Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA-Trojaner: Log Prüfung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.06.2011, 21:39   #1
zio
 
BKA-Trojaner: Log Prüfung - Standard

BKA-Trojaner: Log Prüfung



Hallo trojaner-board Community!

Eine Freundin von mir hat sich auch den BKA-Trojaner eingeholt und ich helfe ihr, ihren Rechner wieder sauber zu kriegen. Ich habe die Rescue Disk 10 von Kaspersky benutzt, somit konnte ich sämtliche Dateien löschen und mindestens wieder den Rechner benutzen.

Ich habe mir den Post unter diesem Link angeschaut:
http://www.trojaner-board.de/97820-b...-pruefung.html

Ich habe schon Java 6 update 26 heruntergeladen, sowie die letzte Version von Adobe Reader, die X.

Hier mein Log mit MBAM (mbam-log-2011-06-25 (20-53-27)):
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
 
Datenbank Version: 6948
 
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
 
25/06/2011 20:53:27
mbam-log-2011-06-25 (20-53-27).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 348858
Laufzeit: 1 Stunde(n), 12 Minute(n), 9 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
c:\dokumente und einstellungen\user1\anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\user2\favoriten\online security test.url (Rogue.Link) -> Quarantined and deleted successfully.
         
Vielen Dank im voraus für die Hilfe

Ich poste schon mal die mit ccleaner erstellte Liste meiner Programme:

Code:
ATTFilter
Adobe Acrobat  7.0 Elements - Deutsch    Adobe Systems    7.0.0
Adobe Flash Player 10 ActiveX    Adobe Systems Incorporated    10.0.22.87
Adobe Flash Player 10 Plugin    Adobe Systems Incorporated    10.3.181.26
Adobe Flash Player 9 ActiveX    Adobe Systems    9
Adobe Photoshop Elements 4.0    Adobe Systems, Inc.    4.0
Adobe Reader 9.4.5 - Deutsch    Adobe Systems Incorporated    9.4.5
Advanced Video FX Engine        
AliceHilfe        1.0.0.1
ANY_WAY photo    Olivetti S.p.A.    1.00.0205
Apple Application Support    Apple Inc.    1.4.1
Apple Mobile Device Support    Apple Inc.    3.3.1.3
Apple Software Update    Apple Inc.    2.1.1.116
ArcSoft Panorama Maker 3.0        
ArcSoft PhotoImpression 5    ArcSoft    
Avira AntiVir Personal - Free Antivirus    Avira GmbH    
Bonjour    Apple Inc.    2.0.4.0
CCleaner    Piriform    3.07
Companion Suite IH        1.1.2
CompEat Pro        
Creative Live! Cam Center        
Creative Live! Cam Manager        
Creative Live! Cam Video IM Driver (1.00.07.00)        
Creative Photo Manager        
Creative System Information        
DivX Setup    DivX, LLC    2.3.1.2
DVgate Plus        
FotoStation Easy        
Google Earth    Google    5.2.1.1588
HDAUDIO SoftV92 Data Fax Modem with SmartCP        
High Definition Audio Driver Package - KB835221    Microsoft Corporation    20040219.000000
HijackThis 1.99.1    Soeperman Enterprises Ltd.    1.99.1
Image Converter 2 Plus    Sony Corporation    2.2.01
Intel(R) PRO Network Connections Drivers        
Intel(R) PROSet/Wireless Software    Intel Corporation    
InterVideo WinDVD for VAIO    InterVideo Inc.    5.0-B11.739
iPhone Configuration Utility    Apple Inc.    2.1.0.163
iTunes    Apple Inc.    10.1.2.17
Java(TM) 6 Update 26    Oracle    6.0.260
LAN-Express AS IEEE 802.11 Wireless LAN        
LiveUpdate 2.6 (Symantec Corporation)    Symantec Corporation    2.6.14.0
Malwarebytes' Anti-Malware Version 1.51.0.1200    Malwarebytes Corporation    1.51.0.1200
Memory Stick Formatter        
Microsoft .NET Framework 2.0 Language Pack - DEU    Microsoft Corporation    
Microsoft .NET Framework 2.0 Service Pack 2    Microsoft Corporation    2.2.30729
Microsoft .NET Framework 3.0 German Language Pack    Microsoft Corporation    
Microsoft .NET Framework 3.0 Service Pack 2    Microsoft Corporation    3.2.30729
Microsoft .NET Framework 3.5 SP1    Microsoft Corporation    
Microsoft Compression Client Pack 1.0 for Windows XP    Microsoft Corporation    1
Microsoft Office XP Professional mit FrontPage    Microsoft Corporation    10.0.4330.0
Microsoft SQL Server Desktop Engine (VAIO_VEDB)    Microsoft Corporation    8.00.761
Microsoft User-Mode Driver Framework Feature Pack 1.0    Microsoft Corporation    
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    8.0.56336
Microsoft Works    Microsoft Corporation    08.04.0702
Mobile Partner Manager    ZTE Corporation    1.0.0.1
MobileMe Control Panel    Apple Inc.    3.0.0.101
Mozilla Firefox (3.6)    Mozilla    3.6 (de)
MSXML        
MSXML 4.0 SP2 (KB927978)    Microsoft Corporation    4.20.9841.0
MSXML 4.0 SP2 (KB936181)    Microsoft Corporation    4.20.9848.0
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    4.20.9870.0
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    4.20.9876.0
MSXML 6 Service Pack 2 (KB973686)    Microsoft Corporation    6.20.2003.0
Nikon View 5        
NVIDIA Drivers        
OpenMG Limited Patch 4.3-05-10-05-01        
OpenMG Secure Module 4.3.00    Sony Corporation    4.3.00.08302
QuickTime    Apple Inc.    7.69.80.9
RealPlayer    RealNetworks    
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    1.92
Roxio DigitalMedia Audio    Roxio    2.0.4
Roxio DigitalMedia Copy    Roxio    2.0.4
Roxio DigitalMedia Data    Roxio    2.0.4
Setting Utility Series        
SightSpeed (remove only)    SightSpeed Inc.    6.0 (6071)
Skype Toolbars    Skype Technologies S.A.    1.0.4051
Skype™ 5.0    Skype Technologies S.A.    5.0.152
Sonic UDF Reader    Sonic Solutions    5.2.1
SonicStage Mastering Studio 2.1        
SonicStage Mastering Studio Audio Filter        
SonicStage Mastering Studio Audio Filter Custom Preset        
SonicStage Mastering Studio Plugins        
Sony Ericsson Media Manager 1.2    Sony Ericsson    1.2.610
Sony MP4 Shared Library    Sony Corporation    2.0
SONY Photosizetool    Colorplaza SA    1.0.2.1
Sony Picture Utility    Sony Corporation    2.0.03.13170
Sony USB Driver    Sony Corporation    2.00
Sony USB Mouse        
Sony Utilities DLL        
Sony Video Shared Library    Sony Corporation    2.0.01
Spybot - Search & Destroy 1.4    Safer Networking Limited    1.4
T-DSL SpeedManager        
VAIO Control Center        
VAIO Edit Components 6.0    Sony Corporation    6.0
VAIO Entertainment Platform    Sony Corporation    1.3.20.10060
VAIO Event Service    Sony Corporation    2.2.00.06130
VAIO Long Battery Life Wallpaper        
VAIO Media 5.0    Sony Corporation    5.0.00
VAIO Media AC3 Decoder 1.0        
VAIO Media Integrated Server 5.0    Sony Corporation    
VAIO Media Redistribution 5.0    Sony Corporation    5.0.00
VAIO Media Registration Tool 5.0    Sony Corporation    5.0.00
VAIO Original Screen Saver        
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents        
VAIO Power Management    Sony Corporation    1.7.01.10190
VAIO Product Survey    Sony Corporation    1.1.2.1
VAIO Sea Wallpaper        
VAIO Starfish Wallpaper        
VAIO Update 2        
VAIO-Online-Registrierung (Deutsch)    Sony Corporation    4.6.0.0
VideoLAN VLC media player 0.8.5    VideoLAN Team    0.8.5
Windows Internet Explorer 8    Microsoft Corporation    20090308.140743
Windows Media Format 11 runtime        
Windows Media Player 11        
Windows Media Player Firefox Plugin    Microsoft Corp    1.0.0.8
Windows XP Service Pack 3    Microsoft Corporation    20080414.031514
WinRAR Archivierer        
Wireless LAN Starter
         

Alt 26.06.2011, 13:32   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA-Trojaner: Log Prüfung - Standard

BKA-Trojaner: Log Prüfung



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________

Alt 26.06.2011, 13:44   #3
zio
 
BKA-Trojaner: Log Prüfung - Standard

BKA-Trojaner: Log Prüfung



Hi Arne,
vielen Dank für die Antwort.

