Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BOO/Sinowal.e

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.10.2009, 17:02   #1
stb
 
BOO/Sinowal.e - Standard

BOO/Sinowal.e



Tag.

Hab für ne Freundin eine Sicherung auf meinen PC gezogen, danach nen Virenscan gemacht. Hab leider erst heute von einem Freund erfahren, dass sie NIE nen Virenscan oder aktuelle Software auf ihrem PC hatte. Auf jeden fall hab ich nun einen BOO/Sinowal.e in den Bootsektoren /c & /d.
(Letzte VirenPrüfung war eine ca eine Woche vorher)

GMER läuft nun schon seit ca 4 Stunden - und ich hätte ihn eigendlich schon gerne platt gemacht, weil ich keinen Kopf hab um mit dem PC rumzukämpfen.
Mein Problem ist aber, dass dort wichtige Daten (wie u.a. auch die Sicherungen) drauf sind - und ich die gerne retten würde.
Ohne BOO/Sinowal.e mit zu kopieren, daher meine Frage; wie immunisier ich BOO/Sinowal.e am besten um die wichtigen Daten noch zuretten?

Danke schonmal
Mfg stb


ps. da der Trojaner mein Gateway irgendwie auser Gefecht gezogen hat muss ich alles über den Laptop laufen lassen (USB-Stick yes!)

Alt 22.10.2009, 18:12   #2
stb
 
BOO/Sinowal.e - Standard

BOO/Sinowal.e



GMER 1.0.15.15163 - GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-22 18:22:45
Windows 5.1.2600 Service Pack 2
Running: mi0mrs4i.bat; Driver: C:\DOKUME~1\stb\LOKALE~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xAE654040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xAE650930]
SSDT F7CE53D6 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xAE654510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xAE65A870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xAE65AAA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xAE65DFD0]
SSDT F7CE53CC ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xAE654600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xAE650F20]
SSDT F7CE53DB ZwDeleteKey
SSDT F7CE53E5 ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xAE65A580]
SSDT sput.sys ZwEnumerateKey [0xF73FACA2]
SSDT sput.sys ZwEnumerateValueKey [0xF73FB030]
SSDT F7CE53EA ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xAE650D70]
SSDT sput.sys ZwOpenKey [0xF73DC0C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xAE65A350]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xAE65A150]
SSDT sput.sys ZwQueryKey [0xF73FB108]
SSDT sput.sys ZwQueryValueKey [0xF73FAF88]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xAE65D250]
SSDT F7CE53F4 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xAE653C00]
SSDT F7CE53EF ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xAE654220]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xAE651120]
SSDT F7CE53E0 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xAE65ACD0]

INT 0x62 ? 8676CBF8
INT 0x73 ? 8676FF00
INT 0x82 ? 8676CBF8
INT 0x94 ? 86433BF8
INT 0xA4 ? 86433BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C14 12 Bytes [10, 45, 65, AE, 70, A8, 65, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 24EC 80501CE4 4 Bytes JMP F0F7CE53
? sput.sys Das System kann die angegebene Datei nicht finden. !
? srescan.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F5F757AE 5 Bytes JMP 864331D8
.text aw0lvo8n.SYS F5E83386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aw0lvo8n.SYS F5E833AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aw0lvo8n.SYS F5E833C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aw0lvo8n.SYS F5E833C9 1 Byte [2E]
.text aw0lvo8n.SYS F5E833C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
? C:\WINDOWS\TEMP\DE.tmp Das System kann die angegebene Datei nicht finden. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73DD040] sput.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73DD13C] sput.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73DD0BE] sput.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73DD7FC] sput.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73DD6D2] sput.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73ED048] sput.sys
IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!KfAcquireSpinLock] 03087408
IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!READ_PORT_UCHAR] 72F93B3F
IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!KeGetCurrentIrql] 8A09EBDA
IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!KfRaiseIrql] 86880547
IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!KfLowerIrql] 00001CBD
IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!HalGetInterruptVector] 88084B8A
IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!HalTranslateBusAddress] 001CBE8E
IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!KeStallExecutionProcessor] 40578B00
IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!KfReleaseSpinLock] 8D52006A
IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 001CC086
IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!READ_PORT_USHORT] B1E85000
IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000021
IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!WRITE_PORT_UCHAR] 001CB88E
IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[WMILIB.SYS!WmiSystemControl] 8900001C
IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[WMILIB.SYS!WmiCompleteRequest] 001CC48E
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AE658E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AE658E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AE658E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AE658E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [AE658E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AE658E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisDeregisterProtocol] [AE658E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
__________________


