| |
| |||||||
Log-Analyse und Auswertung: BKA-Trojaner: Log PrüfungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
25.06.2011, 21:39
| #1 |
 |  BKA-Trojaner: Log Prüfung Hallo trojaner-board Community! Eine Freundin von mir hat sich auch den BKA-Trojaner eingeholt und ich helfe ihr, ihren Rechner wieder sauber zu kriegen. Ich habe die Rescue Disk 10 von Kaspersky benutzt, somit konnte ich sämtliche Dateien löschen und mindestens wieder den Rechner benutzen. Ich habe mir den Post unter diesem Link angeschaut: http://www.trojaner-board.de/97820-b...-pruefung.html Ich habe schon Java 6 update 26 heruntergeladen, sowie die letzte Version von Adobe Reader, die X. Hier mein Log mit MBAM (mbam-log-2011-06-25 (20-53-27)): Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6948
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
25/06/2011 20:53:27
mbam-log-2011-06-25 (20-53-27).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 348858
Laufzeit: 1 Stunde(n), 12 Minute(n), 9 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\dokumente und einstellungen\user1\anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\user2\favoriten\online security test.url (Rogue.Link) -> Quarantined and deleted successfully.
 Ich poste schon mal die mit ccleaner erstellte Liste meiner Programme: Code:
ATTFilter Adobe Acrobat 7.0 Elements - Deutsch Adobe Systems 7.0.0
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.0.22.87
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.3.181.26
Adobe Flash Player 9 ActiveX Adobe Systems 9
Adobe Photoshop Elements 4.0 Adobe Systems, Inc. 4.0
Adobe Reader 9.4.5 - Deutsch Adobe Systems Incorporated 9.4.5
Advanced Video FX Engine
AliceHilfe 1.0.0.1
ANY_WAY photo Olivetti S.p.A. 1.00.0205
Apple Application Support Apple Inc. 1.4.1
Apple Mobile Device Support Apple Inc. 3.3.1.3
Apple Software Update Apple Inc. 2.1.1.116
ArcSoft Panorama Maker 3.0
ArcSoft PhotoImpression 5 ArcSoft
Avira AntiVir Personal - Free Antivirus Avira GmbH
Bonjour Apple Inc. 2.0.4.0
CCleaner Piriform 3.07
Companion Suite IH 1.1.2
CompEat Pro
Creative Live! Cam Center
Creative Live! Cam Manager
Creative Live! Cam Video IM Driver (1.00.07.00)
Creative Photo Manager
Creative System Information
DivX Setup DivX, LLC 2.3.1.2
DVgate Plus
FotoStation Easy
Google Earth Google 5.2.1.1588
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221 Microsoft Corporation 20040219.000000
HijackThis 1.99.1 Soeperman Enterprises Ltd. 1.99.1
Image Converter 2 Plus Sony Corporation 2.2.01
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software Intel Corporation
InterVideo WinDVD for VAIO InterVideo Inc. 5.0-B11.739
iPhone Configuration Utility Apple Inc. 2.1.0.163
iTunes Apple Inc. 10.1.2.17
Java(TM) 6 Update 26 Oracle 6.0.260
LAN-Express AS IEEE 802.11 Wireless LAN
LiveUpdate 2.6 (Symantec Corporation) Symantec Corporation 2.6.14.0
Malwarebytes' Anti-Malware Version 1.51.0.1200 Malwarebytes Corporation 1.51.0.1200
Memory Stick Formatter
Microsoft .NET Framework 2.0 Language Pack - DEU Microsoft Corporation
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729
Microsoft .NET Framework 3.0 German Language Pack Microsoft Corporation
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation
Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 1
Microsoft Office XP Professional mit FrontPage Microsoft Corporation 10.0.4330.0
Microsoft SQL Server Desktop Engine (VAIO_VEDB) Microsoft Corporation 8.00.761
Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8.0.56336
Microsoft Works Microsoft Corporation 08.04.0702
Mobile Partner Manager ZTE Corporation 1.0.0.1
MobileMe Control Panel Apple Inc. 3.0.0.101
Mozilla Firefox (3.6) Mozilla 3.6 (de)
MSXML
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 4.20.9841.0
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 4.20.9848.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 4.20.9876.0
MSXML 6 Service Pack 2 (KB973686) Microsoft Corporation 6.20.2003.0
Nikon View 5
NVIDIA Drivers
OpenMG Limited Patch 4.3-05-10-05-01
OpenMG Secure Module 4.3.00 Sony Corporation 4.3.00.08302
QuickTime Apple Inc. 7.69.80.9
RealPlayer RealNetworks
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 1.92
Roxio DigitalMedia Audio Roxio 2.0.4
Roxio DigitalMedia Copy Roxio 2.0.4
Roxio DigitalMedia Data Roxio 2.0.4
Setting Utility Series
SightSpeed (remove only) SightSpeed Inc. 6.0 (6071)
Skype Toolbars Skype Technologies S.A. 1.0.4051
Skype™ 5.0 Skype Technologies S.A. 5.0.152
Sonic UDF Reader Sonic Solutions 5.2.1
SonicStage Mastering Studio 2.1
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Ericsson Media Manager 1.2 Sony Ericsson 1.2.610
Sony MP4 Shared Library Sony Corporation 2.0
SONY Photosizetool Colorplaza SA 1.0.2.1
Sony Picture Utility Sony Corporation 2.0.03.13170
Sony USB Driver Sony Corporation 2.00
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library Sony Corporation 2.0.01
Spybot - Search & Destroy 1.4 Safer Networking Limited 1.4
T-DSL SpeedManager
VAIO Control Center
VAIO Edit Components 6.0 Sony Corporation 6.0
VAIO Entertainment Platform Sony Corporation 1.3.20.10060
VAIO Event Service Sony Corporation 2.2.00.06130
VAIO Long Battery Life Wallpaper
VAIO Media 5.0 Sony Corporation 5.0.00
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0 Sony Corporation
VAIO Media Redistribution 5.0 Sony Corporation 5.0.00
VAIO Media Registration Tool 5.0 Sony Corporation 5.0.00
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management Sony Corporation 1.7.01.10190
VAIO Product Survey Sony Corporation 1.1.2.1
VAIO Sea Wallpaper
VAIO Starfish Wallpaper
VAIO Update 2
VAIO-Online-Registrierung (Deutsch) Sony Corporation 4.6.0.0
VideoLAN VLC media player 0.8.5 VideoLAN Team 0.8.5
Windows Internet Explorer 8 Microsoft Corporation 20090308.140743
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin Microsoft Corp 1.0.0.8
Windows XP Service Pack 3 Microsoft Corporation 20080414.031514
WinRAR Archivierer
Wireless LAN Starter
|
|
26.06.2011, 13:32
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | BKA-Trojaner: Log Prüfung CustomScan mit OTL
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
26.06.2011, 13:44
| #3 |
| | BKA-Trojaner: Log Prüfung Hi Arne,
__________________vielen Dank für die Antwort.  Muss ich bei OTL auch die Optionen "Scan all users", "LOP check" und "Purity check" aktivieren? |
|
26.06.2011, 14:16
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Trojaner: Log Prüfung Ja ruhig aktivieren
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2011, 14:24
| #5 |
| | BKA-Trojaner: Log Prüfung Hi Arne, hier ist mein OTL Log. Vielen Dank Code:
ATTFilter OTL logfile created on: 26/06/2011 14:46:52 - Run 2 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Dokumente und Einstellungen\user1\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy 1022.42 Mb Total Physical Memory | 618.57 Mb Available Physical Memory | 60.50% Memory free 2.40 Gb Paging File | 1.97 Gb Available in Paging File | 82.02% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 46.57 Gb Total Space | 24.62 Gb Free Space | 52.87% Space Free | Partition Type: NTFS Drive D: | 39.60 Gb Total Space | 12.84 Gb Free Space | 32.43% Space Free | Partition Type: NTFS Computer Name: NAME-467835018E | User Name: user1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/06/25 21:09:39 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user1\Desktop\OTL.exe PRC - [2011/04/08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011/01/05 12:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/07/16 10:51:34 | 000,138,584 | ---- | M] () -- C:\Programme\Mobile Partner Manager\UIExec.exe PRC - [2010/07/16 10:49:38 | 000,252,784 | ---- | M] () -- C:\Programme\Mobile Partner Manager\AssistantServices.exe PRC - [2009/09/09 12:21:11 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe PRC - [2008/11/24 21:39:37 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe PRC - [2008/11/24 21:39:35 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe PRC - [2008/07/19 14:49:12 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe PRC - [2008/04/14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/06/13 05:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2006/06/09 01:11:00 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe PRC - [2006/05/16 03:00:00 | 000,028,672 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0220Mon.exe PRC - [2006/01/03 15:23:56 | 000,094,208 | ---- | M] (Olivetti) -- C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe PRC - [2006/01/03 11:36:32 | 000,069,632 | ---- | M] (Olivetti) -- C:\Programme\Olivetti\ANY_WAY\olMntrService.exe PRC - [2005/10/19 23:07:34 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe PRC - [2005/10/11 22:36:38 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe PRC - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe PRC - [2005/09/01 12:44:46 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2005/09/01 12:44:46 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe PRC - [2005/09/01 12:44:42 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2005/05/20 18:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe PRC - [2003/11/07 10:21:28 | 000,114,688 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe PRC - [2003/02/26 04:08:42 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe PRC - [2002/03/14 17:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe ========== Modules (SafeList) ========== MOD - [2011/06/25 21:09:39 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user1\Desktop\OTL.exe MOD - [2008/04/14 04:20:11 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011/01/05 12:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/07/16 10:49:38 | 000,252,784 | ---- | M] () [Auto | Running] -- C:\Programme\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service) SRV - [2008/11/24 21:39:37 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2008/11/24 21:39:35 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2006/01/03 11:36:32 | 000,069,632 | ---- | M] (Olivetti) [Auto | Running] -- C:\Programme\Olivetti\ANY_WAY\olMntrService.exe -- (olMntrService) SRV - [2005/10/11 15:04:44 | 001,982,464 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2005/10/11 13:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) SRV - [2005/10/11 13:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) SRV - [2005/10/11 13:00:46 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2005/10/06 15:28:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0) SRV - [2005/09/01 12:44:46 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2005/09/01 12:44:46 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw) SRV - [2005/09/01 12:44:42 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2005/08/30 16:00:50 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2005/08/30 15:55:18 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2005/08/30 15:49:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2005/07/14 20:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment) SRV - [2005/07/08 02:12:54 | 000,466,944 | ---- | M] (Sagem) [On_Demand | Stopped] -- C:\WINDOWS\System32\sgbxcoms.exe -- (sgbx_device) SRV - [2005/05/20 18:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005/02/25 21:45:00 | 000,992,864 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc) SRV - [2005/01/04 12:09:36 | 000,398,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe -- (VCI) SRV - [2004/07/14 16:00:44 | 000,147,456 | ---- | M] (T-Systems Nova, Berkom) [On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\tsmsvc.exe -- (TSMService) ========== Driver Services (SafeList) ========== DRV - [2010/01/18 12:21:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010/01/18 12:21:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010/01/18 12:21:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010/01/18 12:21:00 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2009/12/17 12:31:42 | 000,021,504 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Ndisprot.sys -- (Ndisprot) DRV - [2009/06/13 19:48:23 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009/06/13 19:48:22 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2008/01/09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2007/11/02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) DRV - [2007/11/02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) DRV - [2007/11/02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217obex.sys -- (s217obex) DRV - [2007/11/02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) DRV - [2007/11/02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdm.sys -- (s217mdm) DRV - [2007/11/02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM) DRV - [2007/11/02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdfl.sys -- (s217mdfl) DRV - [2007/06/19 09:51:20 | 000,107,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm) DRV - [2007/06/19 09:51:18 | 000,099,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) DRV - [2007/06/19 09:51:18 | 000,097,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) DRV - [2007/06/19 09:51:18 | 000,097,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex) DRV - [2007/06/19 09:51:18 | 000,021,928 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) DRV - [2007/06/19 09:51:18 | 000,013,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl) DRV - [2007/06/19 09:51:16 | 000,081,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM) DRV - [2006/08/20 10:09:54 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\STEC3.sys -- (STEC3) DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2006/05/24 10:55:30 | 000,145,472 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Dev.sys -- (V0220Dev) DRV - [2006/03/24 10:24:32 | 000,006,272 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Vfx.sys -- (V0220Vfx) DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005/08/11 21:00:44 | 000,077,312 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony) DRV - [2005/07/08 02:52:14 | 000,010,240 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbItf.sys -- (UsbItf) DRV - [2005/07/08 02:33:08 | 000,031,784 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HttpUsb.sys -- (HttpUsb) DRV - [2005/06/29 07:35:10 | 003,173,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/05/23 03:31:46 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005/05/23 03:30:48 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005/05/23 03:30:42 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005/05/03 08:03:54 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005/04/30 17:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R) DRV - [2005/02/25 21:45:00 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2005/02/11 00:07:50 | 000,456,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS) DRV - [2004/03/11 17:44:26 | 000,009,696 | ---- | M] (T-Systems Nova GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\TNPACKET.SYS -- (TNPacket) DRV - [2003/09/29 06:31:38 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2000/12/05 17:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall) DRV - [2000/11/09 12:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC) DRV - [2000/10/15 18:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\PCANDIS5.SYS -- (PCANDIS5) DRV - [1999/09/10 13:06:00 | 000,025,244 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.sys -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mlb.com/ IE - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011/03/16 21:44:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011/03/16 21:44:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/03/16 20:37:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/06/25 22:06:31 | 000,000,000 | ---D | M] [2008/07/28 14:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Extensions [2011/06/25 21:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\bcbdm93j.default\extensions [2009/09/02 09:42:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\bcbdm93j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/06/01 15:28:30 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\bcbdm93j.default\extensions\moveplayer@movenetworks.com [2008/10/25 09:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\bcbdm93j.default\extensions\toolbar_extras@de.yahoo.com [2011/06/25 21:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010/08/15 09:41:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011/06/25 21:53:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2008/11/09 17:30:58 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com [2011/03/16 21:44:44 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011/03/16 21:44:45 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2011/06/25 21:53:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/06/25 21:53:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2007/03/10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Mozilla Firefox\plugins\npyaxmpb.dll [2010/03/16 10:53:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/03/16 10:53:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010/03/16 10:53:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/03/16 10:53:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/03/16 10:53:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/02 16:33:11 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [AVFX Engine] C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OlStatusMon] C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe (Olivetti) O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UIExec] C:\Programme\Mobile Partner Manager\UIExec.exe () O4 - HKLM..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [VAIO Update 2] C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation) O4 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007..\Run: [Creative Live! Cam Manager] C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.) O4 - Startup: C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Autostart\Picture Motion Browser Media Check Tool.lnk = C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) O4 - Startup: C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Autostart\Yahoo! Widget Engine.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Übertragen mit Image Converter 2 Plus - C:\Programme\Sony\Image Converter 2\menu.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..Trusted Domains: sony-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..Trusted Domains: vaio-link.com ([]* in Trusted sites) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class) O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class) O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab (BatchDownloader Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.118 195.50.140.180 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/11/21 12:46:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{171d76ac-b81e-11da-a1a4-00166f36ca77}\Shell\AutoRun\command - "" = G:\setupSNK.exe O33 - MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\Shell - "" = AutoRun O33 - MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000 begin_of_the_skype_highlighting**************056-444553540000******end_of_the_skype_highlighting} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.dvsd - C:\Programme\Gemeinsame Dateien\Sony Shared\VideoLib\sonydv.dll (Sony Corporation) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183584330711040) ========== Files/Folders - Created Within 30 Days ========== [2011/06/26 14:28:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2011/06/25 22:04:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/06/25 21:53:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2011/06/25 21:45:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user1\Desktop\Repair logs [2011/06/25 21:35:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2011/06/25 21:09:39 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user1\Desktop\OTL.exe [2011/06/25 19:37:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Malwarebytes [2011/06/25 19:37:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011/06/25 19:37:08 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/06/25 19:37:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011/06/25 19:37:00 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/06/25 19:36:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011/06/25 19:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2011/06/25 18:58:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2011/06/25 18:58:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de [2011/06/25 18:58:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2011/06/25 18:53:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2011/06/25 18:48:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2011/06/25 18:48:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/06/26 13:57:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/06/26 