Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.05.2010, 12:34   #1
rwjstoehr
 
Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert? - Standard

Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?



Hallo,
im Nachhinein habe ich festgestellt, dass die Datei dhm.scr, die ich mit Rechtsklick - "Testen" - ausgeführt habe, Bifrose / Bifrost enthalten könnte. Norton SONAR hat zwar die Ausführung mit der Meldung "Verdächtige Aktivität" gestoppt und die Datei gelöscht, ich weiss aber nicht, ob doch eine Infektion passiert ist.

Mein Rechner zeigt erst mal kein verdächtiges Verhalten, meine Frage: Welche Anzeichen würde mein Rechner zeigen, wenn er infiziert wäre?

Hier auf alle Fälle mal das Hijack-Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:19:57, on 23.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Philips\SPC230NC\Monitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\user\Documents\RST-root\2-Operations\Software\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Qbyrd Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O3 - Toolbar: Qbyrd Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [DRCU] "C:\Program Files\Sony\DRCU\DRCU.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\Windows\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPC230NC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [SPC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: An PDF Genie 4 senden - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\DATA BECKER\PDF Genie 4\pdfshell.dll
O9 - Extra 'Tools' menuitem: An PDF Genie 4 senden - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\DATA BECKER\PDF Genie 4\pdfshell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - h**p://download.sopcast.cn/download/SOPCORE.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: 4G USB-Plug Service - 4G Systems GmbH & Co. KG - C:\Windows\service4g.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetDrive Service (ndsvc) - SolutionBox - C:\Program Files\Netdrive\ndsvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (h**p) (VAIOMediaPlatform-IntegratedServer-h**p) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_h**pd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (h**p) (VAIOMediaPlatform-UCLS-h**p) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_h**pd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Unknown owner - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe (file missing)
O23 - Service: soft Xpansion Print2Document (WPEServ) - soft Xpansion - C:\Program Files\Common Files\WPE\wpeserv.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: WTGService - Unknown owner - C:\Program Files\XSManager\wtgservice.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14661 bytes

Alt 23.05.2010, 22:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert? - Standard

Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 24.05.2010, 10:46   #3
rwjstoehr
 
Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert? - Standard

Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?



Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4134

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

24.05.2010 11:37:08
mbam-log-2010-05-24 (11-37-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 383772
Laufzeit: 2 Stunde(n), 31 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\irgendwo in einem Dateiarchiv\***\keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\irgendwo in einem Dateiarchiv\***\Keygen.exe (RiskWare.Tool.CK) -> No action taken.

Die beiden gemeldeten Dateien wurden nicht auf diesem Rechner geöffnet, sie liegen in einem alten Archiv c:\user\documente\archive\... und werden auch von Norton, Webroot etc. als clean eingestuft. Die waren auch schon vor dem vermeintlichen Befall mit Bifrose/Bitfrost da.
__________________

Alt 24.05.2010, 10:57   #4
rwjstoehr
 
Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert? - Standard

Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?



