,444 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.06.06 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.06.06 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.06.06 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.06.06 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.06.06 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006.05.26 00:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006.03.17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006.03.17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006.03.06 11:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006.02.08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006.02.02 23:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006.01.31 18:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.01.25 18:30:00 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006.01.25 18:30:00 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006.01.25 18:26:00 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2006.01.25 18:24:00 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006.01.25 18:24:00 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Programme\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005.12.14 17:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005.12.05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005.11.28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.11.24 13:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.11.11 15:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - [2005.10.18 09:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.10.18 09:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.10.18 09:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.10.14 13:37:40 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005.10.14 13:37:38 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005.09.21 02:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)
DRV - [2005.09.20 08:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.12.23 04:47:10 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004.11.22 06:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004.11.01 05:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2000.12.05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000.11.09 12:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sony: Community: Welcome to the Sony Community for Computing
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sony: Community: Welcome to the Sony Community for Computing
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sony: Community: Welcome to the Sony Community for Computing
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sony: Community: Welcome to the Sony Community for Computing
 
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 3A E2 BA 18 31 CE 01  [binary data]
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&mkt=de-de&FORM=IE0000
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes\{26FF75D8-7A4C-451B-BBE7-A8CC22F0FC44}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK_deDE350
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.12.08 20:37:42 | 000,000,820 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Sony Corp.)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppMon Utility] C:\Programme\Sony\AppMonUtil\AppMonUtility.exe (Sony Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Epg Service] C:\Programme\InterVideo\DVDEX\TvtvEpgAcq.exe File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [IS CfgWiz] C:\Programme\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Programme\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run:  C:\Programme\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Audio Filter.lnk = C:\Programme\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Dokumente und Einstellungen\Roly\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342005163156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E85CD12-5740-4DFB-B998-56682244EE1C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1920x1200.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1920x1200.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.18 12:34:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.20 13:04:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roly\Desktop\OTL.exe
[2013.04.19 14:32:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.04.16 18:02:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roly\Desktop\ferrari360 spider berlin
[2013.03.26 19:53:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roly\Eigene Dateien\ACOUSTIC PICKUP TESTS
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.20 13:16:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.20 13:06:19 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.04.20 13:06:17 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.20 13:06:16 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3300159558-126359597-3874169104-1006.job
[2013.04.20 13:06:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.20 13:06:04 | 2145,558,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.20 12:20:18 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3300159558-126359597-3874169104-1006UA.job
[2013.04.20 11:50:13 | 000,001,035 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Startmenü\Programme\Autostart\Dropbox.lnk
[2013.04.20 11:49:56 | 000,001,025 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\Dropbox.lnk
[2013.04.20 11:48:19 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\2yli5or0.exe
[2013.04.20 10:46:20 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.04.19 17:09:25 | 000,503,968 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.19 17:09:25 | 000,477,976 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.19 17:09:25 | 000,103,908 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.19 17:09:25 | 000,086,316 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.19 16:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roly\Desktop\OTL.exe
[2013.04.16 19:21:11 | 000,042,702 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\roly bw pose.jpg
[2013.04.16 19:20:00 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3300159558-126359597-3874169104-1006Core.job
[2013.04.16 18:09:39 | 000,143,803 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_4.jpg
[2013.04.16 18:09:35 | 000,176,990 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_3.jpg
[2013.04.16 16:47:07 | 000,046,375 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\food.jpg
[2013.04.14 21:22:53 | 000,000,099 | ---- | M] () -- C:\WINDOWS\WirelessFTP.INI
[2013.04.13 14:37:20 | 000,401,811 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\see me.png
[2013.04.12 13:22:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.04.11 13:14:16 | 000,338,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.11 12:08:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.04.10 13:21:04 | 000,002,361 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\Google Chrome.lnk
[2013.04.09 18:14:28 | 000,444,066 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\ferrari 355 chiptuning.pdf
[2013.04.09 18:13:09 | 000,443,701 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\porsche carrera 4s chiptuning.pdf
[2013.04.09 18:11:51 | 000,443,776 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl350 chiptuning.pdf
[2013.04.09 18:10:43 | 000,444,647 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl500 chiptuning.pdf
[2013.04.09 14:38:32 | 000,000,858 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2013.04.08 11:32:57 | 000,085,326 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\rockerz.jpg
[2013.04.06 01:18:02 | 000,395,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\designo magno.jpg
[2013.03.27 21:59:44 | 000,043,397 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\muzos job.jpg
[2013.03.27 21:08:59 | 000,000,278 | ---- | M] () -- C:\WINDOWS\hpqcopy.INI
[2013.03.26 22:39:38 | 000,024,878 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\violinist incognito.jpg
[2013.03.26 21:50:38 | 000,048,210 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\Aftershow Backstage Jürgen and Me.jpg
[2013.03.25 14:21:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3300159558-126359597-3874169104-1006.job
 