13:57:19 | 000,022,745 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011/06/26 13:56:42 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/06/26 13:56:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/06/26 13:56:27 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys [2011/06/26 00:22:23 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job [2011/06/25 23:56:03 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/06/25 22:12:53 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Desktop\ifi22yxu.exe [2011/06/25 22:06:31 | 000,001,718 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2011/06/25 21:42:21 | 000,475,180 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011/06/25 21:42:21 | 000,328,326 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/06/25 21:42:21 | 000,091,464 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011/06/25 21:42:21 | 000,076,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/06/25 21:35:11 | 000,000,658 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2011/06/25 21:09:39 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user1\Desktop\OTL.exe [2011/06/25 19:26:11 | 000,316,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/06/25 18:53:12 | 000,251,712 | RHS- | M] () -- C:\ntldr [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/06/25 22:12:52 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Desktop\ifi22yxu.exe [2011/06/25 22:06:31 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk [2011/06/25 22:06:31 | 000,001,718 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2011/06/25 21:35:11 | 000,000,658 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2011/06/25 21:29:35 | 000,030,259 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Desktop\hjtscanlist.bat [2011/06/25 19:26:45 | 000,000,722 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Outlook Express.lnk [2011/06/25 10:39:18 | 1072,156,672 | -HS- | C] () -- C:\hiberfil.sys [2011/02/09 22:50:41 | 000,036,352 | ---- | C] () -- C:\WINDOWS\Sx32w.dll [2010/08/15 09:43:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/09/07 23:29:49 | 000,056,640 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/03/06 23:13:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2008/08/04 21:36:56 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2008/05/16 17:14:16 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2006/09/11 18:58:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\sgbxvs.dll [2006/09/11 18:58:39 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\sgbxplc.ini [2006/09/11 18:58:38 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\sgbxjswr.dll [2006/09/11 18:58:38 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\sgbxinsr.dll [2006/09/11 18:58:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sgbxcfg.dll [2006/09/11 18:58:37 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\sgbxutil.dll [2006/09/11 18:58:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\sgbxcur.dll [2006/09/11 18:58:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\sgbxinsb.dll [2006/09/11 18:58:36 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\sgbxins.dll [2006/09/11 18:58:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\sgbxcub.dll [2006/09/11 18:58:34 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\sgbxcu.dll [2006/09/06 21:18:24 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini [2006/09/02 16:40:18 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006/08/20 10:13:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI [2006/08/06 21:31:51 | 000,000,223 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006/08/03 10:46:08 | 000,001,778 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2006/08/01 15:08:51 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PMK_setup.ini [2006/04/22 00:49:10 | 000,064,512 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/03/20 22:51:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll [2006/03/01 18:24:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006/03/01 18:24:20 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe [2006/03/01 18:24:09 | 000,003,880 | ---- | C] () -- C:\WINDOWS\mozver.dat [2006/02/24 16:21:25 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2006/02/24 15:40:52 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\wklnhst.dat [2006/02/24 15:31:09 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2005/12/23 04:47:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/12/23 04:37:42 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll [2005/12/23 04:34:52 | 000,000,217 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/11/22 10:49:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/11/21 17:53:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005/11/21 17:53:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005/11/21 17:53:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005/11/21 17:53:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005/11/21 17:53:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005/11/21 17:53:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005/11/21 17:40:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI [2005/11/21 16:10:44 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL [2005/11/21 14:40:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2005/11/21 13:11:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/11/21 12:48:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005/11/21 12:44:25 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005/11/21 12:39:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005/11/21 12:38:43 | 000,316,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005/11/21 04:33:30 | 000,004,152 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/11/21 04:33:15 | 000,475,180 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2005/11/21 04:33:15 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2005/11/21 04:33:15 | 000,091,464 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2005/11/21 04:33:15 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2005/11/21 04:32:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005/11/21 04:32:55 | 000,328,326 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2005/11/21 04:32:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2005/11/21 04:32:55 | 000,076,038 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2005/11/21 04:32:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2005/11/21 04:32:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2005/11/21 04:32:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2005/11/21 04:32:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005/11/21 04:32:45 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2005/11/21 04:32:45 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2005/11/21 04:32:38 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2005/11/21 04:32:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2005/11/01 10:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini ========== LOP Check ========== [2006/08/21 12:26:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2011/06/25 19:28:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic [2006/03/13 21:18:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2008/07/31 21:10:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2006/07/13 21:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager [2006/07/16 14:43:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2010/04/08 10:27:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/10 11:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/04/08 17:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2006/09/03 10:11:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\T-DSL SpeedManager [2006/08/01 15:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user2\Anwendungsdaten\Nikon [2006/07/31 13:23:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user2\Anwendungsdaten\T-DSL SpeedManager [2006/02/27 18:57:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user2\Anwendungsdaten\Template [2006/05/10 21:15:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\sony [2011/03/06 23:13:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\AliceHilfe [2009/12/03 21:13:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\CoSoSys [2011/03/16 21:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\DDMSettings [2006/04/30 20:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\InterVideo [2006/02/24 16:37:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Leadertech [2006/02/26 23:15:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\MSNInstaller [2006/08/02 08:22:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Nikon [2006/02/26 21:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Opera [2008/07/30 16:56:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\ScanSoft [2008/08/01 12:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony [2006/07/13 21:45:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\T-DSL SpeedManager [2010/11/30 12:52:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\TeamViewer [2006/02/24 20:41:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Template [2006/02/24 21:41:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\WEBDE ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2007/01/21 13:06:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Microsoft < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009/08/24 21:43:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Adobe [2006/02/24 18:52:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\AdobeUM [2011/03/06 23:13:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\AliceHilfe [2009/09/23 14:44:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Apple Computer [2007/03/16 23:08:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Arcsoft [2009/12/03 21:13:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\CoSoSys [2006/12/11 11:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Creative [2011/03/16 21:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\DDMSettings [2011/03/16 21:44:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\DivX [2006/04/22 21:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Google [2006/03/11 20:12:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Help [2005/11/21 12:46:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Identities [2006/04/30 20:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\InterVideo [2009/09/07 23:31:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Lavasoft [2006/02/24 16:37:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Leadertech [2006/02/24 18:47:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Macromedia [2011/06/25 19:37:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Malwarebytes [2010/01/09 12:12:29 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Microsoft [2009/06/01 15:28:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Move Networks [2008/07/28 14:41:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla [2006/02/26 23:15:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\MSNInstaller [2007/01/04 14:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\MySpace [2006/08/02 08:22:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Nikon [2006/02/26 21:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Opera [2006/02/26 18:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\PC Tools [2009/09/09 12:22:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Real [2007/02/08 17:45:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Reallusion [2008/07/30 16:56:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\ScanSoft [2011/03/13 22:05:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Skype [2011/03/13 20:09:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\skypePM [2006/02/24 16:38:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Sonic [2008/08/01 12:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony [2008/08/04 21:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Sony Corporation [2006/03/05 22:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Sun [2006/02/24 16:23:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Symantec [2006/07/13 21:45:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\T-DSL SpeedManager [2010/11/30 12:52:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\TeamViewer [2006/02/24 20:41:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Template [2009/07/28 17:20:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\U3 [2006/08/03 23:18:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\vlc [2006/02/24 21:41:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\WEBDE < %APPDATA%\*.exe /s > [2009/04/09 21:21:38 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2009/06/30 20:13:25 | 001,878,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2008/05/25 13:07:27 | 000,065,024 | R--- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Microsoft\Installer\{05920D61-7B23-47ED-A3F5-6B1936A95AE0}\Icon05920D61.exe [2006/02/26 23:19:49 | 000,827,368 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\MSNInstaller\msnauins.exe [2007/01/21 13:05:52 | 003,112,792 | ---- | M] (MySpace Inc.) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\MySpace\IM\Install\MSIMClientSetup.1.0.595.0-static.exe [2010/07/03 06:32:00 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Real\Update\setup3.10\setup.exe [2011/01/11 00:12:11 | 000,506,024 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Real\Update\setup3.13\setup.exe [2011/02/28 16:29:33 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Real\Update\setup3.14\setup.exe [2005/02/13 18:22:00 | 001,178,540 | ---- | M] (Sony ITE ) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\npm.exe [2005/10/10 22:12:00 | 003,933,908 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_de.exe [2005/10/10 22:12:00 | 003,943,020 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_en.exe [2005/10/10 22:12:00 | 003,939,540 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_es.exe [2005/10/10 22:12:00 | 003,942,068 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_fr.exe [2005/10/10 22:12:00 | 003,938,964 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_it.exe [2005/10/10 22:08:00 | 003,942,708 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_nl.exe [2005/10/10 22:06:00 | 003,357,076 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_de.exe [2005/10/10 22:07:00 | 003,362,060 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_en.exe [2005/10/10 22:07:00 | 003,355,524 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_es.exe [2005/10/10 22:07:00 | 003,356,780 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_fr.exe [2005/10/10 22:07:00 | 003,356,484 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_it.exe [2005/10/10 22:06:00 | 003,357,324 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_nl.exe [2004/12/01 11:00:00 | 000,405,504 | ---- | M] (Sony Corporation) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\tools\PcName.exe [2005/10/13 13:16:26 | 001,922,580 | ---- | M] (Sony Corporation) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\sony\myclubvaio\update\update.exe < %SYSTEMDRIVE%\*.exe > [2005/03/22 14:55:24 | 000,200,767 | ---- | M] () -- C:\ul_format.exe [2005/03/14 23:52:48 | 000,049,152 | ---- | M] () -- C:\ul_install.exe [2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2004/08/04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2011/06/25 18:48:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004/08/04 14:00:00 | 018,782,319 | R--- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys [2011/06/25 18:48:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2011/06/25 18:48:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\sp3.cab:AGP440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004/08/04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2011/06/25 18:48:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004/08/04 14:00:00 | 018,782,319 | R--- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2011/06/25 18:48:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2011/06/25 18:48:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\sp3.cab:atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\eventlog.dll [2008/04/14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\netlogon.dll [2008/04/14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004/08/04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009/02/06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009/02/06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\scecli.dll [2008/04/14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004/08/04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005/03/02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007/03/08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005/03/02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004/08/04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007/03/08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008/04/14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008/04/14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\user32.dll [2008/04/14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008/04/14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\userinit.exe [2008/04/14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004/08/04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004/08/04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtUninstallKB307154$\winlogon.exe [2004/08/14 01:07:41 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=4C5B48AB9179DE15A7B6A48DC8E56121 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\winlogon.exe [2008/04/14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004/08/04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2005/11/21 13:38:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2005/11/21 13:38:19 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2005/11/21 13:38:19 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
26.06.2011, 14:44
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Trojaner: Log Prüfung Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-4220333403-1498337883-3530830200-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/21 12:46:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{171d76ac-b81e-11da-a1a4-00166f36ca77}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\Shell - "" = AutoRun
O33 - MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> BKA-Trojaner: Log Prüfung |
|
26.06.2011, 14:53
| #7 |
| | BKA-Trojaner: Log Prüfung Hi Arne, schön, dass Ihr da seid! Hier ist das OTL Fix Log: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4220333403-1498337883-3530830200-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4220333403-1498337883-3530830200-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-4220333403-1498337883-3530830200-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-4220333403-1498337883-3530830200-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_USERS\S-1-5-21-4220333403-1498337883-3530830200-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{171d76ac-b81e-11da-a1a4-00166f36ca77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171d76ac-b81e-11da-a1a4-00166f36ca77}\ not found.
File G:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25aa4475-7b8a-11de-abfa-00166f36ca77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25aa4475-7b8a-11de-abfa-00166f36ca77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25aa4475-7b8a-11de-abfa-00166f36ca77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25aa4475-7b8a-11de-abfa-00166f36ca77}\ not found.
File H:\LaunchU3.exe -a not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.24.1 log created on 06262011_155055
|
|
26.06.2011, 14:55
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Trojaner: Log Prüfung Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2011, 15:03
| #9 |
| | BKA-Trojaner: Log Prüfung Hi Arne, hier das TDSSKiller Log. Code:
ATTFilter 2011/06/26 16:00:44.0500 2420 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/26 16:00:44.0781 2420 ================================================================================
2011/06/26 16:00:44.0781 2420 SystemInfo:
2011/06/26 16:00:44.0781 2420
2011/06/26 16:00:44.0781 2420 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/26 16:00:44.0781 2420 Product type: Workstation
2011/06/26 16:00:44.0781 2420 ComputerName: NAME-467835018E
2011/06/26 16:00:44.0781 2420 UserName: user1
2011/06/26 16:00:44.0781 2420 Windows directory: C:\WINDOWS
2011/06/26 16:00:44.0781 2420 System windows directory: C:\WINDOWS
2011/06/26 16:00:44.0781 2420 Processor architecture: Intel x86
2011/06/26 16:00:44.0781 2420 Number of processors: 1
2011/06/26 16:00:44.0781 2420 Page size: 0x1000
2011/06/26 16:00:44.0781 2420 Boot type: Normal boot