Alt 22.10.2009, 18:16   #3
stb
 
BOO/Sinowal.e - Standard

BOO/Sinowal.e



---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\gmer\mi0mrs4i.bat[768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\gmer\mi0mrs4i.bat[768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\gmer\mi0mrs4i.bat[768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\gmer\mi0mrs4i.bat[768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2484] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2484] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2484] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2484] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008D2E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008D2C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008D2C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008D2C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\svchost.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\svchost.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\svchost.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Analog Devices\Core\smax4pnp.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Analog Devices\Core\smax4pnp.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Analog Devices\Core\smax4pnp.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Analog Devices\Core\smax4pnp.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe[3688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe[3688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe[3688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe[3688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B72E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B72C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B72C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B72C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\iTunes\iTunesHelper.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BF2E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\iTunes\iTunesHelper.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BF2C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\iTunes\iTunesHelper.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BF2C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\iTunes\iTunesHelper.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BF2C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3900] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3900] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3900] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3900] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
__________________

Alt 22.10.2009, 18:16   #4
Argus
 
BOO/Sinowal.e - Standard

BOO/Sinowal.e



Schon mal MSE von Microsoft versucht?

Bei Einstellungen>>Erweitert ein haeckchen bei : Wechseltraeger ueberpruefen
Startseite>>ueberpruefungs einstellung >>Vollstaendig