========== Files Created - No Company Name ==========
 
[2013.04.20 11:48:16 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\2yli5or0.exe
[2013.04.20 11:21:54 | 2145,558,528 | -HS- | C] () -- C:\hiberfil.sys
[2013.04.16 19:21:10 | 000,042,702 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\roly bw pose.jpg
[2013.04.16 18:09:39 | 000,143,803 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_4.jpg
[2013.04.16 18:09:35 | 000,176,990 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_3.jpg
[2013.04.16 16:47:07 | 000,046,375 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\food.jpg
[2013.04.13 14:37:19 | 000,401,811 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\see me.png
[2013.04.09 18:14:28 | 000,444,066 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\ferrari 355 chiptuning.pdf
[2013.04.09 18:13:09 | 000,443,701 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\porsche carrera 4s chiptuning.pdf
[2013.04.09 18:11:51 | 000,443,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl350 chiptuning.pdf
[2013.04.09 18:10:43 | 000,444,647 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl500 chiptuning.pdf
[2013.04.09 14:38:32 | 000,000,858 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2013.04.08 11:32:56 | 000,085,326 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\rockerz.jpg
[2013.04.06 01:18:02 | 000,395,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\designo magno.jpg
[2013.03.27 21:59:43 | 000,043,397 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\muzos job.jpg
[2013.03.26 22:39:38 | 000,024,878 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\violinist incognito.jpg
[2013.02.05 17:12:27 | 001,656,816 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.02.14 22:22:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009.10.24 21:13:07 | 000,056,320 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.23 21:19:18 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.08.18 12:32:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.25 20:25:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Affinegy
[2012.04.08 16:42:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2009.10.23 21:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo
[2013.01.22 21:59:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Research In Motion
[2009.10.23 22:01:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2009.10.23 21:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2009.11.24 22:46:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\$CUERoot$
[2013.04.20 13:09:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Dropbox
[2012.04.08 16:44:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\elsterformular
[2010.06.05 15:56:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Facebook
[2010.08.04 23:02:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\InterVideo
[2009.10.24 21:13:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Ordner HP Share-to-Web
[2013.01.22 22:03:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Research In Motion
[2009.10.23 22:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\T-Online
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

aharonov 20.04.2013 12:38
Ok, dann machen wir so weiter:


Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
    Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und akzeptiere die Endbenutzer-Lizenz.
    Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
    Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 3
Code:
reg query "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0"
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}" /s
  • Schliesse bitte alle anderen Programme.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Adwcleaner
  • Log von Combofix
  • Log von OTL

Zuckerstueck 20.04.2013 13:36
Ergebnis von Schritt 1:AdwCleaner Logfile:
Code:
# AdwCleaner v2.200 - Datei am 20/04/2013 um 14:29:43 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Roly - ROLAND
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Roly\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\Description

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [823 octets] - [20/04/2013 14:29:43]