2011/06/26 16:00:44.0781 2420 ================================================================================
2011/06/26 16:00:46.0531 2420 Initialize success
2011/06/26 16:01:02.0125 3516 ================================================================================
2011/06/26 16:01:02.0125 3516 Scan started
2011/06/26 16:01:02.0125 3516 Mode: Manual;
2011/06/26 16:01:02.0125 3516 ================================================================================
2011/06/26 16:01:05.0250 3516 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/26 16:01:05.0312 3516 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/26 16:01:05.0406 3516 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/26 16:01:05.0500 3516 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/26 16:01:05.0562 3516 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/06/26 16:01:05.0781 3516 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/06/26 16:01:05.0984 3516 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/06/26 16:01:06.0093 3516 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/26 16:01:06.0234 3516 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/06/26 16:01:06.0312 3516 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/26 16:01:06.0500 3516 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/26 16:01:06.0562 3516 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/26 16:01:06.0625 3516 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/26 16:01:06.0718 3516 avgio (87828ecd657f81503465ac705e845076) C:\Programme\AntiVir PersonalEdition Classic\avgio.sys
2011/06/26 16:01:06.0765 3516 avgntflt (fcb30820bed1d3feb55e3dd55a3f947f) C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
2011/06/26 16:01:06.0859 3516 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/26 16:01:07.0093 3516 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/26 16:01:07.0140 3516 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/26 16:01:07.0234 3516 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/26 16:01:07.0312 3516 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/26 16:01:07.0375 3516 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/26 16:01:07.0609 3516 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/26 16:01:07.0687 3516 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/26 16:01:07.0843 3516 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/26 16:01:07.0906 3516 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/06/26 16:01:07.0968 3516 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/06/26 16:01:08.0156 3516 DLADResN (3a05973a21dd001dd1f87186e2ade343) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/06/26 16:01:08.0218 3516 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/06/26 16:01:08.0281 3516 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/06/26 16:01:08.0328 3516 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/06/26 16:01:08.0406 3516 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/06/26 16:01:08.0484 3516 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/06/26 16:01:08.0531 3516 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/06/26 16:01:08.0625 3516 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/26 16:01:08.0843 3516 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/06/26 16:01:08.0921 3516 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/26 16:01:09.0000 3516 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/26 16:01:09.0078 3516 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/26 16:01:09.0187 3516 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/26 16:01:09.0375 3516 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/06/26 16:01:09.0421 3516 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/06/26 16:01:09.0500 3516 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/26 16:01:09.0593 3516 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/26 16:01:09.0671 3516 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/26 16:01:09.0875 3516 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/26 16:01:09.0906 3516 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/26 16:01:09.0968 3516 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/26 16:01:10.0062 3516 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/26 16:01:10.0125 3516 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/26 16:01:10.0203 3516 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/06/26 16:01:10.0421 3516 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/26 16:01:10.0515 3516 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/26 16:01:10.0593 3516 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/26 16:01:10.0718 3516 HSFHWAZL (9bec5d4ac6efdaaf001d42c77811e3db) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/06/26 16:01:10.0921 3516 HSF_DPV (6cad234becf58529879b6c303f02777f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/06/26 16:01:11.0062 3516 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/26 16:01:11.0171 3516 HttpUsb (69f407c9f2cfde930a9cafcfc8aac5a3) C:\WINDOWS\system32\Drivers\HttpUsb.sys
2011/06/26 16:01:11.0406 3516 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/26 16:01:11.0515 3516 ialm (c8b13676374ae2418b653b10d2edda0e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/26 16:01:11.0625 3516 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/26 16:01:11.0984 3516 IntcAzAudAddService (5f2657f8781376892035976cf8122a2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/26 16:01:12.0281 3516 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/26 16:01:12.0359 3516 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/26 16:01:12.0437 3516 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/26 16:01:12.0515 3516 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/26 16:01:12.0578 3516 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/26 16:01:12.0781 3516 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/26 16:01:12.0875 3516 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/26 16:01:12.0953 3516 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/26 16:01:13.0015 3516 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/26 16:01:13.0093 3516 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/26 16:01:13.0281 3516 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/26 16:01:13.0359 3516 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/26 16:01:13.0484 3516 LEX_AS_NIC_SERVICE_YNOS (f03fc45e839912cb576e2496f582867c) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys
2011/06/26 16:01:13.0593 3516 massfilter (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys
2011/06/26 16:01:13.0671 3516 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/26 16:01:13.0859 3516 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/26 16:01:13.0953 3516 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/26 16:01:14.0046 3516 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/26 16:01:14.0171 3516 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/26 16:01:14.0609 3516 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/26 16:01:14.0718 3516 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/26 16:01:14.0812 3516 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/26 16:01:15.0031 3516 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/26 16:01:15.0125 3516 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/26 16:01:15.0218 3516 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/26 16:01:15.0281 3516 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/26 16:01:15.0359 3516 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/26 16:01:15.0562 3516 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/26 16:01:15.0640 3516 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/26 16:01:15.0734 3516 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/26 16:01:15.0843 3516 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/26 16:01:16.0015 3516 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/26 16:01:16.0062 3516 Ndisprot (e94265636d893314463cb650e43c3eb5) C:\WINDOWS\system32\DRIVERS\ndisprot.sys
2011/06/26 16:01:16.0140 3516 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/26 16:01:16.0218 3516 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/26 16:01:16.0265 3516 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/26 16:01:16.0328 3516 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/26 16:01:16.0406 3516 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/26 16:01:16.0578 3516 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/26 16:01:16.0656 3516 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/26 16:01:16.0765 3516 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/26 16:01:16.0843 3516 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/26 16:01:17.0109 3516 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/26 16:01:17.0281 3516 nv (0a71bc580c55dc6fec466d8533569e66) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/26 16:01:17.0546 3516 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/26 16:01:17.0609 3516 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/26 16:01:17.0703 3516 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/26 16:01:17.0812 3516 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/26 16:01:17.0984 3516 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/26 16:01:18.0078 3516 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/26 16:01:18.0171 3516 PCANDIS5 (d0084a9ade989fe703e4f22171f4e4dc) C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS
2011/06/26 16:01:18.0234 3516 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/26 16:01:18.0328 3516 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/26 16:01:18.0515 3516 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/26 16:01:18.0765 3516 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/26 16:01:18.0828 3516 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/26 16:01:18.0875 3516 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/26 16:01:18.0937 3516 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/26 16:01:19.0171 3516 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/26 16:01:19.0343 3516 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/26 16:01:19.0406 3516 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/26 16:01:19.0468 3516 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/26 16:01:19.0531 3516 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/26 16:01:19.0609 3516 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/26 16:01:19.0687 3516 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/26 16:01:19.0906 3516 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/26 16:01:20.0031 3516 s217bus (0266151de3f36429f6ac3c4b28085061) C:\WINDOWS\system32\DRIVERS\s217bus.sys