Muss ich bei OTL auch die Optionen "Scan all users", "LOP check" und "Purity check" aktivieren?
__________________

Alt 26.06.2011, 14:16   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA-Trojaner: Log Prüfung - Standard

BKA-Trojaner: Log Prüfung



Ja ruhig aktivieren

Alt 26.06.2011, 14:24   #5
zio
 
BKA-Trojaner: Log Prüfung - Standard

BKA-Trojaner: Log Prüfung



Hi Arne,
hier ist mein OTL Log.

Vielen Dank

Code:
ATTFilter
OTL logfile created on: 26/06/2011 14:46:52 - Run 2
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Dokumente und Einstellungen\user1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy
 
1022.42 Mb Total Physical Memory | 618.57 Mb Available Physical Memory | 60.50% Memory free
2.40 Gb Paging File | 1.97 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 46.57 Gb Total Space | 24.62 Gb Free Space | 52.87% Space Free | Partition Type: NTFS
Drive D: | 39.60 Gb Total Space | 12.84 Gb Free Space | 32.43% Space Free | Partition Type: NTFS
 
Computer Name: NAME-467835018E | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/06/25 21:09:39 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user1\Desktop\OTL.exe
PRC - [2011/04/08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011/01/05 12:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/16 10:51:34 | 000,138,584 | ---- | M] () -- C:\Programme\Mobile Partner Manager\UIExec.exe
PRC - [2010/07/16 10:49:38 | 000,252,784 | ---- | M] () -- C:\Programme\Mobile Partner Manager\AssistantServices.exe
PRC - [2009/09/09 12:21:11 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2008/11/24 21:39:37 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/11/24 21:39:35 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/07/19 14:49:12 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/04/14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/13 05:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2006/06/09 01:11:00 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe
PRC - [2006/05/16 03:00:00 | 000,028,672 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0220Mon.exe
PRC - [2006/01/03 15:23:56 | 000,094,208 | ---- | M] (Olivetti) -- C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe
PRC - [2006/01/03 11:36:32 | 000,069,632 | ---- | M] (Olivetti) -- C:\Programme\Olivetti\ANY_WAY\olMntrService.exe
PRC - [2005/10/19 23:07:34 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe
PRC - [2005/10/11 22:36:38 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/09/01 12:44:46 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/09/01 12:44:46 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/09/01 12:44:42 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/05/20 18:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe
PRC - [2003/11/07 10:21:28 | 000,114,688 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe
PRC - [2003/02/26 04:08:42 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe
PRC - [2002/03/14 17:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/06/25 21:09:39 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user1\Desktop\OTL.exe
MOD - [2008/04/14 04:20:11 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011/01/05 12:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/16 10:49:38 | 000,252,784 | ---- | M] () [Auto | Running] -- C:\Programme\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008/11/24 21:39:37 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/11/24 21:39:35 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2006/01/03 11:36:32 | 000,069,632 | ---- | M] (Olivetti) [Auto | Running] -- C:\Programme\Olivetti\ANY_WAY\olMntrService.exe -- (olMntrService)
SRV - [2005/10/11 15:04:44 | 001,982,464 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/10/11 13:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/10/11 13:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/10/11 13:00:46 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/10/06 15:28:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/09/01 12:44:46 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/09/01 12:44:46 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/09/01 12:44:42 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/08/30 16:00:50 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/08/30 15:55:18 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/08/30 15:49:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/07/14 20:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/07/08 02:12:54 | 000,466,944 | ---- | M] (Sagem) [On_Demand | Stopped] -- C:\WINDOWS\System32\sgbxcoms.exe -- (sgbx_device)
SRV - [2005/05/20 18:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/02/25 21:45:00 | 000,992,864 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/01/04 12:09:36 | 000,398,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe -- (VCI)
SRV - [2004/07/14 16:00:44 | 000,147,456 | ---- | M] (T-Systems Nova, Berkom) [On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\tsmsvc.exe -- (TSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/01/18 12:21:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/18 12:21:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/18 12:21:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/18 12:21:00 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/12/17 12:31:42 | 000,021,504 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Ndisprot.sys -- (Ndisprot)
DRV - [2009/06/13 19:48:23 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/06/13 19:48:22 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/01/09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/11/02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV - [2007/11/02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)
DRV - [2007/11/02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217obex.sys -- (s217obex)
DRV - [2007/11/02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV - [2007/11/02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007/11/02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV - [2007/11/02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007/06/19 09:51:20 | 000,107,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm)
DRV - [2007/06/19 09:51:18 | 000,099,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/19 09:51:18 | 000,097,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
DRV - [2007/06/19 09:51:18 | 000,097,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex)
DRV - [2007/06/19 09:51:18 | 000,021,928 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
DRV - [2007/06/19 09:51:18 | 000,013,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl)
DRV - [2007/06/19 09:51:16 | 000,081,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV - [2006/08/20 10:09:54 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\STEC3.sys -- (STEC3)
DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/05/24 10:55:30 | 000,145,472 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Dev.sys -- (V0220Dev)
DRV - [2006/03/24 10:24:32 | 000,006,272 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Vfx.sys -- (V0220Vfx)
DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/11 21:00:44 | 000,077,312 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2005/07/08 02:52:14 | 000,010,240 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbItf.sys -- (UsbItf)
DRV - [2005/07/08 02:33:08 | 000,031,784 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HttpUsb.sys -- (HttpUsb)
DRV - [2005/06/29 07:35:10 | 003,173,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/05/23 03:31:46 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/05/23 03:30:48 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/05/23 03:30:42 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/03 08:03:54 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/04/30 17:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/02/25 21:45:00 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/11 00:07:50 | 000,456,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2004/03/11 17:44:26 | 000,009,696 | ---- | M] (T-Systems Nova GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\TNPACKET.SYS -- (TNPacket)
DRV - [2003/09/29 06:31:38 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000/12/05 17:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 12:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
DRV - [2000/10/15 18:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\PCANDIS5.SYS -- (PCANDIS5)
DRV - [1999/09/10 13:06:00 | 000,025,244 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.sys -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
 
IE - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mlb.com/
IE - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
 
 
FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011/03/16 21:44:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011/03/16 21:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/03/16 20:37:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/06/25 22:06:31 | 000,000,000 | ---D | M]
 