Alt 22.10.2009, 18:17   #5
stb
 
BOO/Sinowal.e - Standard

BOO/Sinowal.e



---- Devices - GMER 1.0.15 ----

Device 867D81F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 8628B500
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\ACPI \Device\00000050 84EE9B00
Device \Driver\ACPI \Device\00000043 84EE9B00
Device \Driver\usbohci \Device\USBPDO-0 864321F8
Device \Driver\ACPI \Device\00000044 84EE9B00
Device \Driver\usbohci \Device\USBPDO-1 864321F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 867DA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 867DA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 867DA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 867DA1F8
Device \Driver\ACPI \Device\00000052 84EE9B00
Device \Driver\usbohci \Device\USBPDO-2 864321F8
Device \Driver\PCI_PNP9296 \Device\00000046 sput.sys
Device \Driver\PCI_PNP9296 \Device\00000046 sput.sys
Device \Driver\usbehci \Device\USBPDO-3 86410500
Device \Driver\ACPI \Device\00000060 84EE9B00
Device \Driver\ACPI \Device\00000061 84EE9B00
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\ACPI \Device\00000062 84EE9B00
Device \Driver\Ftdisk \Device\HarddiskVolume1 8676D1F8
Device \Driver\{3E487EF3-162C-4B87-A283C92D853C0551} \Device\RealHardDisk0 DE.tmp
Device \Driver\ACPI \Device\00000064 84EE9B00
Device \Driver\ACPI \Device\00000058 84EE9B00
Device \Driver\Ftdisk \Device\HarddiskVolume2 8676D1F8
Device \Driver\Cdrom \Device\CdRom0 863FA500
Device \Driver\Cdrom \Device\CdRom1 863FA500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8676C1F8
Device \Driver\atapi \Device\Ide\IdePort0 8676C1F8
Device \Driver\atapi \Device\Ide\IdePort1 8676C1F8
Device \Driver\ACPI \Device\00000066 84EE9B00
Device \Driver\Cdrom \Device\CdRom2 863FA500
Device \Driver\ACPI \Device\00000067 84EE9B00
Device \Driver\usbstor \Device\00000076 86291500
Device \Driver\NetBT \Device\NetBt_Wins_Export 85DE91F8
Device \Driver\ACPI \Device\0000004a 84EE9B00
Device \Driver\usbstor \Device\00000079 86291500
Device \Driver\NetBT \Device\NetbiosSmb 85DE91F8
Device \Driver\ACPI \Device\0000004c 84EE9B00
Device \Driver\ACPI \Device\0000004d 84EE9B00
Device \Driver\ACPI \Device\0000005b 84EE9B00
Device \Driver\ACPI \Device\0000004e 84EE9B00
Device \Driver\ACPI \Device\0000005c 84EE9B00
Device \Driver\ACPI \Device\0000004f 84EE9B00
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\ACPI \Device\0000005d 84EE9B00
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\ACPI \Device\0000006a 84EE9B00
Device \Driver\ACPI \Device\0000006b 84EE9B00
Device \Driver\NetBT \Device\NetBT_Tcpip_{24272A5E-6DA1-4CA2-A254-E256ABAA033A} 85DE91F8
Device \Driver\usbohci \Device\USBFDO-0 864321F8
Device \Driver\ACPI \Device\0000006c 84EE9B00
Device \Driver\usbohci \Device\USBFDO-1 864321F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85C6E1F8
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\usbohci \Device\USBFDO-2 864321F8
Device 85C6E1F8
Device \Driver\usbehci \Device\USBFDO-3 86410500
Device \Driver\Ftdisk \Device\FtControl 8676D1F8
Device \Driver\sptd \Device\311370546 sput.sys
Device \Driver\aw0lvo8n \Device\Scsi\aw0lvo8n1Port3Path0Target0Lun0 863CC1F8
Device \Driver\m5288 \Device\Scsi\m52881Port2Path0Target0Lun0 867D91F8
Device \Driver\m5288 \Device\Scsi\m52881 867D91F8
Device \Driver\aw0lvo8n \Device\Scsi\aw0lvo8n1 863CC1F8
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF6 0xB0 0x54 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEB 0x8A 0x9E 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x09 0x0A 0x17 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF6 0xB0 0x54 0x5F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEB 0x8A 0x9E 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x47 0x3D 0xA4 0x87 ...

---- Files - GMER 1.0.15 ----

File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\Bild 015.jpg 1345746 bytes
File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\Bild 017.jpg 1528504 bytes
File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail 0 bytes
File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\01-t.i.-56_barz.mp3 3179803 bytes
File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\02-t.i.-im_illy.mp3 4434824 bytes
File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\03-t.i.-ready_for_whatever.mp3 5567395 bytes
File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\04-t.i.-on_top_of_the_world_(ft._ludacris_and_b.o.b).mp3 5352708 bytes
File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\05-t.i.-live_your_life_(ft._rihanna).mp3 5479914 bytes
File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\06-t.i.-whatever_you_like.mp3 4840010 bytes
File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\07-t.i.-no_matter_what.mp3 5076882 bytes
File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\08-t.i.-my_life_your_entertainment_(ft._usher).mp3 6297011 bytes
File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\09-t.i.-porn_star.mp3 3650400 bytes
File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\10-t.i.-swing_ya_rag_(ft._swizz_beatz).mp3 3235998 bytes
File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\11-t.i.-what_up_whats_haapnin.mp3 3707904 bytes

---- EOF - GMER 1.0.15 ----


Alt 22.10.2009, 18:24   #6
stb
 
BOO/Sinowal.e - Standard

BOO/Sinowal.e



Zitat:
Zitat von Argus Beitrag anzeigen
Schon mal MSE von Microsoft versucht?