2011/06/26 16:01:20.0093 3516 s217mdfl (a43c0af0e46be7ef0c7e8ccf0f058600) C:\WINDOWS\system32\DRIVERS\s217mdfl.sys
2011/06/26 16:01:20.0171 3516 s217mdm (005f5ded1ed8f8a9d2399d765ead20f1) C:\WINDOWS\system32\DRIVERS\s217mdm.sys
2011/06/26 16:01:20.0250 3516 s217mgmt (de9562ad0c91e1857d11f65a91ee1a47) C:\WINDOWS\system32\DRIVERS\s217mgmt.sys
2011/06/26 16:01:20.0328 3516 s217nd5 (11cc5d7f992799e7e75d018e9c018563) C:\WINDOWS\system32\DRIVERS\s217nd5.sys
2011/06/26 16:01:20.0578 3516 s217obex (0f9f4045799afb66b85eef999d0609ec) C:\WINDOWS\system32\DRIVERS\s217obex.sys
2011/06/26 16:01:20.0656 3516 s217unic (1c91e1023f07b6407d84b5a43537d984) C:\WINDOWS\system32\DRIVERS\s217unic.sys
2011/06/26 16:01:20.0750 3516 s24trans (208491a652c79871737edfe629de2c45) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/06/26 16:01:20.0843 3516 s816bus (8c156e6b568aa927eb5deadeb870bdd2) C:\WINDOWS\system32\DRIVERS\s816bus.sys
2011/06/26 16:01:20.0984 3516 s816mdfl (d4ed429953a2b8b09c702805813a26c8) C:\WINDOWS\system32\DRIVERS\s816mdfl.sys
2011/06/26 16:01:21.0109 3516 s816mdm (94306f371a6ff8b690bea81157111b3b) C:\WINDOWS\system32\DRIVERS\s816mdm.sys
2011/06/26 16:01:21.0203 3516 s816mgmt (fafdd00abad1b6029bf7f4067764ab41) C:\WINDOWS\system32\DRIVERS\s816mgmt.sys
2011/06/26 16:01:21.0281 3516 s816nd5 (fd0d1e39cb22558d79bff59b66a5874a) C:\WINDOWS\system32\DRIVERS\s816nd5.sys
2011/06/26 16:01:21.0343 3516 s816obex (8eacd5e46764463e75f171d9bf305348) C:\WINDOWS\system32\DRIVERS\s816obex.sys
2011/06/26 16:01:21.0484 3516 s816unic (e2090b041b935430abc8e184b7d6cd75) C:\WINDOWS\system32\DRIVERS\s816unic.sys
2011/06/26 16:01:21.0640 3516 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/26 16:01:21.0718 3516 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2011/06/26 16:01:21.0781 3516 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/26 16:01:21.0906 3516 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/26 16:01:22.0234 3516 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/26 16:01:22.0312 3516 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
2011/06/26 16:01:22.0468 3516 SPBBCDrv (7314d3261fd973880e0fa31fa32f515b) C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/06/26 16:01:22.0578 3516 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/26 16:01:22.0781 3516 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/26 16:01:22.0859 3516 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/26 16:01:22.0937 3516 STEC3 (e4ebf293d1f612bda19b646c36715b20) C:\WINDOWS\system32\STEC3.sys
2011/06/26 16:01:23.0031 3516 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/26 16:01:23.0156 3516 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/26 16:01:23.0296 3516 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/26 16:01:23.0500 3516 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/26 16:01:23.0593 3516 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/26 16:01:23.0687 3516 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/26 16:01:23.0812 3516 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/26 16:01:23.0859 3516 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/26 16:01:23.0953 3516 tifmsony (2c946b5dfbe608ec036f88d98658ef75) C:\WINDOWS\system32\drivers\tifmsony.sys
2011/06/26 16:01:24.0062 3516 TNPacket (52ab2f2b0d2fd7cc2fdb489c449feb8e) C:\Programme\T-DSL SpeedManager\TNPACKET.SYS
2011/06/26 16:01:24.0171 3516 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/26 16:01:24.0312 3516 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/26 16:01:24.0468 3516 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/26 16:01:24.0578 3516 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/26 16:01:24.0640 3516 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/26 16:01:24.0734 3516 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/26 16:01:24.0796 3516 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/26 16:01:24.0906 3516 UsbItf (0cdde991e84fa0e779aa9b7fabb7fdcb) C:\WINDOWS\system32\Drivers\UsbItf.sys
2011/06/26 16:01:24.0953 3516 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/26 16:01:25.0109 3516 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/26 16:01:25.0156 3516 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/26 16:01:25.0234 3516 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/26 16:01:25.0281 3516 V0220Dev (d6791fdb0f4851fb2b589632e131865b) C:\WINDOWS\system32\DRIVERS\V0220Dev.sys
2011/06/26 16:01:25.0421 3516 V0220Vfx (a0c643d5f8c60f12faa6e3454dfe9c32) C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys
2011/06/26 16:01:25.0562 3516 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/26 16:01:25.0671 3516 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/26 16:01:25.0875 3516 w29n51 (67caa926ef06e07f2d31056b39f51c54) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/06/26 16:01:26.0187 3516 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/26 16:01:26.0296 3516 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/26 16:01:26.0406 3516 winachsf (ab7646d4cb9bb83d29d21ef7e00a0d15) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/26 16:01:26.0656 3516 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/06/26 16:01:26.0796 3516 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/26 16:01:26.0875 3516 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/26 16:01:26.0953 3516 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/26 16:01:27.0046 3516 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/26 16:01:27.0187 3516 ZTEusbmdm6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
2011/06/26 16:01:27.0312 3516 ZTEusbnmea (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
2011/06/26 16:01:27.0359 3516 ZTEusbser6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
2011/06/26 16:01:27.0453 3516 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/26 16:01:27.0609 3516 ================================================================================
2011/06/26 16:01:27.0609 3516 Scan finished
2011/06/26 16:01:27.0609 3516 ================================================================================
2011/06/26 16:01:27.0625 0932 Detected object count: 0
2011/06/26 16:01:27.0625 0932 Actual detected object count: 0
|
|
26.06.2011, 15:05
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Trojaner: Log Prüfung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2011, 15:59
| #11 |
| | BKA-Trojaner: Log Prüfung Hi Arne, hier das ComboFix Log. Code:
ATTFilter ComboFix 11-06-25.05 - user1 26/06/2011 16:33:13.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.495 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\user1\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-010D-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00EB-0D24-347CA8A3377C}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\user1\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\STEC3.sys
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_STEC3
-------\Service_STEC3
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-26 bis 2011-06-26 ))))))))))))))))))))))))))))))
.
.
2011-06-26 13:50 . 2011-06-26 13:50 -------- d-----w- C:\_OTL
2011-06-25 19:53 . 2011-06-25 19:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-25 19:53 . 2011-06-25 19:53 476904 ----a-w- c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-25 19:05 . 2011-06-25 19:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-25 17:37 . 2011-06-25 17:37 -------- d-----w- c:\dokumente und einstellungen\user1\Anwendungsdaten\Malwarebytes
2011-06-25 17:37 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-25 17:37 . 2011-06-25 17:37 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-06-25 17:37 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-25 17:36 . 2011-06-25 17:37 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-06-25 16:58 . 2011-06-25 16:58 -------- d-----w- c:\windows\l2schemas
2011-06-25 16:58 . 2011-06-25 16:58 -------- d-----w- c:\windows\system32\de
2011-06-25 16:58 . 2011-06-25 16:58 -------- d-----w- c:\windows\system32\bits
2011-06-25 16:48 . 2011-06-25 16:48 -------- d-----w- c:\windows\EHome
2011-06-23 10:44 . 2011-06-23 10:48 -------- d-----w- c:\dokumente und einstellungen\Administrator.NAME-467835018E
2011-06-06 10:55 . 2011-06-06 10:55 183696 ----a-w- c:\programme\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 10:55 . 2011-06-06 10:55 183696 ----a-w- c:\programme\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="c:\programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programme\Apoint\Apoint.exe" [2003-11-07 114688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-09 6746112]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-29 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-29 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-29 114688]
"SonyPowerCfg"="c:\programme\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 184320]
"VAIO Update 2"="c:\programme\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"avgnt"="c:\programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"AVFX Engine"="c:\programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-08 24576]
"V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-05-16 28672]
"OlStatusMon"="c:\programme\Olivetti\ANY_WAY\olDvcStatus.exe" [2006-01-03 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2009-09-09 198160]
"UIExec"="c:\programme\Mobile Partner Manager\UIExec.exe" [2010-07-16 138584]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\user1\Startmen\Programme\Autostart\
Picture Motion Browser Media Check Tool.lnk - c:\programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-8-4 344064]
Yahoo! Widget Engine.lnk - c:\programme\Yahoo!\Widgets\YahooWidgetEngine.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Spyware Doctor"="c:\programme\Spyware Doctor\sndoctor.exe.exe" /Q
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Dokumente und Einstellungen\\user1\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programme\\SightSpeed\\SightSpeed.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:*:Disabled:E-MULE TCP
"4672:UDP"= 4672:UDP:*:Disabled:E-MULE UDP
.