Code:
ATTFilter
OTL logfile created on: 24.05.2010 11:49:04 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\user\Documents\RST-root\2-Operations\Software
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 158,70 Gb Total Space | 67,80 Gb Free Space | 42,72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SONY-VAIO-SZ71M
Current User Name: user
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\user\Documents\RST-root\2-Operations\Software\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Programme\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\XSManager\WTGService.exe ()
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Netdrive\ndsvc.exe (SolutionBox)
PRC - C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Programme\Common Files\WPE\wpeserv.exe (soft Xpansion)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\user\Documents\RST-root\2-Operations\Software\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Norton Internet Security\Engine\17.6.0.32\asoehook.dll (Symantec Corporation)
MOD - C:\Programme\Norton Internet Security\Engine\17.6.0.32\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Programme\Norton Internet Security\Engine\17.6.0.32\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msi.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msiltcfg.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WDFNet) --  File not found
SRV - (SeaPort) --  File not found
SRV - (gusvc) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe ()
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (ndsvc) -- C:\Program Files\Netdrive\ndsvc.exe (SolutionBox)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (WPEServ) -- C:\Programme\Common Files\WPE\wpeserv.exe (soft Xpansion)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (4G USB-Plug Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (VzFw) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-h**p) VAIO Media Content Collection (h**p) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_h**pd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-h**p) VAIO Media Integrated Server (h**p) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_h**pd.exe (Sony Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (MSCSPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100522.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100522.003\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1106000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1106000.020\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1106000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1106000.020\ccHPx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1106000.020\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1106000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\system32\DRIVERS\tdrpm258.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100513.002\IDSvix86.sys (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1106000.020\SYMDS.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (ndfs) -- C:\Programme\Netdrive\ndfs.sys (SolutionBox)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (cm_ser) -- C:\Windows\System32\drivers\cm_ser.sys (C-motech Co.,Ltd.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (SPC230NC) -- C:\Windows\System32\drivers\SPC230NC.SYS (PixArt Imaging Inc.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (shpf) -- C:\Windows\system32\DRIVERS\shpf.sys (Sony Corporation)
DRV - (PAEAFLT.sys) -- C:\Windows\System32\drivers\PAEAFLT.sys (PixArt Imaging Incorporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (SPI) -- C:\Windows\System32\drivers\SonyPI.sys (Sony Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HPFXFAX) -- C:\Windows\System32\drivers\hpfxfax.sys (Hewlett Packard)
DRV - (HPFXBULK) -- C:\Windows\System32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (UPATC) -- C:\Windows\System32\drivers\upatc.sys (SCM Microsystems Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.club-vaio.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "h**p://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009.11.15 13:17:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.05.01 13:25:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.02.24 19:30:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Users\user\Portable Ralf\PortableApps\FirefoxPortable\App\firefox\components [2010.05.01 13:32:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Users\user\Portable Ralf\PortableApps\FirefoxPortable\App\firefox\plugins [2010.05.11 19:12:53 | 000,000,000 | ---D | M]
 
[2010.01.16 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2010.05.13 12:39:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ihnixyl6.default\extensions
[2010.01.16 11:56:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ihnixyl6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.24 13:40:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ihnixyl6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
 