[2008/07/28 14:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Extensions
[2011/06/25 21:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\bcbdm93j.default\extensions
[2009/09/02 09:42:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\bcbdm93j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/01 15:28:30 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\bcbdm93j.default\extensions\moveplayer@movenetworks.com
[2008/10/25 09:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\bcbdm93j.default\extensions\toolbar_extras@de.yahoo.com
[2011/06/25 21:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010/08/15 09:41:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/06/25 21:53:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2008/11/09 17:30:58 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2011/03/16 21:44:44 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/03/16 21:44:45 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/06/25 21:53:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/25 21:53:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/03/16 10:53:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/03/16 10:53:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/03/16 10:53:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/03/16 10:53:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/03/16 10:53:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/02 16:33:11 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVFX Engine] C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OlStatusMon] C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe (Olivetti)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Programme\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VAIO Update 2] C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007..\Run: [Creative Live! Cam Manager] C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Autostart\Picture Motion Browser Media Check Tool.lnk = C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Autostart\Yahoo! Widget Engine.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Übertragen mit Image Converter 2 Plus - C:\Programme\Sony\Image Converter 2\menu.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab (BatchDownloader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.118 195.50.140.180
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/21 12:46:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{171d76ac-b81e-11da-a1a4-00166f36ca77}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\Shell - "" = AutoRun
O33 - MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000 begin_of_the_skype_highlighting**************056-444553540000******end_of_the_skype_highlighting} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Programme\Gemeinsame Dateien\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/06/26 14:28:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/25 22:04:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/25 21:53:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2011/06/25 21:45:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user1\Desktop\Repair logs
[2011/06/25 21:35:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2011/06/25 21:09:39 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user1\Desktop\OTL.exe
[2011/06/25 19:37:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Malwarebytes
[2011/06/25 19:37:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011/06/25 19:37:08 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/25 19:37:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011/06/25 19:37:00 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/25 19:36:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011/06/25 19:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/25 18:58:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/06/25 18:58:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2011/06/25 18:58:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/06/25 18:53:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/06/25 18:48:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/06/25 18:48:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/06/26 13:57:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/26 13:57:19 | 000,022,745 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/06/26 13:56:42 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/26 13:56:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/26 13:56:27 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/26 00:22:23 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/06/25 23:56:03 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/25 22:12:53 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Desktop\ifi22yxu.exe
[2011/06/25 22:06:31 | 000,001,718 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk
[2011/06/25 21:42:21 | 000,475,180 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/06/25 21:42:21 | 000,328,326 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/25 21:42:21 | 000,091,464 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/06/25 21:42:21 | 000,076,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/25 21:35:11 | 000,000,658 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011/06/25 21:09:39 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user1\Desktop\OTL.exe
[2011/06/25 19:26:11 | 000,316,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/25 18:53:12 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/06/25 22:12:52 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Desktop\ifi22yxu.exe
[2011/06/25 22:06:31 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk
[2011/06/25 22:06:31 | 000,001,718 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk
[2011/06/25 21:35:11 | 000,000,658 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011/06/25 21:29:35 | 000,030,259 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Desktop\hjtscanlist.bat
[2011/06/25 19:26:45 | 000,000,722 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Outlook Express.lnk
[2011/06/25 10:39:18 | 1072,156,672 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/09 22:50:41 | 000,036,352 | ---- | C] () -- C:\WINDOWS\Sx32w.dll
[2010/08/15 09:43:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/07 23:29:49 | 000,056,640 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/03/06 23:13:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/04 21:36:56 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/05/16 17:14:16 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/09/11 18:58:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\sgbxvs.dll
[2006/09/11 18:58:39 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\sgbxplc.ini
[2006/09/11 18:58:38 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\sgbxjswr.dll
[2006/09/11 18:58:38 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\sgbxinsr.dll
[2006/09/11 18:58:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sgbxcfg.dll
[2006/09/11 18:58:37 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\sgbxutil.dll
[2006/09/11 18:58:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\sgbxcur.dll
[2006/09/11 18:58:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\sgbxinsb.dll
[2006/09/11 18:58:36 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\sgbxins.dll
[2006/09/11 18:58:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\sgbxcub.dll
[2006/09/11 18:58:34 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\sgbxcu.dll
[2006/09/06 21:18:24 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2006/09/02 16:40:18 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006/08/20 10:13:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2006/08/06 21:31:51 | 000,000,223 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/03 10:46:08 | 000,001,778 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006/08/01 15:08:51 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PMK_setup.ini
[2006/04/22 00:49:10 | 000,064,512 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/20 22:51:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2006/03/01 18:24:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/03/01 18:24:20 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/03/01 18:24:09 | 000,003,880 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/02/24 16:21:25 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/02/24 15:40:52 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\wklnhst.dat
[2006/02/24 15:31:09 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005/12/23 04:47:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/23 04:37:42 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/12/23 04:34:52 | 000,000,217 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/22 10:49:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/21 17:53:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/21 17:53:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/21 17:53:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/21 17:53:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/21 17:53:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/21 17:53:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/21 17:40:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/11/21 16:10:44 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
[2005/11/21 14:40:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/11/21 13:11:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/21 12:48:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/11/21 12:44:25 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/21 12:39:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/21 12:38:43 | 000,316,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/21 04:33:30 | 000,004,152 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/21 04:33:15 | 000,475,180 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2005/11/21 04:33:15 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2005/11/21 04:33:15 | 000,091,464 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2005/11/21 04:33:15 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2005/11/21 04:32:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/11/21 04:32:55 | 000,328,326 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/11/21 04:32:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/11/21 04:32:55 | 000,076,038 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/11/21 04:32:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/11/21 04:32:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/11/21 04:32:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/11/21 04:32:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/11/21 04:32:45 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/11/21 04:32:45 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/11/21 04:32:38 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/11/21 04:32:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/11/01 10:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
 
========== LOP Check ==========
 
[2006/08/21 12:26:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2011/06/25 19:28:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
[2006/03/13 21:18:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2008/07/31 21:10:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2006/07/13 21:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2006/07/16 14:43:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2010/04/08 10:27:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 11:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 17:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/09/03 10:11:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\T-DSL SpeedManager
[2006/08/01 15:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user2\Anwendungsdaten\Nikon
[2006/07/31 13:23:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user2\Anwendungsdaten\T-DSL SpeedManager
[2006/02/27 18:57:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user2\Anwendungsdaten\Template
[2006/05/10 21:15:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\sony
[2011/03/06 23:13:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\AliceHilfe
[2009/12/03 21:13:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\CoSoSys
[2011/03/16 21:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\DDMSettings
[2006/04/30 20:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\InterVideo
[2006/02/24 16:37:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Leadertech
[2006/02/26 23:15:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\MSNInstaller
[2006/08/02 08:22:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Nikon
[2006/02/26 21:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Opera
[2008/07/30 16:56:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\ScanSoft
[2008/08/01 12:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony
[2006/07/13 21:45:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\T-DSL SpeedManager
[2010/11/30 12:52:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\TeamViewer
[2006/02/24 20:41:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Template
[2006/02/24 21:41:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\WEBDE
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2007/01/21 13:06:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Microsoft
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009/08/24 21:43:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Adobe
[2006/02/24 18:52:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\AdobeUM
[2011/03/06 23:13:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\AliceHilfe
[2009/09/23 14:44:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Apple Computer
[2007/03/16 23:08:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Arcsoft
[2009/12/03 21:13:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\CoSoSys
[2006/12/11 11:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Creative
[2011/03/16 21:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\DDMSettings
[2011/03/16 21:44:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\DivX
[2006/04/22 21:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Google
[2006/03/11 20:12:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Help
[2005/11/21 12:46:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Identities
[2006/04/30 20:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\InterVideo
[2009/09/07 23:31:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Lavasoft
[2006/02/24 16:37:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Leadertech
[2006/02/24 18:47:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Macromedia
[2011/06/25 19:37:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Malwarebytes
[2010/01/09 12:12:29 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Microsoft
[2009/06/01 15:28:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Move Networks
[2008/07/28 14:41:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla
[2006/02/26 23:15:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\MSNInstaller
[2007/01/04 14:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\MySpace
[2006/08/02 08:22:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Nikon
[2006/02/26 21:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Opera
[2006/02/26 18:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\PC Tools
[2009/09/09 12:22:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Real
[2007/02/08 17:45:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Reallusion
[2008/07/30 16:56:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\ScanSoft
[2011/03/13 22:05:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Skype
[2011/03/13 20:09:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\skypePM
[2006/02/24 16:38:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Sonic
[2008/08/01 12:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony
[2008/08/04 21:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Sony Corporation
[2006/03/05 22:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Sun
[2006/02/24 16:23:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Symantec
[2006/07/13 21:45:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\T-DSL SpeedManager
[2010/11/30 12:52:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\TeamViewer
[2006/02/24 20:41:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Template
[2009/07/28 17:20:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\U3
[2006/08/03 23:18:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\vlc
[2006/02/24 21:41:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\WEBDE
 
< %APPDATA%\*.exe /s >
[2009/04/09 21:21:38 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009/06/30 20:13:25 | 001,878,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2008/05/25 13:07:27 | 000,065,024 | R--- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Microsoft\Installer\{05920D61-7B23-47ED-A3F5-6B1936A95AE0}\Icon05920D61.exe
[2006/02/26 23:19:49 | 000,827,368 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\MSNInstaller\msnauins.exe
[2007/01/21 13:05:52 | 003,112,792 | ---- | M] (MySpace Inc.) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\MySpace\IM\Install\MSIMClientSetup.1.0.595.0-static.exe
[2010/07/03 06:32:00 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Real\Update\setup3.10\setup.exe
[2011/01/11 00:12:11 | 000,506,024 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Real\Update\setup3.13\setup.exe
[2011/02/28 16:29:33 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Real\Update\setup3.14\setup.exe
[2005/02/13 18:22:00 | 001,178,540 | ---- | M] (Sony ITE                                                                                                                                                                                                                 ) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\npm.exe
[2005/10/10 22:12:00 | 003,933,908 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_de.exe
[2005/10/10 22:12:00 | 003,943,020 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_en.exe
[2005/10/10 22:12:00 | 003,939,540 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_es.exe
[2005/10/10 22:12:00 | 003,942,068 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_fr.exe
[2005/10/10 22:12:00 | 003,938,964 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_it.exe
[2005/10/10 22:08:00 | 003,942,708 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_nl.exe
[2005/10/10 22:06:00 | 003,357,076 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_de.exe
[2005/10/10 22:07:00 | 003,362,060 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_en.exe
[2005/10/10 22:07:00 | 003,355,524 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_es.exe
[2005/10/10 22:07:00 | 003,356,780 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_fr.exe
[2005/10/10 22:07:00 | 003,356,484 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_it.exe
[2005/10/10 22:06:00 | 003,357,324 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_nl.exe
[2004/12/01 11:00:00 | 000,405,504 | ---- | M] (Sony Corporation) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\tools\PcName.exe
[2005/10/13 13:16:26 | 001,922,580 | ---- | M] (Sony Corporation) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\update\update.exe
 