Bei Einstellungen>>Erweitert ein haeckchen bei : Wechseltraeger ueberpruefen
Startseite>>ueberpruefungs einstellung >>Vollstaendig
ne hab ich nochnet, kenn ich ehrlichgesagt auch nicht.
ich probiers gleich mal aus, danke.

Alt 22.10.2009, 18:33   #7
stb
 
BOO/Sinowal.e - Standard

BOO/Sinowal.e



Das Problem bei MSE ist, dass ich eine bestehende I-Net-Connection brauche um das zu aktualisieren - und ich diese wie im 1. post schon erwähnt nicht hab. Ergo MSE bringt mir grad nichts

Alt 22.10.2009, 18:39   #8
Argus
 
BOO/Sinowal.e - Standard

BOO/Sinowal.e



Was meinst du damit
Zitat:
(USB-Stick yes!)
oder brenne MSE auf CD-r

Alt 22.10.2009, 18:51   #9
stb
 
BOO/Sinowal.e - Standard

BOO/Sinowal.e



Zitat:
Zitat von Argus Beitrag anzeigen
Was meinst du damit

oder brenne MSE auf CD-r
Damit meine ich, dass ich vom Laptop (der kein brenner hat und ne alte *******kiste ist ist) die Sachen runterlade und per Stick auf meinen PC mache.

Weil ich, wie schon erwähnt keine Internetconnection durch den Trojaner hab.
(kann sehr gut sein, dass das ne Sicherheitseinstellung von Antivir ist (mit dem ich den Trojaner entdeckt hab) damit die bis dato aufgezeichneten Daten nicht ins Netz übertragen werden.)

Alt 22.10.2009, 18:52   #10
Argus
 
BOO/Sinowal.e - Standard

BOO/Sinowal.e



Download dieser Stand alone scanner auch VIPRERescue5463.exe

Info bei Sunbelt

Dieser scanner ist up-to-date,braucht also keine Updates via Internet

Alt 22.10.2009, 18:56   #11
Argus
 
BOO/Sinowal.e - Standard

BOO/Sinowal.e




Geändert von Argus (22.10.2009 um 19:48 Uhr)

Alt 22.10.2009, 19:00   #12
Larusso
/// Selecta Jahrusso
 
BOO/Sinowal.e - Standard

BOO/Sinowal.e



edit
Dein thread
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Geändert von Larusso (22.10.2009 um 19:21 Uhr)

Alt 22.10.2009, 19:17   #13
Argus
 
BOO/Sinowal.e - Standard

BOO/Sinowal.e




Geändert von Argus (22.10.2009 um 19:49 Uhr)

Alt 22.10.2009, 19:29   #14
stb
 
BOO/Sinowal.e - Standard

BOO/Sinowal.e



Code:
ATTFilter
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
copy of MBR has been found in sector 0x012A14C00 
malicious code @ sector 0x012A14C03 !
PE file found in sector at 0x012A14C19 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
         
Code:
ATTFilter
OTL logfile created on: 22.10.2009 20:11:20 - Run 1
OTL by OldTimer - Version 3.0.21.0     Folder = C:\Dokumente und Einstellungen\stb\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,23 Mb Total Physical Memory | 397,11 Mb Available Physical Memory | 38,81% Memory free
2,40 Gb Paging File | 1,87 Gb Available in Paging File | 77,94% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 4,96 Gb Free Space | 12,69% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 21,15 Gb Free Space | 19,23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: xxx
Current User Name: xxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Files/Folders - Created Within 30 Days ==========
 