O1 HOSTS File: ([2010.02.23 20:43:23 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DRCU] C:\Program Files\Sony\DRCU\DRCU.exe (Sony Corporation)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\Windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\system32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\system32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: An PDF Genie 4 senden - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Programme\DATA BECKER\PDF Genie 4\pdfshell.dll (soft Xpansion)
O9 - Extra 'Tools' menuitem : An PDF Genie 4 senden - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Programme\DATA BECKER\PDF Genie 4\pdfshell.dll (soft Xpansion)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: trustcenter.de ([www] h**ps in Vertrauenswürdige Sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} h**p://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} h**p://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} h**p://download.sopcast.cn/download/SOPCORE.CAB (SopCore Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\h**p\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**p\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O30 - LSA: Authentication Packages - (ft Co) -  File not found
O30 - LSA: Security Packages - (X2嘀㬪蘁 獭ㅶた搮汬) -  File not found
O30 - LSA: Security Packages - (>뻯㭙娵㭙娵&) -  File not found
O30 - LSA: Security Packages - (껄) -  File not found
O30 - LSA: Security Packages - () -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{022865df-1c05-11df-abac-001e3d3aec96}\Shell - "" = AutoRun
O33 - MountPoints2\{022865df-1c05-11df-abac-001e3d3aec96}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{067049e1-1a72-11df-b2b8-001e3d3aec96}\Shell - "" = AutoRun
O33 - MountPoints2\{067049e1-1a72-11df-b2b8-001e3d3aec96}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{067049f8-1a72-11df-b2b8-001e3d3aec96}\Shell - "" = AutoRun
O33 - MountPoints2\{067049f8-1a72-11df-b2b8-001e3d3aec96}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{455d0e56-a4cd-11dd-a877-001a805b6367}\Shell - "" = AutoRun
O33 - MountPoints2\{455d0e56-a4cd-11dd-a877-001a805b6367}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{455d0e9b-a4cd-11dd-a877-001a805b6367}\Shell - "" = AutoRun
O33 - MountPoints2\{455d0e9b-a4cd-11dd-a877-001a805b6367}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{455d0f4c-a4cd-11dd-a877-001a805b6367}\Shell - "" = AutoRun
O33 - MountPoints2\{455d0f4c-a4cd-11dd-a877-001a805b6367}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{9821c3f3-f420-11dc-b142-001e3d3aec96}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{b28a9cce-6fea-11de-9ccf-001a805b6367}\Shell - "" = AutoRun
O33 - MountPoints2\{b28a9cce-6fea-11de-9ccf-001a805b6367}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{b8287cb8-1b3d-11df-a294-001e3d3aec96}\Shell - "" = AutoRun
O33 - MountPoints2\{b8287cb8-1b3d-11df-a294-001e3d3aec96}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{cbc33751-102c-11dd-ac1e-001a805b6367}\Shell - "" = AutoRun
O33 - MountPoints2\{cbc33751-102c-11dd-ac1e-001a805b6367}\Shell\AutoRun\command - "" = G:\LapNetWizard.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\H:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{b7a07dcb-f41f-11dc-83cc-806e6f6e6963}\bootwiz\asrm.bin) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.21 18:39:35 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.05.21 18:39:33 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.21 18:25:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2010.05.21 18:25:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.21 18:25:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.21 18:25:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.21 18:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.21 18:01:29 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.05.11 19:12:53 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.05.11 19:12:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.05.11 19:12:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.05.11 19:12:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.05.08 12:15:43 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.05.08 12:15:43 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.05.01 19:16:35 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.05.01 19:16:33 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.05.01 19:11:48 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.05.01 18:37:41 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.24 11:51:02 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.24 11:51:02 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.24 11:50:17 | 005,505,024 | ---- | M] () -- C:\Users\user\ntuser.dat
[2010.05.23 20:01:33 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000E80.LCS
[2010.05.23 14:52:53 | 000,020,446 | ---- | M] () -- C:\Users\user\AppData\Roaming\mainhst.zgh
[2010.05.23 13:51:08 | 000,131,879 | ---- | M] () -- C:\Users\user\AppData\Roaming\nvModes.001
[2010.05.23 13:50:43 | 000,004,381 | ---- | M] () -- C:\Windows\win.ini
[2010.05.23 13:50:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.23 13:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.23 13:50:22 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.23 13:48:52 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.23 13:48:34 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{71d2cd40-b470-11dd-8797-001a805b6367}.TMContainer00000000000000000001.regtrans-ms