< %SYSTEMDRIVE%\*.exe >
[2005/03/22 14:55:24 | 000,200,767 | ---- | M] () -- C:\ul_format.exe
[2005/03/14 23:52:48 | 000,049,152 | ---- | M] () -- C:\ul_install.exe
[2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
 
 
< MD5 for: AGP440.SYS  >
[2004/08/04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011/06/25 18:48:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 14:00:00 | 018,782,319 | R--- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2011/06/25 18:48:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2011/06/25 18:48:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/08/04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011/06/25 18:48:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 14:00:00 | 018,782,319 | R--- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2011/06/25 18:48:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2011/06/25 18:48:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\eventlog.dll
[2008/04/14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008/04/14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\netlogon.dll
[2008/04/14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\scecli.dll
[2008/04/14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005/03/02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007/03/08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\user32.dll
[2008/04/14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\userinit.exe
[2008/04/14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtUninstallKB307154$\winlogon.exe
[2004/08/14 01:07:41 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=4C5B48AB9179DE15A7B6A48DC8E56121 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\winlogon.exe
[2008/04/14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/08/04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005/11/21 13:38:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/11/21 13:38:19 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/11/21 13:38:19 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >
         


Alt 26.06.2011, 14:44   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA-Trojaner: Log Prüfung - Standard

BKA-Trojaner: Log Prüfung



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/21 12:46:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{171d76ac-b81e-11da-a1a4-00166f36ca77}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\Shell - "" = AutoRun
O33 - MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
--> BKA-Trojaner: Log Prüfung

Alt 26.06.2011, 14:53   #7
zio
 
BKA-Trojaner: Log Prüfung - Standard

BKA-Trojaner: Log Prüfung



Hi Arne,
schön, dass Ihr da seid!

Hier ist das OTL Fix Log:

Code:
ATTFilter
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4220333403-1498337883-3530830200-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4220333403-1498337883-3530830200-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-4220333403-1498337883-3530830200-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-4220333403-1498337883-3530830200-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_USERS\S-1-5-21-4220333403-1498337883-3530830200-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{171d76ac-b81e-11da-a1a4-00166f36ca77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171d76ac-b81e-11da-a1a4-00166f36ca77}\ not found.
File G:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25aa4475-7b8a-11de-abfa-00166f36ca77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25aa4475-7b8a-11de-abfa-00166f36ca77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25aa4475-7b8a-11de-abfa-00166f36ca77}\ not found.
File H:\LaunchU3.exe -a not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.24.1 log created on 06262011_155055
         

Alt 26.06.2011, 14:55   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA-Trojaner: Log Prüfung - Standard

BKA-Trojaner: Log Prüfung



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Alt 26.06.2011, 15:03   #9
zio
 
BKA-Trojaner: Log Prüfung - Standard

BKA-Trojaner: Log Prüfung



Hi Arne,
hier das TDSSKiller Log.