[2009.10.19 11:23:15 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stb\Anwendungsdaten\OpenOffice.org
[2009.09.28 20:13:39 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stb\Anwendungsdaten\vlc
[2009.10.01 23:39:21 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\Chromium
[2009.10.19 12:21:27 | 00,000,000 | ---D | C] -- C:\Programme\LEGO Media
[2009.10.04 11:57:15 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft
[2009.10.22 19:30:16 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials
[2009.10.19 11:11:32 | 00,000,000 | ---D | C] -- C:\Programme\OpenOffice
[2009.10.01 23:39:12 | 00,000,000 | ---D | C] -- C:\Programme\SRWare Iron
[2009.10.22 18:45:38 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2009.10.22 20:09:19 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stb\Desktop\OTL.exe
[2009.10.22 19:28:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009.10.22 16:17:19 | 00,000,000 | ---D | C] -- C:\gmer
[2009.10.22 16:16:48 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stb\Desktop\samuel
[2009.10.20 14:16:47 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stb\Eigene Dateien\FACHARBEIT
[2009.10.18 23:51:48 | 00,000,000 | R-SD | C] -- C:\Dokumente und Einstellungen\stb\Eigene Dateien\My Stationery
[2009.10.05 19:27:29 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stb\Eigene Dateien\photoshopbrushes
[2009.10.01 19:31:05 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stb\Eigene Dateien\e-Sword
[2004.11.24 20:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOOF\System32\drvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[1 C:\WINDOWS\System32\*.tmp files]
[2009.10.22 20:09:29 | 51,877,920 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009.10.22 20:02:34 | 00,077,312 | ---- | M] () -- C:\Dokumente und Einstellungen\stb\Desktop\mbr.exe
[2009.10.22 20:00:02 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stb\Desktop\OTL.exe
[2009.10.22 19:35:46 | 00,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009.10.22 19:30:20 | 00,000,798 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Security Essentials.lnk
[2009.10.22 19:27:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.10.22 18:45:39 | 00,001,698 | ---- | M] () -- C:\Dokumente und Einstellungen\stb\Desktop\HijackThis.lnk
[2009.10.22 15:36:59 | 01,605,632 | ---- | M] () -- C:\Dokumente und Einstellungen\stb\Desktop\save it.iso
[2009.10.22 13:50:30 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2009.10.22 13:50:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.10.22 13:50:30 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009.10.22 13:45:53 | 00,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009.10.22 13:45:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.10.22 13:45:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.10.22 13:45:24 | 00,060,452 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009.10.22 13:45:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009.10.22 02:33:27 | 00,616,352 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009.10.21 23:43:43 | 00,025,216 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.10.20 04:10:11 | 03,172,304 | -H-- | M] () -- C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2009.10.19 11:56:25 | 01,444,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.10.19 11:26:40 | 00,030,176 | ---- | M] () -- C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2009.10.15 20:16:52 | 00,000,182 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.15 19:38:17 | 00,079,360 | ---- | M] () -- C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.01 23:39:21 | 00,000,641 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SRWare Iron.lnk
[2009.09.25 17:58:04 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
 