[2010.05.23 13:48:34 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{71d2cd40-b470-11dd-8797-001a805b6367}.TM.blf
[2010.05.23 13:48:24 | 003,476,739 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
[2010.05.21 18:25:31 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.21 18:07:18 | 000,035,274 | ---- | M] () -- C:\Users\user\Documents\cc_20100521_180706.reg
[2010.05.21 18:01:30 | 000,001,670 | ---- | M] () -- C:\Users\user\Desktop\CCleaner.lnk
[2010.05.20 17:39:13 | 001,573,880 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.20 17:39:13 | 000,678,316 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.20 17:39:13 | 000,636,790 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.20 17:39:13 | 000,147,018 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.20 17:39:13 | 000,119,616 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.14 12:49:06 | 000,455,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.11 00:25:15 | 000,304,160 | ---- | M] () -- C:\SPC230NC.DAT
[2010.05.08 12:15:41 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.05.08 12:15:40 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.05.07 16:40:58 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.05.07 16:34:46 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.05.01 19:17:31 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.05.01 18:37:47 | 000,001,020 | ---- | M] () -- C:\Users\user\Desktop\FrostWire 4.20.6.lnk
[2010.05.01 18:17:52 | 000,000,752 | ---- | M] () -- C:\Users\user\Desktop\µTorrent.lnk
[2010.05.01 14:27:19 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.21 18:25:30 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.21 18:07:09 | 000,035,274 | ---- | C] () -- C:\Users\user\Documents\cc_20100521_180706.reg
[2010.05.21 18:01:30 | 000,001,670 | ---- | C] () -- C:\Users\user\Desktop\CCleaner.lnk
[2010.05.01 19:17:31 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.05.01 18:37:46 | 000,001,020 | ---- | C] () -- C:\Users\user\Desktop\FrostWire 4.20.6.lnk
[2010.05.01 18:17:51 | 000,000,752 | ---- | C] () -- C:\Users\user\Desktop\µTorrent.lnk
[2010.02.25 21:44:11 | 000,000,842 | ---- | C] () -- C:\Windows\System32\SPC230NC.INI
[2009.09.27 13:40:02 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2009.09.13 12:23:50 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.04 00:50:10 | 000,000,137 | ---- | C] () -- C:\Windows\oports.INI
[2009.08.22 15:10:11 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll
[2009.06.01 12:27:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.01.13 00:37:15 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2008.12.23 17:33:18 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008.12.06 20:15:14 | 003,086,336 | ---- | C] () -- C:\Windows\System32\NCMedia.dll
[2008.12.06 20:15:14 | 003,086,336 | ---- | C] () -- C:\Windows\System32\flvvideo.dll
[2008.12.06 20:15:14 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.12.06 20:15:14 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2008.12.06 20:00:43 | 007,277,568 | ---- | C] () -- C:\Windows\System32\iPodmedia.dll
[2008.11.22 20:15:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.08.15 19:40:59 | 000,237,568 | ---- | C] () -- C:\Windows\System32\Unlha32.dll
[2008.08.15 19:40:57 | 000,473,600 | ---- | C] () -- C:\Windows\System32\Harmony.dll
[2008.04.06 11:31:37 | 000,000,221 | ---- | C] () -- C:\Windows\wpd99.drv
[2008.04.03 18:48:55 | 000,118,784 | ---- | C] () -- C:\Windows\System32\pdfmona.dll
[2008.04.03 18:48:55 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2008.03.21 19:45:06 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008.03.21 19:45:06 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2008.03.21 19:45:06 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll
[2008.03.21 19:45:06 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2008.03.21 19:45:06 | 000,182,784 | ---- | C] () -- C:\Windows\System32\DGVorbis.dll
[2008.03.21 19:45:06 | 000,175,104 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.03.21 19:45:06 | 000,118,784 | ---- | C] () -- C:\Windows\System32\MP3DEE.DLL
[2008.03.21 19:45:06 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2008.03.21 19:45:05 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kwab.dll
[2008.03.19 17:50:13 | 001,482,240 | ---- | C] () -- C:\Windows\System32\PDFCtrl.dll
[2008.03.19 17:50:12 | 001,607,680 | ---- | C] () -- C:\Windows\System32\iPostCtl.dll
[2008.03.19 17:50:11 | 001,860,096 | ---- | C] () -- C:\Windows\System32\iFaxCtrl.dll
[2008.03.17 22:59:57 | 000,000,494 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.02.02 05:26:55 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008.02.02 05:15:50 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2008.01.09 11:08:32 | 000,962,560 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007.10.30 11:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.02.10 20:42:42 | 000,000,182 | ---- | C] () -- C:\Windows\Comcenter.ini
[2003.01.07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.07.07 05:00:00 | 000,003,254 | ---- | C] () -- C:\Windows\System32\HPTCPMON.INI
[2000.02.24 05:03:04 | 000,061,502 | ---- | C] () -- C:\Windows\System32\ODBCMON.DLL
< End of report >
         