########## EOF - C:\AdwCleaner[S1].txt - [882 octets] ##########
--- --- ---


Combofix Logfile:
Code:
ComboFix 13-04-20.01 - Roly 20.04.2013  14:48:40.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1298 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Roly\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Roly\Eigene Dateien\DPE.DUS
c:\windows\dasetup.log
c:\windows\setupapi.log
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-03-20 bis 2013-04-20  ))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-08 08:36 . 2006-08-18 03:24        293888        ----a-w-        c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2004-08-04 00:50        2031104        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2006-08-18 03:24        2152448        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-02 01:57 . 2006-08-18 03:24        1867392        ----a-w-        c:\windows\system32\win32k.sys
2013-03-02 01:53 . 2006-08-18 03:24        916480        ----a-w-        c:\windows\system32\wininet.dll
2013-03-02 01:53 . 2006-08-18 03:24        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2013-03-02 01:53 . 2006-08-18 03:24        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2013-03-02 01:08 . 2006-08-18 03:24        385024        ----a-w-        c:\windows\system32\html.iec
2013-03-01 09:43 . 2012-07-03 17:16        691568        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-03-01 09:43 . 2012-07-03 17:16        71024        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 07:56 . 2006-08-18 10:31        2067456        ----a-w-        c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 18:56        12928        ------w-        c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2006-08-18 03:24        12928        ----a-w-        c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2006-08-18 03:24        552448        ------w-        c:\windows\system32\oleaut32.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\dokumente und einstellungen\Roly\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\dokumente und einstellungen\Roly\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\dokumente und einstellungen\Roly\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\dokumente und einstellungen\Roly\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2010-05-12 268800]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-23 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-06 7561216]
"Apoint"="c:\programme\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"VAIOCameraUtility"="c:\programme\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"SonyPowerCfg"="c:\programme\Sony\VAIO Power Management\SPMgr.exe" [2006-08-05 217088]
"ISBMgr.exe"="c:\programme\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\programme\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"ccApp"="c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2006-01-25 52848]
"IS CfgWiz"="c:\programme\Norton Internet Security\cfgwiz.exe" [2006-01-25 120464]
"URLLSTCK.exe"="c:\programme\Norton Internet Security\UrlLstCk.exe" [2006-01-25 23168]
"SSC_UserPrompt"="c:\programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe" [2006-01-25 218240]
"AppMon Utility"="c:\programme\Sony\AppMonUtil\AppMonUtility.exe" [2006-06-22 29696]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-06 127036]
"Acrobat Assistant 7.0"="c:\programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"Norton Ghost 10.0"="c:\programme\Norton Ghost\Agent\GhostTray.exe" [2005-10-14 1537648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-09 196608]
"Share-to-Web Namespace Daemon"="c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"VAIO Update 5"="c:\programme\Sony\VAIO Update 5\VAIOUpdt.exe" [2011-04-20 2848144]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2012-04-18 421888]
"InstaLAN"="c:\programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-09-14 1501080]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-09-17 254896]
"RIMBBLaunchAgent.exe"="c:\programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"InfoCockpit"="c:\programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2010-05-12 268800]
.
c:\dokumente und einstellungen\Roly\Startmenü\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\Roly\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Audio Filter.lnk - c:\programme\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2009-10-23 5649408]
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-2-2 1753088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 12:51        73728        ----a-w-        c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\T-Online\\T-Online_Software_6\\Basis-Software\\Basis2\\profilemgr.exe"=
"c:\\Programme\\Windows Live\\Contacts\\wlcomm.exe"=
"c:\\Programme\\T-Online\\T-Online_Software_6\\Browser\\browser.exe"=
"c:\\Programme\\Outlook Express\\msimn.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\Programme\\Sony\\Image Converter 2\\ImageConverter2.exe"=
"c:\\Programme\\T-Online\\T-Online_Software_6\\Notifier\\Notifier.exe"=
"c:\\Programme\\T-Online\\T-Online_Software_6\\Basis-Software\\Basis2\\kernel.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Dokumente und Einstellungen\\Roly\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [14.09.2010 18:19 136360]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [23.10.2009 22:01 61440]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [23.10.2009 21:29 5376]
R3 5U870CAP_VID_1262&PID_25FD;Sony Visual Communication Camera VGP-VCC2 ;c:\windows\system32\drivers\5U870CAP.sys [18.08.2006 05:24 75264]
R3 AVerM115S;AVerM115S service;c:\windows\system32\drivers\AVerM115S.sys [18.08.2006 05:24 754688]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [18.08.2006 05:24 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [18.08.2006 05:24 812544]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [23.10.2009 22:01 17280]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [23.10.2009 22:01 17152]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [23.10.2009 22:01 19200]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv        REG_MULTI_SZ          Tapisrv
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-31 01:05]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-31 01:05]
.
2013-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3300159558-126359597-3874169104-1006Core.job
- c:\dokumente und einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-07-02 17:30]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3300159558-126359597-3874169104-1006UA.job
- c:\dokumente und einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-07-02 17:30]
.
2006-08-18 c:\windows\Tasks\Symantec NetDetect.job
- c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2006-08-18 16:23]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.vaio-link.com/vu/vu2x/index.asp?u=m&h=0407
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-Epg Service - c:\programme\InterVideo\DVDEX\TvtvEpgAcq.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-20 14:53
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1308)
c:\windows\system32\VESWinlogon.dll
.
Zeit der Fertigstellung: 2013-04-20  14:55:06
ComboFix-quarantined-files.txt  2013-04-20 12:55
.
Vor Suchlauf: 10 Verzeichnis(se), 34.016.944.128 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 34.346.729.472 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0B7967F2B8F149A7AD6D84457486727A
--- --- ---

OTL Logfile:
Code:
OTL logfile created on: 20.04.2013 15:07:56 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Roly\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 66,94% Memory free
3,85 Gb Paging File | 3,28 Gb Available in Paging File | 85,17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,14 Gb Total Space | 32,02 Gb Free Space | 34,38% Space Free | Partition Type: NTFS
Drive D: | 85,25 Gb Total Space | 85,18 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
 