========== Files - No Company Name ==========
[2009.10.22 20:09:19 | 00,077,312 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Desktop\mbr.exe
[2009.10.22 19:35:46 | 00,000,400 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009.10.22 19:30:20 | 00,000,798 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Security Essentials.lnk
[2009.10.22 18:45:39 | 00,001,698 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Desktop\HijackThis.lnk
[2009.10.22 15:36:58 | 01,605,632 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Desktop\save it.iso
[2009.10.21 23:43:43 | 00,025,216 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.10.15 20:16:56 | 12,858,932 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Desktop\parteeey 003.AVI
[2009.10.01 23:39:21 | 00,000,641 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SRWare Iron.lnk
[2009.09.15 17:12:28 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009.09.06 02:05:22 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.07.14 10:57:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SetPointInstall.ini
[2009.05.12 18:44:51 | 00,000,179 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Anwendungsdaten\setup.log
[2009.05.12 18:44:40 | 00,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Anwendungsdaten\setup_ldm.iss
[2009.03.20 13:23:16 | 00,000,143 | -H-- | C] () -- C:\WINDOWS\System32\CTLSW.INI
[2009.03.20 13:23:16 | 00,000,134 | ---- | C] () -- C:\WINDOWS\System32\swctl.dll
[2009.01.23 17:45:09 | 00,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.01.23 17:45:09 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008.12.14 22:49:49 | 00,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008.12.11 17:41:49 | 00,079,360 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.02 16:39:45 | 00,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.11.30 18:03:51 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.11.30 15:58:24 | 03,348,743 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Anwendungsdaten\NMM-MetaData.db
[2008.11.30 13:57:09 | 00,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll
[2008.11.30 13:57:09 | 00,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll
[2008.11.30 13:56:42 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008.11.30 13:53:17 | 00,030,176 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2008.11.30 13:30:38 | 03,172,304 | -H-- | C] () -- C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2008.11.30 13:28:29 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\stb\Anwendungsdaten\desktop.ini
[2008.11.30 13:09:06 | 00,271,264 | ---- | C] () -- C:\WINDOOF\System32\vbrun100.dll
[2008.11.30 13:02:47 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
[2008.11.21 23:47:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.21 23:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.11.21 23:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.11.21 23:44:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.11.09 18:42:17 | 00,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008.01.15 03:31:00 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007.03.17 20:07:09 | 01,800,192 | ---- | C] () -- C:\WINDOWS\System32\hmtcdres.dll
[2007.03.17 20:07:08 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\hmtcd.dll
[2006.06.26 11:33:40 | 00,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2005.12.07 13:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004.10.03 18:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2001.08.18 13:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2001.08.18 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
< End of report >
         

Alt 22.10.2009, 19:31   #15
stb
 
BOO/Sinowal.e - Standard

BOO/Sinowal.e



Code:
ATTFilter
OTL Extras logfile created on: 22.10.2009 20:11:20 - Run 1
OTL by OldTimer - Version 3.0.21.0     Folder = C:\Dokumente und Einstellungen\stb\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,23 Mb Total Physical Memory | 397,11 Mb Available Physical Memory | 38,81% Memory free
2,40 Gb Paging File | 1,87 Gb Available in Paging File | 77,94% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 4,96 Gb Free Space | 12,69% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 21,15 Gb Free Space | 19,23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: STB
Current User Name: stb
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOOF\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Autodesk\Backburner\monitor.exe" = C:\Programme\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Programme\Autodesk\Backburner\manager.exe" = C:\Programme\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Programme\Autodesk\Backburner\server.exe" = C:\Programme\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Programme\Autodesk\3ds Max 2009\3dsmax.exe" = C:\Programme\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit -- (Autodesk, Inc.)
"C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe" = C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe:*:Enabled:AVM FRITZ!Box Kindersicherung -- (AVM Berlin)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\Dyyno Receiver\DPPM.exe" = C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver -- ()
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E15D21-B68B-D7C4-574B-636E2D1ECEBE}" = Catalyst Control Center HydraVision Full
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0E94871C-623C-464F-A117-B8474BFF84E1}" = Nokia MTP driver
"{1170F665-2359-E439-5BC5-932B87423EF1}" = ccc-utility
"{13800ED7-C5CA-35FB-A612-2296DEF19BB0}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - DEU
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{38C7CB9E-1451-38D5-BB97-B7FC59E1A8B8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - deu
"{39D74E81-5DED-C7EE-8807-91A8800212FA}" = ccc-core-preinstall
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41C01225-45FD-7BCE-1EDA-F7E50945ADD7}" = Catalyst Control Center Core Implementation
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42F7C377-2A1F-44FB-A17F-053C29E81031}" = Nero 7 Premium
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4CC04CB8-422A-4940-A5C9-90F233690509}_is1" = SRWare Iron 3.0.197.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5E8E1294-7951-6DA9-10F1-C877871346F3}" = Skins
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{826F3B4F-C597-AF1D-4CB1-2F441BE8E2BF}" = ccc-core-static
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{87B20692-9E9D-FAE0-76C7-E75E3CC7B0D1}" = Catalyst Control Center Graphics Full Existing
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{957645C3-8003-465B-839E-AFF5A5824B35}" = e-Sword
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A47AFECA-7F0F-471A-82A3-68DEB673A311}" = AVM FRITZ!Box-Kindersicherung
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29769BE-BEDF-DC9E-67A9-5E7AEFF039CF}" = CCC Help English
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C740289B-FC90-D938-8317-1FFEBF7C04DB}" = Catalyst Control Center Graphics Previews Common
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F30A8BF7-288C-57C0-357E-6D67BB694682}" = Catalyst Control Center Graphics Full New
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F54543CF-EC73-D847-1780-84A6420EA229}" = Catalyst Control Center Graphics Light
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDC53DC6-137A-4541-BFA2-A9BAE4A7FE99}" = ULi Sata Driver
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem  (06/12/2006 6.81.0.21)
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AIMP2" = AIMP2
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE7" = Internet Explorer 7
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"QcDrv" = Logitech® Camera-Treiber
"Skype_is1" = Skype 2.5
"Steam App 10" = Counter-Strike
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.2
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Presentation Foundation Language Pack (DEU)" = Windows Presentation Foundation Language Pack (DEU)
"WinLiveSuite_Wave3" = Windows Live Essentials
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zattoo" = Zattoo 3.3.4 Beta
"ZoneAlarm" = ZoneAlarm
         