Code:
ATTFilter
2011/06/26 16:00:44.0500 2420	TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/26 16:00:44.0781 2420	================================================================================
2011/06/26 16:00:44.0781 2420	SystemInfo:
2011/06/26 16:00:44.0781 2420	
2011/06/26 16:00:44.0781 2420	OS Version: 5.1.2600 ServicePack: 3.0
2011/06/26 16:00:44.0781 2420	Product type: Workstation
2011/06/26 16:00:44.0781 2420	ComputerName: NAME-467835018E
2011/06/26 16:00:44.0781 2420	UserName: user1
2011/06/26 16:00:44.0781 2420	Windows directory: C:\WINDOWS
2011/06/26 16:00:44.0781 2420	System windows directory: C:\WINDOWS
2011/06/26 16:00:44.0781 2420	Processor architecture: Intel x86
2011/06/26 16:00:44.0781 2420	Number of processors: 1
2011/06/26 16:00:44.0781 2420	Page size: 0x1000
2011/06/26 16:00:44.0781 2420	Boot type: Normal boot
2011/06/26 16:00:44.0781 2420	================================================================================
2011/06/26 16:00:46.0531 2420	Initialize success
2011/06/26 16:01:02.0125 3516	================================================================================
2011/06/26 16:01:02.0125 3516	Scan started
2011/06/26 16:01:02.0125 3516	Mode: Manual; 
2011/06/26 16:01:02.0125 3516	================================================================================
2011/06/26 16:01:05.0250 3516	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/26 16:01:05.0312 3516	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/26 16:01:05.0406 3516	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/26 16:01:05.0500 3516	AegisP          (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/26 16:01:05.0562 3516	Afc             (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/06/26 16:01:05.0781 3516	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/06/26 16:01:05.0984 3516	ApfiltrService  (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/06/26 16:01:06.0093 3516	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/26 16:01:06.0234 3516	Aspi32          (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/06/26 16:01:06.0312 3516	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/26 16:01:06.0500 3516	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/26 16:01:06.0562 3516	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/26 16:01:06.0625 3516	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/26 16:01:06.0718 3516	avgio           (87828ecd657f81503465ac705e845076) C:\Programme\AntiVir PersonalEdition Classic\avgio.sys
2011/06/26 16:01:06.0765 3516	avgntflt        (fcb30820bed1d3feb55e3dd55a3f947f) C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
2011/06/26 16:01:06.0859 3516	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/26 16:01:07.0093 3516	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/26 16:01:07.0140 3516	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/26 16:01:07.0234 3516	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/26 16:01:07.0312 3516	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/26 16:01:07.0375 3516	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/26 16:01:07.0609 3516	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/26 16:01:07.0687 3516	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/26 16:01:07.0843 3516	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/26 16:01:07.0906 3516	DLABOIOM        (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/06/26 16:01:07.0968 3516	DLACDBHM        (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/06/26 16:01:08.0156 3516	DLADResN        (3a05973a21dd001dd1f87186e2ade343) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/06/26 16:01:08.0218 3516	DLAIFS_M        (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/06/26 16:01:08.0281 3516	DLAOPIOM        (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/06/26 16:01:08.0328 3516	DLAPoolM        (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/06/26 16:01:08.0406 3516	DLARTL_N        (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/06/26 16:01:08.0484 3516	DLAUDFAM        (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/06/26 16:01:08.0531 3516	DLAUDF_M        (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/06/26 16:01:08.0625 3516	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/26 16:01:08.0843 3516	DMICall         (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/06/26 16:01:08.0921 3516	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/26 16:01:09.0000 3516	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/26 16:01:09.0078 3516	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/26 16:01:09.0187 3516	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/26 16:01:09.0375 3516	DRVMCDB         (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/06/26 16:01:09.0421 3516	DRVNDDM         (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/06/26 16:01:09.0500 3516	E100B           (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/26 16:01:09.0593 3516	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/26 16:01:09.0671 3516	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/26 16:01:09.0875 3516	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/26 16:01:09.0906 3516	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/26 16:01:09.0968 3516	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/26 16:01:10.0062 3516	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/26 16:01:10.0125 3516	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/26 16:01:10.0203 3516	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/06/26 16:01:10.0421 3516	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/26 16:01:10.0515 3516	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/26 16:01:10.0593 3516	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/26 16:01:10.0718 3516	HSFHWAZL        (9bec5d4ac6efdaaf001d42c77811e3db) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/06/26 16:01:10.0921 3516	HSF_DPV         (6cad234becf58529879b6c303f02777f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/06/26 16:01:11.0062 3516	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/26 16:01:11.0171 3516	HttpUsb         (69f407c9f2cfde930a9cafcfc8aac5a3) C:\WINDOWS\system32\Drivers\HttpUsb.sys
2011/06/26 16:01:11.0406 3516	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/26 16:01:11.0515 3516	ialm            (c8b13676374ae2418b653b10d2edda0e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/26 16:01:11.0625 3516	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/26 16:01:11.0984 3516	IntcAzAudAddService (5f2657f8781376892035976cf8122a2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/26 16:01:12.0281 3516	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/26 16:01:12.0359 3516	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/26 16:01:12.0437 3516	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/26 16:01:12.0515 3516	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/26 16:01:12.0578 3516	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/26 16:01:12.0781 3516	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/26 16:01:12.0875 3516	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/26 16:01:12.0953 3516	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/26 16:01:13.0015 3516	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/26 16:01:13.0093 3516	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/26 16:01:13.0281 3516	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/26 16:01:13.0359 3516	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/26 16:01:13.0484 3516	LEX_AS_NIC_SERVICE_YNOS (f03fc45e839912cb576e2496f582867c) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys
2011/06/26 16:01:13.0593 3516	massfilter      (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys
2011/06/26 16:01:13.0671 3516	mdmxsdk         (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/26 16:01:13.0859 3516	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/26 16:01:13.0953 3516	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/26 16:01:14.0046 3516	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/26 16:01:14.0171 3516	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/26 16:01:14.0609 3516	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/26 16:01:14.0718 3516	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/26 16:01:14.0812 3516	MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/26 16:01:15.0031 3516	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/26 16:01:15.0125 3516	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/26 16:01:15.0218 3516	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/26 16:01:15.0281 3516	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/26 16:01:15.0359 3516	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/26 16:01:15.0562 3516	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/26 16:01:15.0640 3516	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/26 16:01:15.0734 3516	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/26 16:01:15.0843 3516	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/26 16:01:16.0015 3516	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/26 16:01:16.0062 3516	Ndisprot        (e94265636d893314463cb650e43c3eb5) C:\WINDOWS\system32\DRIVERS\ndisprot.sys
2011/06/26 16:01:16.0140 3516	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/26 16:01:16.0218 3516	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/26 16:01:16.0265 3516	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/26 16:01:16.0328 3516	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/26 16:01:16.0406 3516	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/26 16:01:16.0578 3516	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/26 16:01:16.0656 3516	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/26 16:01:16.0765 3516	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/26 16:01:16.0843 3516	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/26 16:01:17.0109 3516	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/26 16:01:17.0281 3516	nv              (0a71bc580c55dc6fec466d8533569e66) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/26 16:01:17.0546 3516	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/26 16:01:17.0609 3516	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/26 16:01:17.0703 3516	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/26 16:01:17.0812 3516	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/26 16:01:17.0984 3516	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/26 16:01:18.0078 3516	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/26 16:01:18.0171 3516	PCANDIS5        (d0084a9ade989fe703e4f22171f4e4dc) C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS
2011/06/26 16:01:18.0234 3516	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/26 16:01:18.0328 3516	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/26 16:01:18.0515 3516	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/26 16:01:18.0765 3516	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/26 16:01:18.0828 3516	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/26 16:01:18.0875 3516	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/26 16:01:18.0937 3516	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/26 16:01:19.0171 3516	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/26 16:01:19.0343 3516	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/26 16:01:19.0406 3516	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/26 16:01:19.0468 3516	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/26 16:01:19.0531 3516	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/26 16:01:19.0609 3516	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/26 16:01:19.0687 3516	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/26 16:01:19.0906 3516	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/26 16:01:20.0031 3516	s217bus         (0266151de3f36429f6ac3c4b28085061) C:\WINDOWS\system32\DRIVERS\s217bus.sys
2011/06/26 16:01:20.0093 3516	s217mdfl        (a43c0af0e46be7ef0c7e8ccf0f058600) C:\WINDOWS\system32\DRIVERS\s217mdfl.sys
2011/06/26 16:01:20.0171 3516	s217mdm         (005f5ded1ed8f8a9d2399d765ead20f1) C:\WINDOWS\system32\DRIVERS\s217mdm.sys
2011/06/26 16:01:20.0250 3516	s217mgmt        (de9562ad0c91e1857d11f65a91ee1a47) C:\WINDOWS\system32\DRIVERS\s217mgmt.sys
2011/06/26 16:01:20.0328 3516	s217nd5         (11cc5d7f992799e7e75d018e9c018563) C:\WINDOWS\system32\DRIVERS\s217nd5.sys
2011/06/26 16:01:20.0578 3516	s217obex        (0f9f4045799afb66b85eef999d0609ec) C:\WINDOWS\system32\DRIVERS\s217obex.sys
2011/06/26 16:01:20.0656 3516	s217unic        (1c91e1023f07b6407d84b5a43537d984) C:\WINDOWS\system32\DRIVERS\s217unic.sys
2011/06/26 16:01:20.0750 3516	s24trans        (208491a652c79871737edfe629de2c45) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/06/26 16:01:20.0843 3516	s816bus         (8c156e6b568aa927eb5deadeb870bdd2) C:\WINDOWS\system32\DRIVERS\s816bus.sys
2011/06/26 16:01:20.0984 3516	s816mdfl        (d4ed429953a2b8b09c702805813a26c8) C:\WINDOWS\system32\DRIVERS\s816mdfl.sys
2011/06/26 16:01:21.0109 3516	s816mdm         (94306f371a6ff8b690bea81157111b3b) C:\WINDOWS\system32\DRIVERS\s816mdm.sys
2011/06/26 16:01:21.0203 3516	s816mgmt        (fafdd00abad1b6029bf7f4067764ab41) C:\WINDOWS\system32\DRIVERS\s816mgmt.sys
2011/06/26 16:01:21.0281 3516	s816nd5         (fd0d1e39cb22558d79bff59b66a5874a) C:\WINDOWS\system32\DRIVERS\s816nd5.sys
2011/06/26 16:01:21.0343 3516	s816obex        (8eacd5e46764463e75f171d9bf305348) C:\WINDOWS\system32\DRIVERS\s816obex.sys
2011/06/26 16:01:21.0484 3516	s816unic        (e2090b041b935430abc8e184b7d6cd75) C:\WINDOWS\system32\DRIVERS\s816unic.sys
2011/06/26 16:01:21.0640 3516	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/26 16:01:21.0718 3516	seehcri         (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2011/06/26 16:01:21.0781 3516	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/26 16:01:21.0906 3516	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/26 16:01:22.0234 3516	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/26 16:01:22.0312 3516	SNC             (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
2011/06/26 16:01:22.0468 3516	SPBBCDrv        (7314d3261fd973880e0fa31fa32f515b) C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/06/26 16:01:22.0578 3516	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/26 16:01:22.0781 3516	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/26 16:01:22.0859 3516	Srv             (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/26 16:01:22.0937 3516	STEC3           (e4ebf293d1f612bda19b646c36715b20) C:\WINDOWS\system32\STEC3.sys
2011/06/26 16:01:23.0031 3516	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/26 16:01:23.0156 3516	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/26 16:01:23.0296 3516	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/26 16:01:23.0500 3516	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/26 16:01:23.0593 3516	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/26 16:01:23.0687 3516	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/26 16:01:23.0812 3516	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/26 16:01:23.0859 3516	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/26 16:01:23.0953 3516	tifmsony        (2c946b5dfbe608ec036f88d98658ef75) C:\WINDOWS\system32\drivers\tifmsony.sys
2011/06/26 16:01:24.0062 3516	TNPacket        (52ab2f2b0d2fd7cc2fdb489c449feb8e) C:\Programme\T-DSL SpeedManager\TNPACKET.SYS
2011/06/26 16:01:24.0171 3516	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/26 16:01:24.0312 3516	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/26 16:01:24.0468 3516	USBAAPL         (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/26 16:01:24.0578 3516	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/26 16:01:24.0640 3516	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/26 16:01:24.0734 3516	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/26 16:01:24.0796 3516	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/26 16:01:24.0906 3516	UsbItf          (0cdde991e84fa0e779aa9b7fabb7fdcb) C:\WINDOWS\system32\Drivers\UsbItf.sys
2011/06/26 16:01:24.0953 3516	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/26 16:01:25.0109 3516	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/26 16:01:25.0156 3516	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/26 16:01:25.0234 3516	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/26 16:01:25.0281 3516	V0220Dev        (d6791fdb0f4851fb2b589632e131865b) C:\WINDOWS\system32\DRIVERS\V0220Dev.sys
2011/06/26 16:01:25.0421 3516	V0220Vfx        (a0c643d5f8c60f12faa6e3454dfe9c32) C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys
2011/06/26 16:01:25.0562 3516	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/26 16:01:25.0671 3516	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/26 16:01:25.0875 3516	w29n51          (67caa926ef06e07f2d31056b39f51c54) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/06/26 16:01:26.0187 3516	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/26 16:01:26.0296 3516	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/26 16:01:26.0406 3516	winachsf        (ab7646d4cb9bb83d29d21ef7e00a0d15) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/26 16:01:26.0656 3516	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/06/26 16:01:26.0796 3516	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/26 16:01:26.0875 3516	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/26 16:01:26.0953 3516	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/26 16:01:27.0046 3516	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/26 16:01:27.0187 3516	ZTEusbmdm6k     (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
2011/06/26 16:01:27.0312 3516	ZTEusbnmea      (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
2011/06/26 16:01:27.0359 3516	ZTEusbser6k     (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
2011/06/26 16:01:27.0453 3516	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/26 16:01:27.0609 3516	================================================================================
2011/06/26 16:01:27.0609 3516	Scan finished
2011/06/26 16:01:27.0609 3516	================================================================================
2011/06/26 16:01:27.0625 0932	Detected object count: 0
2011/06/26 16:01:27.0625 0932	Actual detected object count: 0
         