Computer Name: ROLAND | User Name: Roly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.19 16:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roly\Desktop\OTL.exe
PRC - [2012.09.17 12:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.11.02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011.07.02 07:50:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 12:51:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.20 10:50:48 | 002,848,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2010.11.02 13:25:13 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.14 21:55:12 | 000,571,288 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.09.08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
PRC - [2006.08.18 17:51:24 | 001,119,888 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006.08.05 14:13:02 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006.06.22 16:11:18 | 000,029,696 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\AppMonUtil\AppMonUtility.exe
PRC - [2006.06.06 05:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2006.05.26 00:58:54 | 000,086,016 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2006.04.13 13:36:36 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006.04.04 14:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006.02.21 16:59:00 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.02.21 16:58:34 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006.01.25 18:30:00 | 000,749,696 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
PRC - [2006.01.25 18:30:00 | 000,214,672 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
PRC - [2006.01.25 18:30:00 | 000,202,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
PRC - [2006.01.25 18:29:00 | 000,192,112 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
PRC - [2006.01.25 18:29:00 | 000,169,584 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
PRC - [2006.01.25 18:29:00 | 000,052,848 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
PRC - [2006.01.25 18:24:00 | 000,133,744 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2005.12.27 13:58:10 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005.11.28 13:38:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005.11.28 13:38:42 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005.10.14 13:37:48 | 002,066,024 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe
PRC - [2005.10.14 13:37:28 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2005.09.09 03:24:30 | 000,102,400 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005.03.03 21:47:18 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004.11.17 13:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe
PRC - [2004.08.19 02:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe
PRC - [2004.02.20 14:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ISB Utility\ISBMgr.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002.04.11 05:19:36 | 000,077,824 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002.04.11 05:19:34 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2002.03.14 16:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.14 18:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010.09.14 21:55:14 | 000,022,424 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010.01.28 13:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.04.02 14:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006.10.09 17:12:30 | 000,224,256 | ---- | M] () -- C:\WINDOWS\system32\psisrndr.ax
MOD - [2006.10.09 17:12:14 | 000,235,008 | ---- | M] () -- C:\WINDOWS\system32\psisdecd.dll
MOD - [2005.11.28 16:45:50 | 000,040,960 | ---- | M] () -- C:\Programme\Sony\VAIO Camera Utility\VCULib.dll
MOD - [2005.11.28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005.11.28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005.11.28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005.09.09 03:24:30 | 000,102,400 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
MOD - [2005.08.05 14:26:04 | 000,167,936 | ---- | M] () -- C:\WINDOWS\system32\wstpager.ax
MOD - [2005.08.05 14:26:04 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005.08.05 14:26:02 | 000,062,976 | ---- | M] () -- C:\WINDOWS\system32\mpeg2data.ax
MOD - [2005.08.05 13:02:02 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005.08.05 13:01:14 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\msnp.ax
MOD - [2005.05.20 17:42:20 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2005.03.09 21:30:28 | 001,212,416 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU
MOD - [2004.12.30 10:34:56 | 001,073,152 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Ulead Systems\Mpeg\vorbis.dll
MOD - [2004.12.30 10:34:00 | 000,053,248 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Ulead Systems\Mpeg\ogg.dll
MOD - [2004.07.20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2002.04.11 05:19:42 | 000,024,576 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002.04.11 05:19:36 | 000,077,824 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2011.07.02 07:50:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 12:51:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.14 21:55:12 | 000,571,288 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010.03.22 15:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009.09.08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2006.08.18 17:51:24 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006.06.13 08:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006.06.07 09:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006.05.26 00:58:54 | 000,086,016 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2006.05.18 10:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2006.05.18 10:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2006.05.08 04:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006.04.27 17:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.04.27 17:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006.04.27 17:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.04.13 13:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006.04.04 14:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2006.02.21 16:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006.01.25 18:30:00 | 001,160,800 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006.01.25 18:30:00 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2006.01.25 18:30:00 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006.01.25 18:30:00 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006.01.25 18:29:00 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006.01.25 18:29:00 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006.01.25 18:28:00 | 000,045,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2006.01.25 18:26:00 | 000,072,312 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2006.01.25 18:24:00 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2006.01.25 18:24:00 | 000,133,744 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005.11.28 13:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005.11.28 13:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005.11.25 13:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.14 13:37:48 | 002,066,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005.10.14 13:37:28 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005.09.09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005.07.14 19:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005.01.20 15:12:06 | 000,079,472 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004.03.13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Roly\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2011.07.02 07:50:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.02 07:50:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.08.27 14:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2010.08.22 21:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2009.12.22 17:42:53 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009.10.23 21:35:39 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 20:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007.04.23 14:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2006.07.26 09:13:30 | 000,754,688 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVerM115S.sys -- (AVerM115S)
DRV - [2006.07.21 17:39:58 | 000,005,376 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2006.06.30 10:27:00 | 000,075,264 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006.06.28 02:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20060628.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2006.06.28 02:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20060628.020\NAVENG.SYS -- (NAVENG)
DRV - [2006.06.06 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.06.06 05:20:00 | 000,088,444 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.06.06 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.06.06 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.06.06 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.06.06 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.06.06 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006.05.26 00:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006.03.17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006.03.17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006.03.06 11:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006.02.08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006.02.02 23:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006.01.31 18:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.01.25 18:30:00 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006.01.25 18:30:00 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006.01.25 18:26:00 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2006.01.25 18:24:00 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006.01.25 18:24:00 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Programme\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005.12.14 17:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005.12.05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005.11.28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.11.24 13:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.11.11 15:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - [2005.10.18 09:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.10.18 09:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.10.18 09:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.10.14 13:37:40 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005.10.14 13:37:38 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005.09.21 02:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)
DRV - [2005.09.20 08:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.12.23 04:47:10 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004.11.22 06:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004.11.01 05:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2000.12.05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000.11.09 12:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sony: Community: Welcome to the Sony Community for Computing
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sony: Community: Welcome to the Sony Community for Computing
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 EF E1 1B B9 3D CE 01  [binary data]
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&mkt=de-de&FORM=IE0000
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes\{26FF75D8-7A4C-451B-BBE7-A8CC22F0FC44}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK_deDE350
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.04.20 14:53:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Sony Corp.)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppMon Utility] C:\Programme\Sony\AppMonUtil\AppMonUtility.exe (Sony Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [IS CfgWiz] C:\Programme\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Programme\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run:  C:\Programme\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Audio Filter.lnk = C:\Programme\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Dokumente und Einstellungen\Roly\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342005163156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E85CD12-5740-4DFB-B998-56682244EE1C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1920x1200.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1920x1200.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.18 12:34:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.20 14:46:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.04.20 14:44:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.04.20 14:44:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.04.20 14:44:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.04.20 14:44:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.04.20 14:40:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.20 14:40:01 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Roly\Startmenü\Programme\Verwaltung
[2013.04.20 14:39:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.04.20 14:37:13 | 005,057,575 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Roly\Desktop\ComboFix.exe
[2013.04.20 13:04:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roly\Desktop\OTL.exe
[2013.04.19 14:32:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.04.16 18:02:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roly\Desktop\ferrari360 spider berlin
[2013.03.26 19:53:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roly\Eigene Dateien\ACOUSTIC PICKUP TESTS
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.20 14:59:23 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.04.20 14:58:47 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.20 14:58:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.20 14:58:34 | 2145,558,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.20 14:53:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.04.20 14:46:38 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2013.04.20 14:37:13 | 005,057,575 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Roly\Desktop\ComboFix.exe
[2013.04.20 14:28:18 | 000,613,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\adwcleaner.exe
[2013.04.20 14:20:00 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3300159558-126359597-3874169104-1006UA.job
[2013.04.20 14:16:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.20 11:50:13 | 000,001,035 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Startmenü\Programme\Autostart\Dropbox.lnk
[2013.04.20 11:49:56 | 000,001,025 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\Dropbox.lnk
[2013.04.20 11:48:19 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\2yli5or0.exe
[2013.04.20 10:46:20 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.04.19 17:09:25 | 000,503,968 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.19 17:09:25 | 000,477,976 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.19 17:09:25 | 000,103,908 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.19 17:09:25 | 000,086,316 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.19 16:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roly\Desktop\OTL.exe
[2013.04.16 19:21:11 | 000,042,702 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\roly bw pose.jpg
[2013.04.16 19:20:00 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3300159558-126359597-3874169104-1006Core.job
[2013.04.16 18:09:39 | 000,143,803 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_4.jpg
[2013.04.16 18:09:35 | 000,176,990 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_3.jpg
[2013.04.16 16:47:07 | 000,046,375 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\food.jpg
[2013.04.14 21:22:53 | 000,000,099 | ---- | M] () -- C:\WINDOWS\WirelessFTP.INI
[2013.04.13 14:37:20 | 000,401,811 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\see me.png
[2013.04.12 13:22:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.04.11 13:14:16 | 000,338,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.11 12:08:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.04.10 13:21:04 | 000,002,361 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\Google Chrome.lnk
[2013.04.09 18:14:28 | 000,444,066 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\ferrari 355 chiptuning.pdf
[2013.04.09 18:13:09 | 000,443,701 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\porsche carrera 4s chiptuning.pdf
[2013.04.09 18:11:51 | 000,443,776 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl350 chiptuning.pdf
[2013.04.09 18:10:43 | 000,444,647 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl500 chiptuning.pdf
[2013.04.09 14:38:32 | 000,000,858 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2013.04.08 11:32:57 | 000,085,326 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\rockerz.jpg
[2013.04.06 01:18:02 | 000,395,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\designo magno.jpg
[2013.03.27 21:59:44 | 000,043,397 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\muzos job.jpg
[2013.03.27 21:08:59 | 000,000,278 | ---- | M] () -- C:\WINDOWS\hpqcopy.INI
[2013.03.26 22:39:38 | 000,024,878 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\violinist incognito.jpg
[2013.03.26 21:50:38 | 000,048,210 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\Aftershow Backstage Jürgen and Me.jpg
 