Geändert von stb (22.10.2009 um 19:49 Uhr)

Antwort

Themen zu BOO/Sinowal.e
aktuelle, beste, besten, boo/sinowal.e, bootsektoren, daten, frage, freundin, gateway, heute, kopieren, laptop, laufen, platt, problem, prüfung, retten, scan, sicherung, software, stunden, troja, trojaner, usb-stick, virenscan, wichtige, wichtige daten, woche



Ähnliche Themen: BOO/Sinowal.e


  1. Wie entferne ich BDS/Sinowal.knfal oder generell Sinowal?
    Plagegeister aller Art und deren Bekämpfung - 31.12.2011 (17)
  2. Sinowal ?!
    Plagegeister aller Art und deren Bekämpfung - 27.10.2011 (28)
  3. BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 24.05.2011 (1)
  4. Exp/Sinowal.F ?
    Log-Analyse und Auswertung - 09.05.2011 (1)
  5. RKIT/MBR.Sinowal.J ...Boo/Sinowal.C ...W32/Stanit
    Plagegeister aller Art und deren Bekämpfung - 25.02.2011 (15)
  6. BOO/Sinowal.F
    Log-Analyse und Auswertung - 22.07.2010 (2)
  7. BOO/ Sinowal.D
    Plagegeister aller Art und deren Bekämpfung - 11.08.2009 (4)
  8. BOO/Sinowal.D
    Plagegeister aller Art und deren Bekämpfung - 02.08.2009 (18)
  9. BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 19.04.2009 (15)
  10. B00 / Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 17.03.2009 (4)
  11. B00 / Sinowal.A
    Log-Analyse und Auswertung - 05.03.2009 (0)
  12. BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 21.02.2009 (4)
  13. BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 20.02.2009 (1)
  14. BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 14.01.2009 (5)
  15. boo/sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 17.11.2008 (21)
  16. BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 03.11.2008 (7)
  17. BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 01.09.2008 (9)

Zum Thema BOO/Sinowal.e - Tag. Hab für ne Freundin eine Sicherung auf meinen PC gezogen, danach nen Virenscan gemacht. Hab leider erst heute von einem Freund erfahren, dass sie NIE nen Virenscan oder aktuelle - BOO/Sinowal.e...
Archiv
Du betrachtest: BOO/Sinowal.e auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.