R1 Ndisprot;GreenPacket NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [12.11.2010 17:33 21504]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 olMntrService;olMntrService;c:\programme\Olivetti\ANY_WAY\olMntrService.exe [03.01.2006 11:36 69632]
R2 UI Assistant Service;UI Assistant Service;c:\programme\Mobile Partner Manager\AssistantServices.exe [12.11.2010 17:33 252784]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [24.03.2010 21:32 27632]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [08.01.2010 16:48 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [08.01.2010 16:48 135664]
S3 HttpUsb;XML interface;c:\windows\system32\drivers\HttpUsb.sys [11.09.2006 19:00 31784]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [12.11.2010 17:33 9216]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [31.07.2008 21:01 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [31.07.2008 21:01 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [31.07.2008 21:01 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [31.07.2008 21:01 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [31.07.2008 21:01 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [31.07.2008 21:01 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [31.07.2008 21:01 97704]
S3 sgbx_device;sgbx_device;c:\windows\system32\sgbxcoms.exe -service --> c:\windows\system32\sgbxcoms.exe -service [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 TNPacket;T-Systems Nova Packet Capture Driver;c:\programme\T-DSL SpeedManager\TNPACKET.SYS [11.03.2004 17:44 9696]
S3 UsbItf;MF F@X activities;c:\windows\system32\drivers\UsbItf.sys [11.09.2006 19:00 10240]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [25.05.2007 08:30 145472]
S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [25.05.2007 08:30 6272]
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-08 14:48]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-08 14:48]
.
2011-06-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2005-11-21 14:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.mlb.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Übertragen mit Image Converter 2 Plus - c:\programme\Sony\Image Converter 2\menu.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
TCP: DhcpNameServer = 195.50.140.118 195.50.140.180
FF - ProfilePath - c:\dokumente und einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\bcbdm93j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\programme\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\programme\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-HijackThis - c:\dokume~1\user1\LOKALE~1\Temp\Rar$EX00.188\HijackThis.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-26 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(3580)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\programme\AntiVir PersonalEdition Classic\sched.exe
c:\programme\AntiVir PersonalEdition Classic\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Sony\VAIO Event Service\VESMgr.exe
c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programme\Apoint\Apntex.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ICO.EXE
c:\programme\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-26 16:50:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-06-26 14:49
.
Vor Suchlauf: 11 Verzeichnis(se), 26,050,912,256 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 28,338,458,624 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 509A96A7EA262979909B4649830E6E34
|
|
26.06.2011, 16:00
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Trojaner: Log Prüfung Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2011, 18:00
| #13 |
| | BKA-Trojaner: Log Prüfung Hi Arne, GMER hat wirklich eine Menge Zeit gebraucht, aber geschafft! Hier das GMER Log: Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-26 18:44:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541010G9AT00 rev.MBZOA60A
Running: ifi22yxu.exe; Driver: C:\DOKUME~1\user1\LOKALE~1\Temp\pwpcrkoc.sys
---- Kernel code sections - GMER 1.0.15 ----
? Combo-Fix.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6768360, 0x1DD36D, 0xE8000020]
? C:\ComboFix\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:54:07 on 26.06.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Symantec NetDetect.job" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\NDETECT.EXE [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "VCCenter.cpl" - "Sony Corporation" - C:\WINDOWS\system32\VCCenter.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl "Avira AntiVir PersonalEdition Classic Konfiguration" - "Avira GmbH" - C:\PROGRA~1\ANTIVI~1\avconfig.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP1.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.2.0.3" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DLABOIOM" (DLABOIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLABOIOM.SYS "DLACDBHM" (DLACDBHM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS "DLADResN" (DLADResN) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLADResN.SYS "DLAIFS_M" (DLAIFS_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAIFS_M.SYS "DLAOPIOM" (DLAOPIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAOPIOM.SYS "DLAPoolM" (DLAPoolM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAPoolM.SYS "DLARTL_N" (DLARTL_N) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLARTL_N.SYS "DLAUDFAM" (DLAUDFAM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDFAM.SYS "DLAUDF_M" (DLAUDF_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDF_M.SYS "DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS "DRVNDDM" (DRVNDDM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS "GreenPacket NDIS Protocol Driver" (Ndisprot) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\ndisprot.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - C:\DOKUME~1\user1\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "MF F@X activities" (UsbItf) - "OEM" - C:\WINDOWS\System32\Drivers\UsbItf.sys "PCANDIS5 Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys "pwpcrkoc" (pwpcrkoc) - ? - C:\DOKUME~1\user1\LOKALE~1\Temp\pwpcrkoc.sys (Hidden registry entry, rootkit activity | File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys "T-Systems Nova Packet Capture Driver" (TNPacket) - "T-Systems Nova GmbH" - C:\Programme\T-DSL SpeedManager\TNPACKET.SYS "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys "XML interface" (HttpUsb) - "OEM" - C:\WINDOWS\System32\Drivers\HttpUsb.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll {32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - ? - (File not found | COM-object registry key not found) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {C6643EC0-49AC-4c15-A455-04104DB900A9} "Image Converter context menu" - " " - C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMPanel.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {4528BBE0-4E08-11D5-AD55-00010333D0AD} "{4528BBE0-4E08-11D5-AD55-00010333D0AD}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} "BatchDownloader Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\DigWXMSN.dll / hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} "Installation Support" - "Yahoo! Inc." - C:\Programme\Yahoo!\Common\Yinsthelper.dll / C:\Programme\Yahoo!\Common\Yinsthelper.dll {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab {9122D757-5A4F-4768-82C5-B4171D8556A7} "PhotoPickConvert Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\PhtPkMSN.dll / hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {53707962-6F74-2D53-2644-206D7942484F} "{53707962-6F74-2D53-2644-206D7942484F}" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Autostart\desktop.ini "Picture Motion Browser Media Check Tool.lnk" - "Sony Corporation" - C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Shortcut exists | File exists) "Yahoo! Widget Engine.lnk" - ? - C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Autostart\Yahoo! Widget Engine.lnk (Shortcut exists | File not found) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Creative Live! Cam Manager" - "Creative Technology Ltd." - "C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe "AVFX Engine" - "Creative Technology Ltd." - C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe "avgnt" - "Avira GmbH" - "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min "DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "DLA" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLACTRLW.EXE "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "OlStatusMon" - "Olivetti" - "C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SonyPowerCfg" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMgr.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot "UIExec" - ? - "C:\Programme\Mobile Partner Manager\UIExec.exe" (File found, but it contains no detailed information) "VAIO Update 2" - ? - "C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll "Crystal Port" - "Sagem" - C:\WINDOWS\system32\sgbxlmpm.dll "Printer Port" - "Sagem" - C:\WINDOWS\system32\sgbxlmpm.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe Active File Monitor V4" (AdobeActiveFileMonitor4.0) - ? - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (File found, but it contains no detailed information) "AntiVir PersonalEdition Classic Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe "AntiVir PersonalEdition Classic Planer" (AntiVirScheduler) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\sched.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Bonjour Service" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "EvtEng" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update Service (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Image Converter video recording monitor for VAIO Entertainment" (Image Converter video recording monitor for VAIO Entertainment) - "Sony Corporation" - C:\Programme\Sony\Image Converter 2\IcVzMon.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod Service" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe "MSSQL$VAIO_VEDB" (MSSQL$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe "MSSQLServerADHelper" (MSSQLServerADHelper) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe "olMntrService" (olMntrService) - "Olivetti" - C:\Programme\Olivetti\ANY_WAY\olMntrService.exe "PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe "RegSrvc" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "sgbx_device" (sgbx_device) - "Sagem" - C:\WINDOWS\system32\sgbxcoms.exe "Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe "Spectrum24 Event Monitor" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "SQLAgent$VAIO_VEDB" (SQLAgent$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE "Symantec SPBBCSvc" (SPBBCSvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe "TSMService" (TSMService) - "T-Systems Nova, Berkom" - C:\Programme\T-DSL SpeedManager\tsmsvc.exe "UI Assistant Service" (UI Assistant Service) - ? - C:\Programme\Mobile Partner Manager\AssistantServices.exe (File found, but it contains no detailed information) "VAIO Cooporated Initialisation" (VCI) - "Sony Corporation" - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe "VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe "VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe "VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe "VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe "VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Programme\Sony\VAIO Event Service\VESMgr.exe "VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe "VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe "VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe "VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "VESWinlogon" - "Sony Corporation" - C:\WINDOWS\system32\VESWinlogon.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Und das MBRCheck Log: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF7A0C000 \WINDOWS\system32\KDCOM.DLL