========== Files Created - No Company Name ==========
 
[2013.04.20 14:46:38 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2013.04.20 14:46:35 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.04.20 14:44:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.04.20 14:44:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.04.20 14:44:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.04.20 14:44:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.04.20 14:44:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.04.20 14:28:17 | 000,613,083 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\adwcleaner.exe
[2013.04.20 11:48:16 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\2yli5or0.exe
[2013.04.20 11:21:54 | 2145,558,528 | -HS- | C] () -- C:\hiberfil.sys
[2013.04.16 19:21:10 | 000,042,702 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\roly bw pose.jpg
[2013.04.16 18:09:39 | 000,143,803 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_4.jpg
[2013.04.16 18:09:35 | 000,176,990 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_3.jpg
[2013.04.16 16:47:07 | 000,046,375 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\food.jpg
[2013.04.13 14:37:19 | 000,401,811 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\see me.png
[2013.04.09 18:14:28 | 000,444,066 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\ferrari 355 chiptuning.pdf
[2013.04.09 18:13:09 | 000,443,701 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\porsche carrera 4s chiptuning.pdf
[2013.04.09 18:11:51 | 000,443,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl350 chiptuning.pdf
[2013.04.09 18:10:43 | 000,444,647 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl500 chiptuning.pdf
[2013.04.09 14:38:32 | 000,000,858 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2013.04.08 11:32:56 | 000,085,326 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\rockerz.jpg
[2013.04.06 01:18:02 | 000,395,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\designo magno.jpg
[2013.03.27 21:59:43 | 000,043,397 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\muzos job.jpg
[2013.03.26 22:39:38 | 000,024,878 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\violinist incognito.jpg
[2013.02.05 17:12:27 | 001,656,816 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.02.14 22:22:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009.10.24 21:13:07 | 000,056,320 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.23 21:19:18 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.08.18 12:32:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.25 20:25:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Affinegy
[2012.04.08 16:42:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2009.10.23 21:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo
[2013.01.22 21:59:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Research In Motion
[2009.10.23 22:01:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2009.10.23 21:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2009.11.24 22:46:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\$CUERoot$
[2013.04.20 15:00:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Dropbox
[2012.04.08 16:44:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\elsterformular
[2010.06.05 15:56:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Facebook
[2010.08.04 23:02:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\InterVideo
[2009.10.24 21:13:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Ordner HP Share-to-Web
[2013.01.22 22:03:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Research In Motion
[2009.10.23 22:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\T-Online
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< reg query "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0" >
[2006.08.18 05:24:20 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006.08.18 12:37:24 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2006.08.18 17:51:22 | 000,000,364 | ---- | C] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job
[2009.10.25 19:52:08 | 000,001,154 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3300159558-126359597-3874169104-1006Core.job
[2009.10.25 19:52:08 | 000,001,206 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3300159558-126359597-3874169104-1006UA.job
[2010.01.26 17:20:45 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2010.01.31 03:05:41 | 000,001,086 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010.01.31 03:05:41 | 000,001,090 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
 
< reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}" /s >
 
<          >

< End of report >
--- --- ---

aharonov 20.04.2013 17:36
Hallo,

wie läuft der Rechner jetzt?

Code:
reg query "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0" /c
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}" /s /c
  • Schliesse bitte alle anderen Programme.
  • Klicke nun auf None (deutsch "None") und danach auf den Scan Button.
  • Kopiere danach den Inhalt der OTL.txt hier in deinen Thread.

Zuckerstueck 20.04.2013 20:10
Hallo,

ich habe weiter nichts mehr gemacht. Habe ganz brav auf weitere Anweisungen gewartet :-DOTL Logfile:
Code:
OTL logfile created on: 20.04.2013 15:07:56 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Roly\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 66,94% Memory free
3,85 Gb Paging File | 3,28 Gb Available in Paging File | 85,17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,14 Gb Total Space | 32,02 Gb Free Space | 34,38% Space Free | Partition Type: NTFS
Drive D: | 85,25 Gb Total Space | 85,18 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
 
Computer Name: ROLAND | User Name: Roly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.19 16:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roly\Desktop\OTL.exe
PRC - [2012.09.17 12:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.11.02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011.07.02 07:50:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 12:51:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.20 10:50:48 | 002,848,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2010.11.02 13:25:13 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.14 21:55:12 | 000,571,288 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.09.08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
PRC - [2006.08.18 17:51:24 | 001,119,888 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006.08.05 14:13:02 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006.06.22 16:11:18 | 000,029,696 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\AppMonUtil\AppMonUtility.exe
PRC - [2006.06.06 05:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2006.05.26 00:58:54 | 000,086,016 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2006.04.13 13:36:36 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006.04.04 14:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006.02.21 16:59:00 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.02.21 16:58:34 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006.01.25 18:30:00 | 000,749,696 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
PRC - [2006.01.25 18:30:00 | 000,214,672 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
PRC - [2006.01.25 18:30:00 | 000,202,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
PRC - [2006.01.25 18:29:00 | 000,192,112 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
PRC - [2006.01.25 18:29:00 | 000,169,584 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
PRC - [2006.01.25 18:29:00 | 000,052,848 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
PRC - [2006.01.25 18:24:00 | 000,133,744 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2005.12.27 13:58:10 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005.11.28 13:38:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005.11.28 13:38:42 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005.10.14 13:37:48 | 002,066,024 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe
PRC - [2005.10.14 13:37:28 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2005.09.09 03:24:30 | 000,102,400 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005.03.03 21:47:18 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004.11.17 13:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe
PRC - [2004.08.19 02:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe
PRC - [2004.02.20 14:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ISB Utility\ISBMgr.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002.04.11 05:19:36 | 000,077,824 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002.04.11 05:19:34 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2002.03.14 16:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.14 18:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010.09.14 21:55:14 | 000,022,424 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010.01.28 13:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.04.02 14:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006.10.09 17:12:30 | 000,224,256 | ---- | M] () -- C:\WINDOWS\system32\psisrndr.ax
MOD - [2006.10.09 17:12:14 | 000,235,008 | ---- | M] () -- C:\WINDOWS\system32\psisdecd.dll
MOD - [2005.11.28 16:45:50 | 000,040,960 | ---- | M] () -- C:\Programme\Sony\VAIO Camera Utility\VCULib.dll
MOD - [2005.11.28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005.11.28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005.11.28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005.09.09 03:24:30 | 000,102,400 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
MOD - [2005.08.05 14:26:04 | 000,167,936 | ---- | M] () -- C:\WINDOWS\system32\wstpager.ax
MOD - [2005.08.05 14:26:04 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005.08.05 14:26:02 | 000,062,976 | ---- | M] () -- C:\WINDOWS\system32\mpeg2data.ax
MOD - [2005.08.05 13:02:02 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005.08.05 13:01:14 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\msnp.ax
MOD - [2005.05.20 17:42:20 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2005.03.09 21:30:28 | 001,212,416 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU
MOD - [2004.12.30 10:34:56 | 001,073,152 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Ulead Systems\Mpeg\vorbis.dll
MOD - [2004.12.30 10:34:00 | 000,053,248 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Ulead Systems\Mpeg\ogg.dll
MOD - [2004.07.20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2002.04.11 05:19:42 | 000,024,576 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002.04.11 05:19:36 | 000,077,824 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2011.07.02 07:50:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 12:51:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.14 21:55:12 | 000,571,288 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010.03.22 15:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009.09.08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2006.08.18 17:51:24 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006.06.13 08:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006.06.07 09:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006.05.26 00:58:54 | 000,086,016 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2006.05.18 10:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2006.05.18 10:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2006.05.08 04:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006.04.27 17:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.04.27 17:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006.04.27 17:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.04.13 13:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006.04.04 14:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2006.02.21 16:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006.01.25 18:30:00 | 001,160,800 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006.01.25 18:30:00 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2006.01.25 18:30:00 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006.01.25 18:30:00 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006.01.25 18:29:00 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006.01.25 18:29:00 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006.01.25 18:28:00 | 000,045,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2006.01.25 18:26:00 | 000,072,312 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2006.01.25 18:24:00 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2006.01.25 18:24:00 | 000,133,744 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005.11.28 13:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005.11.28 13:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005.11.25 13:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.14 13:37:48 | 002,066,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005.10.14 13:37:28 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005.09.09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005.07.14 19:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005.01.20 15:12:06 | 000,079,472 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004.03.13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Roly\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2011.07.02 07:50:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.02 07:50:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.08.27 14:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2010.08.22 21:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2009.12.22 17:42:53 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009.10.23 21:35:39 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 20:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007.04.23 14:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2006.07.26 09:13:30 | 000,754,688 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVerM115S.sys -- (AVerM115S)