Alt 24.05.2010, 11:00   #5
rwjstoehr
 
Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert? - Standard

Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?



Code:
ATTFilter
OTL Extras logfile created on: 24.05.2010 11:49:04 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\user\Documents\RST-root\2-Operations\Software
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 158,70 Gb Total Space | 67,80 Gb Free Space | 42,72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SONY-VAIO-SZ71M
Current User Name: user
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\user\Portable Ralf\PortableApps\FirefoxPortable\App\firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-655030806-4062572646-3381737835-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09335B0C-8DFA-468C-ABF0-9A4E7949BC86}" = lport=139 | protocol=6 | dir=in | app=system | 
"{15100C31-53AE-4B75-9345-CF81D8D07716}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{2752F847-277C-4286-B067-5EDB2549A92F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2BC725ED-A0DD-4E4C-8706-E96D9752A33A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{427B7C73-53A9-4101-AC53-44A2B70799AB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{51BE50AC-B1B1-407C-B743-E545A7B46A2F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{525265AC-0C92-4FA3-A34A-338958F1889A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5508461D-453D-4500-979D-A4B401132C23}" = rport=137 | protocol=17 | dir=out | app=system | 
"{62F6F0EE-6F35-4464-8251-98AB3F85EBB2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{6A4AA0BE-715D-42AA-A82B-DA786AD178E0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{6BB0B237-28C1-4140-90E2-6307FD843BEB}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{6F6751C2-BE17-472C-8DB4-D1124E74861D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{7704851E-AE15-4591-B120-565D9F9CB092}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8CAF8EBE-4776-4DA9-B71E-771A507ACDEB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8CBBA483-1DD5-4AF2-BF4A-A520D093AD01}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8E6BEC12-20B3-4B2A-87F4-1D9B53666B00}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A3287862-2F43-4365-98D8-34F3669EEBF3}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{A3F35279-570A-4BA8-97E1-C83D9E85647E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{A950FD6F-FF2C-4583-9408-3BC391E5D171}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AB6B5687-8C61-437C-A415-4956A68E8250}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AC07CF9B-1EB9-4143-8A53-274403F5D967}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AF96E1E2-F312-4ABA-8BF1-2600BB7B2172}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BB5833AA-A754-44A9-B365-DC6DF05EEE3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CD36592B-FCBB-41AE-971F-66A912274DE6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D27F6559-92BC-4B28-AD5B-69D400FBD77D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E6F41E3B-6120-44CC-9494-1D0BCF4B8028}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F1981185-0D8C-4917-B6D1-30FB1046E355}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F24BEAFF-DD30-433F-89B0-F66DF169BF6C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F9B6F402-8463-4B7D-A667-0409CA464024}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{FAB8BC49-6C15-4323-8DAE-ADB485B9475E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001903F2-ABDF-4BDE-809A-35B277A5685D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{03A04389-7C3E-46A7-A3BE-69BE35FCC1BE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{09AAA4C5-57DB-4F5C-8DA8-8E20C6EE88A1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{1632056A-CC75-4B50-9861-53422F8952A9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{16529536-9428-4247-9076-09304A5FC66A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2070A4E0-8707-4145-9CF1-117F6C29F75F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2A7E8E2A-757B-4E3C-A391-AB2DCF374DF7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2AF71FC3-0CED-424F-8986-63BD081A1F3B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{30B342A3-48F3-4310-9044-6792741ACE1B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3E549F01-4279-450D-92E1-8030ED4773FA}" = protocol=6 | dir=in | app=c:\program files\hp\hp color laserjet cm1312 mfp series\hppfsu_cm1312.exe | 