Alt 26.06.2011, 15:05   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA-Trojaner: Log Prüfung - Standard

BKA-Trojaner: Log Prüfung



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Alt 26.06.2011, 15:59   #11
zio
 
BKA-Trojaner: Log Prüfung - Standard

BKA-Trojaner: Log Prüfung



Hi Arne,
hier das ComboFix Log.

Code:
ATTFilter
ComboFix 11-06-25.05 - user1 26/06/2011  16:33:13.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1022.495 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\user1\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-010D-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00EB-0D24-347CA8A3377C}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\user1\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\STEC3.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_STEC3
-------\Service_STEC3
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-26 bis 2011-06-26  ))))))))))))))))))))))))))))))
.
.
2011-06-26 13:50 . 2011-06-26 13:50	--------	d-----w-	C:\_OTL
2011-06-25 19:53 . 2011-06-25 19:53	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-06-25 19:53 . 2011-06-25 19:53	476904	----a-w-	c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-25 19:05 . 2011-06-25 19:05	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-25 17:37 . 2011-06-25 17:37	--------	d-----w-	c:\dokumente und einstellungen\user1\Anwendungsdaten\Malwarebytes
2011-06-25 17:37 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-25 17:37 . 2011-06-25 17:37	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-06-25 17:37 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-25 17:36 . 2011-06-25 17:37	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2011-06-25 16:58 . 2011-06-25 16:58	--------	d-----w-	c:\windows\l2schemas
2011-06-25 16:58 . 2011-06-25 16:58	--------	d-----w-	c:\windows\system32\de
2011-06-25 16:58 . 2011-06-25 16:58	--------	d-----w-	c:\windows\system32\bits
2011-06-25 16:48 . 2011-06-25 16:48	--------	d-----w-	c:\windows\EHome
2011-06-23 10:44 . 2011-06-23 10:48	--------	d-----w-	c:\dokumente und einstellungen\Administrator.NAME-467835018E
2011-06-06 10:55 . 2011-06-06 10:55	183696	----a-w-	c:\programme\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 10:55 . 2011-06-06 10:55	183696	----a-w-	c:\programme\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="c:\programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programme\Apoint\Apoint.exe" [2003-11-07 114688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-09 6746112]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-29 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-29 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-29 114688]
"SonyPowerCfg"="c:\programme\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 184320]
"VAIO Update 2"="c:\programme\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"avgnt"="c:\programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"AVFX Engine"="c:\programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-08 24576]
"V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-05-16 28672]
"OlStatusMon"="c:\programme\Olivetti\ANY_WAY\olDvcStatus.exe" [2006-01-03 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2009-09-09 198160]
"UIExec"="c:\programme\Mobile Partner Manager\UIExec.exe" [2010-07-16 138584]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\user1\Startmen\Programme\Autostart\
Picture Motion Browser Media Check Tool.lnk - c:\programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-8-4 344064]
Yahoo! Widget Engine.lnk - c:\programme\Yahoo!\Widgets\YahooWidgetEngine.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42	73728	----a-w-	c:\windows\system32\VESWinlogon.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Spyware Doctor"="c:\programme\Spyware Doctor\sndoctor.exe.exe" /Q
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Dokumente und Einstellungen\\user1\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programme\\SightSpeed\\SightSpeed.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:*:Disabled:E-MULE TCP
"4672:UDP"= 4672:UDP:*:Disabled:E-MULE UDP
.
R1 Ndisprot;GreenPacket NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [12.11.2010 17:33 21504]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 olMntrService;olMntrService;c:\programme\Olivetti\ANY_WAY\olMntrService.exe [03.01.2006 11:36 69632]
R2 UI Assistant Service;UI Assistant Service;c:\programme\Mobile Partner Manager\AssistantServices.exe [12.11.2010 17:33 252784]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [24.03.2010 21:32 27632]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [08.01.2010 16:48 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [08.01.2010 16:48 135664]
S3 HttpUsb;XML interface;c:\windows\system32\drivers\HttpUsb.sys [11.09.2006 19:00 31784]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [12.11.2010 17:33 9216]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [31.07.2008 21:01 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [31.07.2008 21:01 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [31.07.2008 21:01 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [31.07.2008 21:01 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [31.07.2008 21:01 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [31.07.2008 21:01 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [31.07.2008 21:01 97704]
S3 sgbx_device;sgbx_device;c:\windows\system32\sgbxcoms.exe -service --> c:\windows\system32\sgbxcoms.exe -service [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 TNPacket;T-Systems Nova Packet Capture Driver;c:\programme\T-DSL SpeedManager\TNPACKET.SYS [11.03.2004 17:44 9696]
S3 UsbItf;MF F@X activities;c:\windows\system32\drivers\UsbItf.sys [11.09.2006 19:00 10240]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [25.05.2007 08:30 145472]
S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [25.05.2007 08:30 6272]
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-08 14:48]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-08 14:48]
.
2011-06-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2005-11-21 14:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.mlb.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Übertragen mit Image Converter 2 Plus - c:\programme\Sony\Image Converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
TCP: DhcpNameServer = 195.50.140.118 195.50.140.180
FF - ProfilePath - c:\dokumente und einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\bcbdm93j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\programme\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\programme\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-HijackThis - c:\dokume~1\user1\LOKALE~1\Temp\Rar$EX00.188\HijackThis.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-26 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(3580)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\programme\AntiVir PersonalEdition Classic\sched.exe
c:\programme\AntiVir PersonalEdition Classic\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Sony\VAIO Event Service\VESMgr.exe
c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programme\Apoint\Apntex.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ICO.EXE
c:\programme\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-26  16:50:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-06-26 14:49
.
Vor Suchlauf: 11 Verzeichnis(se), 26,050,912,256 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 28,338,458,624 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 509A96A7EA262979909B4649830E6E34
         

Alt 26.06.2011, 16:00   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA-Trojaner: Log Prüfung - Standard

BKA-Trojaner: Log Prüfung



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Alt 26.06.2011, 18:00   #13
zio
 
BKA-Trojaner: Log Prüfung - Standard

BKA-Trojaner: Log Prüfung



Hi Arne,
GMER hat wirklich eine Menge Zeit gebraucht, aber geschafft!