DRV - [2006.07.21 17:39:58 | 000,005,376 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2006.06.30 10:27:00 | 000,075,264 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006.06.28 02:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20060628.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2006.06.28 02:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20060628.020\NAVENG.SYS -- (NAVENG)
DRV - [2006.06.06 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.06.06 05:20:00 | 000,088,444 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.06.06 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.06.06 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.06.06 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.06.06 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.06.06 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006.05.26 00:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006.03.17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006.03.17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006.03.06 11:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006.02.08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006.02.02 23:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006.01.31 18:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.01.25 18:30:00 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006.01.25 18:30:00 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006.01.25 18:26:00 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2006.01.25 18:24:00 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006.01.25 18:24:00 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Programme\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005.12.14 17:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005.12.05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005.11.28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.11.24 13:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.11.11 15:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - [2005.10.18 09:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.10.18 09:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.10.18 09:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.10.14 13:37:40 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005.10.14 13:37:38 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005.09.21 02:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)
DRV - [2005.09.20 08:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.12.23 04:47:10 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004.11.22 06:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004.11.01 05:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2000.12.05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000.11.09 12:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sony: Community: Welcome to the Sony Community for Computing
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sony: Community: Welcome to the Sony Community for Computing
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 EF E1 1B B9 3D CE 01  [binary data]
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&mkt=de-de&FORM=IE0000
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes\{26FF75D8-7A4C-451B-BBE7-A8CC22F0FC44}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK_deDE350
IE - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.04.20 14:53:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Sony Corp.)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppMon Utility] C:\Programme\Sony\AppMonUtil\AppMonUtility.exe (Sony Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [IS CfgWiz] C:\Programme\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Programme\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run:  C:\Programme\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Audio Filter.lnk = C:\Programme\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Dokumente und Einstellungen\Roly\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300159558-126359597-3874169104-1006\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342005163156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E85CD12-5740-4DFB-B998-56682244EE1C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1920x1200.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1920x1200.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.18 12:34:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.20 14:46:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.04.20 14:44:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.04.20 14:44:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.04.20 14:44:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.04.20 14:44:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.04.20 14:40:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.20 14:40:01 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Roly\Startmenü\Programme\Verwaltung
[2013.04.20 14:39:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.04.20 14:37:13 | 005,057,575 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Roly\Desktop\ComboFix.exe
[2013.04.20 13:04:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roly\Desktop\OTL.exe
[2013.04.19 14:32:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.04.16 18:02:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roly\Desktop\ferrari360 spider berlin
[2013.03.26 19:53:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roly\Eigene Dateien\ACOUSTIC PICKUP TESTS
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.20 14:59:23 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.04.20 14:58:47 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.20 14:58:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.20 14:58:34 | 2145,558,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.20 14:53:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.04.20 14:46:38 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2013.04.20 14:37:13 | 005,057,575 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Roly\Desktop\ComboFix.exe
[2013.04.20 14:28:18 | 000,613,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\adwcleaner.exe
[2013.04.20 14:20:00 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3300159558-126359597-3874169104-1006UA.job
[2013.04.20 14:16:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.20 11:50:13 | 000,001,035 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Startmenü\Programme\Autostart\Dropbox.lnk
[2013.04.20 11:49:56 | 000,001,025 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\Dropbox.lnk
[2013.04.20 11:48:19 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\2yli5or0.exe
[2013.04.20 10:46:20 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.04.19 17:09:25 | 000,503,968 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.19 17:09:25 | 000,477,976 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.19 17:09:25 | 000,103,908 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.19 17:09:25 | 000,086,316 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.19 16:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roly\Desktop\OTL.exe
[2013.04.16 19:21:11 | 000,042,702 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\roly bw pose.jpg
[2013.04.16 19:20:00 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3300159558-126359597-3874169104-1006Core.job
[2013.04.16 18:09:39 | 000,143,803 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_4.jpg
[2013.04.16 18:09:35 | 000,176,990 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_3.jpg
[2013.04.16 16:47:07 | 000,046,375 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\food.jpg
[2013.04.14 21:22:53 | 000,000,099 | ---- | M] () -- C:\WINDOWS\WirelessFTP.INI
[2013.04.13 14:37:20 | 000,401,811 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\see me.png
[2013.04.12 13:22:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.04.11 13:14:16 | 000,338,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.11 12:08:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.04.10 13:21:04 | 000,002,361 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\Google Chrome.lnk
[2013.04.09 18:14:28 | 000,444,066 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\ferrari 355 chiptuning.pdf
[2013.04.09 18:13:09 | 000,443,701 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\porsche carrera 4s chiptuning.pdf
[2013.04.09 18:11:51 | 000,443,776 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl350 chiptuning.pdf
[2013.04.09 18:10:43 | 000,444,647 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl500 chiptuning.pdf
[2013.04.09 14:38:32 | 000,000,858 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2013.04.08 11:32:57 | 000,085,326 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\rockerz.jpg
[2013.04.06 01:18:02 | 000,395,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\designo magno.jpg
[2013.03.27 21:59:44 | 000,043,397 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\muzos job.jpg
[2013.03.27 21:08:59 | 000,000,278 | ---- | M] () -- C:\WINDOWS\hpqcopy.INI
[2013.03.26 22:39:38 | 000,024,878 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\violinist incognito.jpg
[2013.03.26 21:50:38 | 000,048,210 | ---- | M] () -- C:\Dokumente und Einstellungen\Roly\Desktop\Aftershow Backstage Jürgen and Me.jpg
 