0xF791C000 \WINDOWS\system32\BOOTVID.dll
0xF73DC000 ACPI.sys
0xF7A0E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF73CB000 pci.sys
0xF750C000 isapnp.sys
0xF751C000 ohci1394.sys
0xF752C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7920000 compbatt.sys
0xF7924000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7AD4000 pciide.sys
0xF778C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A10000 intelide.sys
0xF73AD000 pcmcia.sys
0xF753C000 MountMgr.sys
0xF738E000 ftdisk.sys
0xF7928000 ACPIEC.sys
0xF7AD5000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7794000 PartMgr.sys
0xF754C000 VolSnap.sys
0xF7376000 atapi.sys
0xF755C000 disk.sys
0xF756C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7356000 fltmgr.sys
0xF7344000 sr.sys
0xF757C000 PxHelp20.sys
0xF732E000 DRVMCDB.SYS
0xF7317000 KSecDD.sys
0xF7304000 WudfPf.sys
0xF7277000 Ntfs.sys
0xF724A000 NDIS.sys
0xF758C000 Combo-Fix.sys
0xF7230000 Mup.sys
0xF75AC000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF777C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF79D0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6768000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6754000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF672C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7854000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6708000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF785C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF66EB000 \SystemRoot\system32\drivers\tifmsony.sys
0xF63C9000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF63A3000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7864000 \SystemRoot\System32\Drivers\SonyNC.sys
0xF75BC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF786C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF638C000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF7874000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6B04000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF787C000 \SystemRoot\system32\drivers\Afc.sys
0xF7A28000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF6AF4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6AE4000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6369000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7884000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7BB5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6AD4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF79DC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6352000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6AC4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6AB4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF788C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6319000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6AA4000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7894000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF789C000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6A94000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF78A4000 \SystemRoot\system32\DRIVERS\seehcri.sys
0xF7A2A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF62BB000 \SystemRoot\system32\DRIVERS\update.sys
0xF79EC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6A84000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF3EB7000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF3E93000 \SystemRoot\system32\drivers\portcls.sys
0xF6A74000 \SystemRoot\system32\drivers\drmk.sys
0xF3E67000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xF3D6A000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF3CBB000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF78AC000 \SystemRoot\System32\Drivers\Modem.SYS
0xF75CC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A2E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A32000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7ADE000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A34000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78CC000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF78D4000 \SystemRoot\System32\drivers\vga.sys
0xF7A36000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A38000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78DC000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78E4000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF71DF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3C88000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF3C2F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3C07000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF71D7000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF78EC000 \SystemRoot\system32\DRIVERS\ndisprot.sys
0xF3BE5000 \SystemRoot\System32\drivers\afd.sys
0xF75FC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3B97000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF760C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF3B6C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3AFC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF761C000 \SystemRoot\System32\Drivers\Fips.SYS
0xF762C000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF7B33000 \SystemRoot\system32\DRIVERS\DMICall.sys
0xF7A3C000 \??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys
0xF766C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF3AE4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A42000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6336000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7904000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BE9000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF774C000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7BB7000 \SystemRoot\System32\DLA\DLADResN.SYS
0xBA772000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF79A8000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7A60000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF77B4000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xBA75A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xBA744000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xBA73C000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xBA738000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xBA670000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA3F7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA434000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xBA46C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xBA1C0000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA0BC000 \??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
0xB9F67000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA5C4000 \SystemRoot\system32\drivers\sysaudio.sys
0xB9AF0000 \SystemRoot\System32\Drivers\HTTP.sys
0xF77EC000 \??\C:\ComboFix\catchme.sys
0xF7A68000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB8693000 \??\C:\DOKUME~1\user1\LOKALE~1\Temp\pwpcrkoc.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 62):
0 System Idle Process
4 System
804 C:\WINDOWS\system32\smss.exe
880 csrss.exe
904 C:\WINDOWS\system32\winlogon.exe
948 C:\WINDOWS\system32\services.exe
960 C:\WINDOWS\system32\lsass.exe
1144 C:\WINDOWS\system32\svchost.exe
1216 svchost.exe
1356 C:\WINDOWS\system32\svchost.exe
1392 C:\WINDOWS\system32\svchost.exe
1520 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
1560 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
1608 svchost.exe
1732 svchost.exe
152 C:\WINDOWS\system32\spoolsv.exe
636 svchost.exe
668 C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
692 C:\Programme\AntiVir PersonalEdition Classic\sched.exe
708 C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
744 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
772 C:\Programme\Bonjour\mDNSResponder.exe
924 C:\Programme\Java\jre6\bin\jqs.exe
1312 C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
1800 C:\WINDOWS\system32\nvsvc32.exe
1816 C:\Programme\Olivetti\ANY_WAY\olMntrService.exe
1868 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
208 C:\WINDOWS\system32\svchost.exe
320 C:\Programme\Mobile Partner Manager\AssistantServices.exe
412 C:\Programme\Sony\VAIO Event Service\VESMgr.exe
580 C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
1444 C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
1808 C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
2692 alg.exe
3256 C:\WINDOWS\system32\svchost.exe
3544 C:\WINDOWS\system32\wbem\wmiapsrv.exe
1272 C:\Programme\Apoint\Apoint.exe
1152 C:\Programme\Apoint\ApntEx.exe
4036 C:\WINDOWS\RTHDCPL.EXE
4060 C:\WINDOWS\system32\ico.exe
996 C:\Programme\Sony\VAIO Power Management\SPMgr.exe
2112 C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe
2408 C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
2668 C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe
760 C:\WINDOWS\V0220Mon.exe
752 C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe
2968 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
3016 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
3144 C:\Programme\Mobile Partner Manager\UIExec.exe
3348 C:\Programme\iTunes\iTunesHelper.exe
3448 C:\Programme\DivX\DivX Update\DivXUpdate.exe
3504 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
3396 C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
340 C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
3432 C:\Programme\iPod\bin\iPodService.exe
3580 C:\WINDOWS\explorer.exe
3632 C:\WINDOWS\system32\wscntfy.exe
1476 C:\Dokumente und Einstellungen\user1\Desktop\ifi22yxu.exe
2316 C:\WINDOWS\system32\igfxsrvc.exe
3488 C:\Programme\Mozilla Firefox\firefox.exe
1208 C:\Dokumente und Einstellungen\user1\Desktop\osam_autorun_manager_5_0_portable\osam.exe
3944 C:\Dokumente und Einstellungen\user1\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`bf1f2000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`63719c00 (NTFS)
PhysicalDrive0 Model Number: HTS541010G9AT00, Rev: MBZOA60A
Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
|
|
27.06.2011, 09:46
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Trojaner: Log Prüfung Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.06.2011, 19:00
| #15 |
| | BKA-Trojaner: Log Prüfung Hi Arne, vielen Dank für die Antwort, ich werde die Logs posten, sobald ich von der Arbeit zurückkomme. Inzwischen eine Frage: Falls das System nach den letzten Logs als clean bezeichnet werden könnte, wäre dann in Ordnung beispielsweise Online-Banking, Emails usw. erneut zu benutzen? Natürlich nach Änderung der PIN bzw. der Passwörter... Oder wäre besser das System komplett neu aufzusetzen? Danke, bis später |
|
| Themen zu BKA-Trojaner: Log Prüfung |
| adobe, adware.mywebsearch, anti-malware, antivirus, code, dateien, einstellungen, explorer, kaspersky, link, löschen, malware.trace, malwarebytes, mein log, microsoft, rechner, rogue.link, rogue.winantivirus, safer networking, security, service, software, tools, trojan.zlob, trojaner-board, version |
Textbox.
.