Hier das GMER Log:

Code:
ATTFilter
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-26 18:44:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541010G9AT00 rev.MBZOA60A
Running: ifi22yxu.exe; Driver: C:\DOKUME~1\user1\LOKALE~1\Temp\pwpcrkoc.sys


---- Kernel code sections - GMER 1.0.15 ----

?       Combo-Fix.sys                               Das System kann die angegebene Datei nicht finden. !
.text   C:\WINDOWS\system32\DRIVERS\nv4_mini.sys    section is writeable [0xF6768360, 0x1DD36D, 0xE8000020]
?       C:\ComboFix\catchme.sys                     Das System kann den angegebenen Pfad nicht finden. !
?       C:\WINDOWS\system32\Drivers\PROCEXP113.SYS  Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

Device  \FileSystem\Cdfs \Cdfs                      DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
         
Hier das OSAM Log:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:54:07 on 26.06.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Symantec NetDetect.job" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\NDETECT.EXE

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"VCCenter.cpl" - "Sony Corporation" - C:\WINDOWS\system32\VCCenter.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - "Avira GmbH" - C:\PROGRA~1\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP1.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.2.0.3" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DLABOIOM" (DLABOIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLABOIOM.SYS
"DLACDBHM" (DLACDBHM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
"DLADResN" (DLADResN) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLADResN.SYS
"DLAIFS_M" (DLAIFS_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
"DLAOPIOM" (DLAOPIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
"DLAPoolM" (DLAPoolM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAPoolM.SYS
"DLARTL_N" (DLARTL_N) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
"DLAUDFAM" (DLAUDFAM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
"DLAUDF_M" (DLAUDF_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
"DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS
"DRVNDDM" (DRVNDDM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
"GreenPacket NDIS Protocol Driver" (Ndisprot) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\ndisprot.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\DOKUME~1\user1\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MF F@X activities" (UsbItf) - "OEM" - C:\WINDOWS\System32\Drivers\UsbItf.sys
"PCANDIS5 Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys
"pwpcrkoc" (pwpcrkoc) - ? - C:\DOKUME~1\user1\LOKALE~1\Temp\pwpcrkoc.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
"T-Systems Nova Packet Capture Driver" (TNPacket) - "T-Systems Nova GmbH" - C:\Programme\T-DSL SpeedManager\TNPACKET.SYS
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys
"XML interface" (HttpUsb) - "OEM" - C:\WINDOWS\System32\Drivers\HttpUsb.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - ? -   (File not found | COM-object registry key not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{C6643EC0-49AC-4c15-A455-04104DB900A9} "Image Converter context menu" - " " - C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMPanel.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{4528BBE0-4E08-11D5-AD55-00010333D0AD} "{4528BBE0-4E08-11D5-AD55-00010333D0AD}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} "BatchDownloader Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\DigWXMSN.dll / hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} "Installation Support" - "Yahoo! Inc." - C:\Programme\Yahoo!\Common\Yinsthelper.dll / C:\Programme\Yahoo!\Common\Yinsthelper.dll
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
{9122D757-5A4F-4768-82C5-B4171D8556A7} "PhotoPickConvert Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\PhtPkMSN.dll / hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "{53707962-6F74-2D53-2644-206D7942484F}" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Autostart\desktop.ini
"Picture Motion Browser Media Check Tool.lnk" - "Sony Corporation" - C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe  (Shortcut exists | File exists)
"Yahoo! Widget Engine.lnk" - ? - C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Autostart\Yahoo! Widget Engine.lnk  (Shortcut exists | File not found)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Creative Live! Cam Manager" - "Creative Technology Ltd." - "C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"AVFX Engine" - "Creative Technology Ltd." - C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe
"avgnt" - "Avira GmbH" - "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"DLA" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLACTRLW.EXE
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"OlStatusMon" - "Olivetti" - "C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SonyPowerCfg" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMgr.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
"UIExec" - ? - "C:\Programme\Mobile Partner Manager\UIExec.exe"  (File found, but it contains no detailed information)
"VAIO Update 2" - ? - "C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll
"Crystal Port" - "Sagem" - C:\WINDOWS\system32\sgbxlmpm.dll
"Printer Port" - "Sagem" - C:\WINDOWS\system32\sgbxlmpm.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Active File Monitor V4" (AdobeActiveFileMonitor4.0) - ? - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)
"AntiVir PersonalEdition Classic Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
"AntiVir PersonalEdition Classic Planer" (AntiVirScheduler) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Bonjour Service" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"EvtEng" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update Service (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Image Converter video recording monitor for VAIO Entertainment" (Image Converter video recording monitor for VAIO Entertainment) - "Sony Corporation" - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod Service" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
"MSSQL$VAIO_VEDB" (MSSQL$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
"MSSQLServerADHelper" (MSSQLServerADHelper) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
"olMntrService" (olMntrService) - "Olivetti" - C:\Programme\Olivetti\ANY_WAY\olMntrService.exe
"PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
"RegSrvc" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"sgbx_device" (sgbx_device) - "Sagem" - C:\WINDOWS\system32\sgbxcoms.exe
"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
"Spectrum24 Event Monitor" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"SQLAgent$VAIO_VEDB" (SQLAgent$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE
"Symantec SPBBCSvc" (SPBBCSvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
"TSMService" (TSMService) - "T-Systems Nova, Berkom" - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
"UI Assistant Service" (UI Assistant Service) - ? - C:\Programme\Mobile Partner Manager\AssistantServices.exe  (File found, but it contains no detailed information)
"VAIO Cooporated Initialisation" (VCI) - "Sony Corporation" - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
"VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
"VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
"VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
"VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
"VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
"VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
"VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
"VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"VESWinlogon" - "Sony Corporation" - C:\WINDOWS\system32\VESWinlogon.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Und das MBRCheck Log:
Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Home Edition
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x0000003c