========== Files Created - No Company Name ==========
 
[2013.04.20 14:46:38 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2013.04.20 14:46:35 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.04.20 14:44:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.04.20 14:44:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.04.20 14:44:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.04.20 14:44:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.04.20 14:44:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.04.20 14:28:17 | 000,613,083 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\adwcleaner.exe
[2013.04.20 11:48:16 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\2yli5or0.exe
[2013.04.20 11:21:54 | 2145,558,528 | -HS- | C] () -- C:\hiberfil.sys
[2013.04.16 19:21:10 | 000,042,702 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\roly bw pose.jpg
[2013.04.16 18:09:39 | 000,143,803 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_4.jpg
[2013.04.16 18:09:35 | 000,176,990 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\strat_3.jpg
[2013.04.16 16:47:07 | 000,046,375 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\food.jpg
[2013.04.13 14:37:19 | 000,401,811 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\see me.png
[2013.04.09 18:14:28 | 000,444,066 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\ferrari 355 chiptuning.pdf
[2013.04.09 18:13:09 | 000,443,701 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\porsche carrera 4s chiptuning.pdf
[2013.04.09 18:11:51 | 000,443,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl350 chiptuning.pdf
[2013.04.09 18:10:43 | 000,444,647 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\sl500 chiptuning.pdf
[2013.04.09 14:38:32 | 000,000,858 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2013.04.08 11:32:56 | 000,085,326 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\rockerz.jpg
[2013.04.06 01:18:02 | 000,395,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\designo magno.jpg
[2013.03.27 21:59:43 | 000,043,397 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\muzos job.jpg
[2013.03.26 22:39:38 | 000,024,878 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Desktop\violinist incognito.jpg
[2013.02.05 17:12:27 | 001,656,816 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.02.14 22:22:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009.10.24 21:13:07 | 000,056,320 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.23 21:19:18 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Roly\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.08.18 12:32:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.25 20:25:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Affinegy
[2012.04.08 16:42:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2009.10.23 21:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo
[2013.01.22 21:59:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Research In Motion
[2009.10.23 22:01:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2009.10.23 21:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2009.11.24 22:46:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\$CUERoot$
[2013.04.20 15:00:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Dropbox
[2012.04.08 16:44:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\elsterformular
[2010.06.05 15:56:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Facebook
[2010.08.04 23:02:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\InterVideo
[2009.10.24 21:13:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Ordner HP Share-to-Web
[2013.01.22 22:03:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\Research In Motion
[2009.10.23 22:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roly\Anwendungsdaten\T-Online
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< reg query "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0" >
[2006.08.18 05:24:20 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006.08.18 12:37:24 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2006.08.18 17:51:22 | 000,000,364 | ---- | C] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job
[2009.10.25 19:52:08 | 000,001,154 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3300159558-126359597-3874169104-1006Core.job
[2009.10.25 19:52:08 | 000,001,206 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3300159558-126359597-3874169104-1006UA.job
[2010.01.26 17:20:45 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2010.01.31 03:05:41 | 000,001,086 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010.01.31 03:05:41 | 000,001,090 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
 
< reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}" /s >
 
<          >

< End of report >
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:24 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131