Kernel Drivers (total 143):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806D1000 \WINDOWS\system32\hal.dll
  0xF7A0C000 \WINDOWS\system32\KDCOM.DLL
  0xF791C000 \WINDOWS\system32\BOOTVID.dll
  0xF73DC000 ACPI.sys
  0xF7A0E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF73CB000 pci.sys
  0xF750C000 isapnp.sys
  0xF751C000 ohci1394.sys
  0xF752C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF7920000 compbatt.sys
  0xF7924000 \WINDOWS\system32\DRIVERS\BATTC.SYS
  0xF7AD4000 pciide.sys
  0xF778C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF7A10000 intelide.sys
  0xF73AD000 pcmcia.sys
  0xF753C000 MountMgr.sys
  0xF738E000 ftdisk.sys
  0xF7928000 ACPIEC.sys
  0xF7AD5000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
  0xF7794000 PartMgr.sys
  0xF754C000 VolSnap.sys
  0xF7376000 atapi.sys
  0xF755C000 disk.sys
  0xF756C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF7356000 fltmgr.sys
  0xF7344000 sr.sys
  0xF757C000 PxHelp20.sys
  0xF732E000 DRVMCDB.SYS
  0xF7317000 KSecDD.sys
  0xF7304000 WudfPf.sys
  0xF7277000 Ntfs.sys
  0xF724A000 NDIS.sys
  0xF758C000 Combo-Fix.sys
  0xF7230000 Mup.sys
  0xF75AC000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xF777C000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xF79D0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0xF6768000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xF6754000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF672C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF7854000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xF6708000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF785C000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF66EB000 \SystemRoot\system32\drivers\tifmsony.sys
  0xF63C9000 \SystemRoot\system32\DRIVERS\w29n51.sys
  0xF63A3000 \SystemRoot\system32\DRIVERS\e100b325.sys
  0xF7864000 \SystemRoot\System32\Drivers\SonyNC.sys
  0xF75BC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF786C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF638C000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0xF7874000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF6B04000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF787C000 \SystemRoot\system32\drivers\Afc.sys
  0xF7A28000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
  0xF6AF4000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF6AE4000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF6369000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF7884000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0xF7BB5000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF6AD4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF79DC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF6352000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF6AC4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF6AB4000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF788C000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF6319000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF6AA4000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF7894000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF789C000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF6A94000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF78A4000 \SystemRoot\system32\DRIVERS\seehcri.sys
  0xF7A2A000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF62BB000 \SystemRoot\system32\DRIVERS\update.sys
  0xF79EC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF6A84000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF3EB7000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xF3E93000 \SystemRoot\system32\drivers\portcls.sys
  0xF6A74000 \SystemRoot\system32\drivers\drmk.sys
  0xF3E67000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
  0xF3D6A000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
  0xF3CBB000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
  0xF78AC000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF75CC000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF7A2E000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF7A32000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7ADE000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7A34000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF78CC000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
  0xF78D4000 \SystemRoot\System32\drivers\vga.sys
  0xF7A36000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7A38000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF78DC000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF78E4000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF71DF000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xF3C88000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xF3C2F000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xF3C07000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xF71D7000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xF78EC000 \SystemRoot\system32\DRIVERS\ndisprot.sys
  0xF3BE5000 \SystemRoot\System32\drivers\afd.sys
  0xF75FC000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF3B97000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF760C000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF3B6C000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF3AFC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF761C000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF762C000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xF7B33000 \SystemRoot\system32\DRIVERS\DMICall.sys
  0xF7A3C000 \??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys
  0xF766C000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xF3AE4000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF7A42000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF6336000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF7904000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7BE9000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xF774C000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
  0xF7BB7000 \SystemRoot\System32\DLA\DLADResN.SYS
  0xBA772000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
  0xF79A8000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
  0xF7A60000 \SystemRoot\System32\DLA\DLAPoolM.SYS
  0xF77B4000 \SystemRoot\System32\DLA\DLABOIOM.SYS
  0xBA75A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
  0xBA744000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
  0xBA73C000 \SystemRoot\system32\DRIVERS\AegisP.sys
  0xBA738000 \SystemRoot\system32\DRIVERS\s24trans.sys
  0xBA670000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xBA3F7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xBA434000 \SystemRoot\System32\Drivers\Aspi32.SYS
  0xBA46C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xBA1C0000 \SystemRoot\system32\DRIVERS\srv.sys
  0xBA0BC000 \??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
  0xB9F67000 \SystemRoot\system32\drivers\wdmaud.sys
  0xBA5C4000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB9AF0000 \SystemRoot\System32\Drivers\HTTP.sys
  0xF77EC000 \??\C:\ComboFix\catchme.sys
  0xF7A68000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
  0xB8693000 \??\C:\DOKUME~1\user1\LOKALE~1\Temp\pwpcrkoc.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 62):
       0 System Idle Process
       4 System
     804 C:\WINDOWS\system32\smss.exe
     880 csrss.exe
     904 C:\WINDOWS\system32\winlogon.exe
     948 C:\WINDOWS\system32\services.exe
     960 C:\WINDOWS\system32\lsass.exe
    1144 C:\WINDOWS\system32\svchost.exe
    1216 svchost.exe
    1356 C:\WINDOWS\system32\svchost.exe
    1392 C:\WINDOWS\system32\svchost.exe
    1520 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    1560 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    1608 svchost.exe
    1732 svchost.exe
     152 C:\WINDOWS\system32\spoolsv.exe
     636 svchost.exe
     668 C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
     692 C:\Programme\AntiVir PersonalEdition Classic\sched.exe
     708 C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
     744 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     772 C:\Programme\Bonjour\mDNSResponder.exe
     924 C:\Programme\Java\jre6\bin\jqs.exe
    1312 C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    1800 C:\WINDOWS\system32\nvsvc32.exe
    1816 C:\Programme\Olivetti\ANY_WAY\olMntrService.exe
    1868 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
     208 C:\WINDOWS\system32\svchost.exe
     320 C:\Programme\Mobile Partner Manager\AssistantServices.exe
     412 C:\Programme\Sony\VAIO Event Service\VESMgr.exe
     580 C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    1444 C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    1808 C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    2692 alg.exe
    3256 C:\WINDOWS\system32\svchost.exe
    3544 C:\WINDOWS\system32\wbem\wmiapsrv.exe
    1272 C:\Programme\Apoint\Apoint.exe
    1152 C:\Programme\Apoint\ApntEx.exe
    4036 C:\WINDOWS\RTHDCPL.EXE
    4060 C:\WINDOWS\system32\ico.exe
     996 C:\Programme\Sony\VAIO Power Management\SPMgr.exe
    2112 C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe
    2408 C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
    2668 C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe
     760 C:\WINDOWS\V0220Mon.exe
     752 C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe
    2968 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    3016 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    3144 C:\Programme\Mobile Partner Manager\UIExec.exe
    3348 C:\Programme\iTunes\iTunesHelper.exe
    3448 C:\Programme\DivX\DivX Update\DivXUpdate.exe
    3504 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    3396 C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
     340 C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    3432 C:\Programme\iPod\bin\iPodService.exe
    3580 C:\WINDOWS\explorer.exe
    3632 C:\WINDOWS\system32\wscntfy.exe
    1476 C:\Dokumente und Einstellungen\user1\Desktop\ifi22yxu.exe
    2316 C:\WINDOWS\system32\igfxsrvc.exe
    3488 C:\Programme\Mozilla Firefox\firefox.exe
    1208 C:\Dokumente und Einstellungen\user1\Desktop\osam_autorun_manager_5_0_portable\osam.exe
    3944 C:\Dokumente und Einstellungen\user1\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`bf1f2000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`63719c00  (NTFS)

PhysicalDrive0 Model Number: HTS541010G9AT00, Rev: MBZOA60A

      Size  Device Name          MBR Status
  --------------------------------------------
     93 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
         

Alt 27.06.2011, 09:46   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA-Trojaner: Log Prüfung - Standard

BKA-Trojaner: Log Prüfung



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Alt 27.06.2011, 19:00   #15
zio
 
BKA-Trojaner: Log Prüfung - Standard

BKA-Trojaner: Log Prüfung



Hi Arne,
vielen Dank für die Antwort, ich werde die Logs posten, sobald ich von der Arbeit zurückkomme.

Inzwischen eine Frage: Falls das System nach den letzten Logs als clean bezeichnet werden könnte, wäre dann in Ordnung beispielsweise Online-Banking, Emails usw. erneut zu benutzen? Natürlich nach Änderung der PIN bzw. der Passwörter...

Oder wäre besser das System komplett neu aufzusetzen?

Danke, bis später

Antwort

Themen zu BKA-Trojaner: Log Prüfung
adobe, adware.mywebsearch, anti-malware, antivirus, code, dateien, einstellungen, explorer, kaspersky, link, löschen, malware.trace, malwarebytes, mein log, microsoft, rechner, rogue.link, rogue.winantivirus, safer networking, security, service, software, tools, trojan.zlob, trojaner-board, version



Ähnliche Themen: BKA-Trojaner: Log Prüfung


  1. Datenfehler : CRC Prüfung
    Alles rund um Windows - 27.09.2013 (3)
  2. Trojaner, Malware Löschungs Prüfung nach delta search über DDS+
    Log-Analyse und Auswertung - 01.04.2013 (7)
  3. Verdacht auf Trojaner, Firewall lässt sich nicht anstellen, Prüfung des OLT-Log
    Plagegeister aller Art und deren Bekämpfung - 03.02.2013 (13)
  4. Prüfung OTL-Log nach BKA-Trojaner Befall
    Log-Analyse und Auswertung - 30.12.2012 (5)
  5. GVU Trojaner, Prüfung MBR (inkl. Log-Files)
    Log-Analyse und Auswertung - 21.08.2012 (2)
  6. Prüfung des PC 26.06.12
    Log-Analyse und Auswertung - 09.07.2012 (12)
  7. Trojaner "Bundespolizei" - Log-Dateien zur Prüfung
    Log-Analyse und Auswertung - 13.09.2011 (19)
  8. Bundespolizei/ukash Trojaner entfernt? Bitte um Logfile-Prüfung
    Log-Analyse und Auswertung - 04.09.2011 (26)
  9. BKA-Trojaner: Log Prüfung
    Log-Analyse und Auswertung - 04.05.2011 (18)
  10. Gozi Trojaner - mbam & OTL log zur Prüfung
    Plagegeister aller Art und deren Bekämpfung - 09.11.2010 (22)
  11. Trojaner bereits entfernt? Bitte um Prüfung!
    Log-Analyse und Auswertung - 13.08.2009 (1)
  12. Trojaner Bitte um Prüfung des Log-Files
    Log-Analyse und Auswertung - 15.08.2007 (4)
  13. Log-File prüfung
    Mülltonne - 02.01.2007 (0)
  14. bitte um prüfung
    Log-Analyse und Auswertung - 24.10.2006 (3)
  15. Highjackthis Log Prüfung?
    Log-Analyse und Auswertung - 05.10.2004 (3)
  16. Bitte um Log-Prüfung
    Log-Analyse und Auswertung - 16.09.2004 (8)
  17. Prüfung bestanden ;-)
    Alles rund um Windows - 16.05.2003 (1)

Zum Thema BKA-Trojaner: Log Prüfung - Hallo trojaner-board Community! Eine Freundin von mir hat sich auch den BKA-Trojaner eingeholt und ich helfe ihr, ihren Rechner wieder sauber zu kriegen. Ich habe die Rescue Disk 10 von - BKA-Trojaner: Log Prüfung...
Archiv
Du betrachtest: BKA-Trojaner: Log Prüfung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.