"{3E780494-4195-4154-8A42-1BF9D7DD3CD3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{47F8D613-F860-418D-A334-9882C7AF61B5}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{4E0B56AE-EF3D-448F-9481-30456CC3DFC8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5833AC00-89C2-483F-9501-81A989E8B847}" = protocol=17 | dir=in | app=c:\program files\abelcam\abelcam.exe | 
"{5CAA651A-7E29-4DAA-BDE5-8AD86BB3D45B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{6AD90132-36CD-4AE8-AB18-154AE56E43D7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6E3EC88B-F909-41A9-857B-1A0E18BB0C75}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6E50FFD0-E910-42D9-8239-CAA32845FF37}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe | 
"{718C0C5A-9CE3-4B1C-8E71-99EA1A6634C1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7225CE02-771E-4A78-AA88-BBDA6BD1717F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{7B32A2F3-2DF8-46DC-A1FC-39BC07187C6B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7C57A760-04AF-4942-9887-EF59EC197DCD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{855F8046-3908-4D92-B70F-1FB9FEA1D41B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{86C3A258-CC68-487B-AD65-83FA9E37D6F8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{87DF37EE-7B4A-42A6-9CC1-827F54075D32}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{87EB7C91-30B7-49AA-82E5-B2FC6300F6EB}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe | 
"{977C4423-A59C-4616-9F02-1E3580A7B60C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{97970F1F-0E23-43D5-9DEA-97BF7712CE33}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{98B20838-61B5-4C56-8D2B-5E2952759C9B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{9E600CCF-9E00-446B-A79F-3BFAEDD48A26}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{A09021D3-6D19-4A1D-A153-E79B7623B6B7}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{A3C65399-905C-48F8-AFBC-4B24FB849CB7}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{A7C51AD6-32AF-41AF-8384-C2C7F43C9AF6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{ACCAC950-C3D7-47E2-8771-F374CB04B3A0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BE9F17E5-54B8-4758-94CE-2E342A627950}" = protocol=6 | dir=in | app=c:\program files\abelcam\abelcam.exe | 
"{C2F3A8C9-01F0-441E-B809-41FB9593D7FD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CC9DE5AC-3B6D-40DB-9F55-6D749ABAFC55}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CDDC9ECA-AEEA-4503-9A79-1E255B14D4A4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D5B1C37B-EDDE-4940-BB5B-DD567A3EE34A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D5EBF0BC-FD06-4DC8-B16B-2CC26E711403}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D88775FA-5B02-495B-AB37-DE589612DE61}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DB14FD30-A8F8-4039-962C-9976EDF8AE09}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{DC6B88E4-B9C8-4C07-9A27-38438D5B58F0}" = protocol=17 | dir=in | app=c:\program files\hp\hp color laserjet cm1312 mfp series\hppfsu_cm1312.exe | 
"{DC91F975-C1BA-4644-A1DD-6842AC3CAB02}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DCFAC61E-BD86-455D-8F43-4FF820596BA2}" = dir=in | app=c:\program files\norton internet security\engine\17.6.0.32\ccsvchst.exe | 
"{E6AE1690-E1B7-44CB-86B0-57D8F75021ED}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E6DADCCE-08DC-4512-884B-526F1769A258}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe | 
"{ECF1A494-453F-4F46-9C5F-35A9C33D563D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{F05994C2-6CA5-4D06-9E7F-1901E41CACB5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F8037FE6-5B09-49B0-B35D-BCEF9C3D640F}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe | 
"{F851AB4B-C1B7-43BA-B297-04AEA8959139}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FFAF6477-8285-4999-BEEF-121F06F993B3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05F350C6-FA6A-40D0-A130-FB941B39152C}" = Philips SPC230NC Webcam
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{133F46FF-B547-4462-AEAA-2322CA89CF67}" = VAIO Database Converter Ver 1.0
"{136E7A33-97D9-435C-BFDE-6A1327F2C235}" = MySQL Server 5.1
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{17C7703E-0B2A-4593-9CB7-E2FE14B6F8EA}" = Sony Snymsico for Vista
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1B2626EF-067B-4A9B-9104-85BA8B43CA09}" = SafeGuard® PrivateCrypto 2.11.1 - Unlicensed Version
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24E2F70D-B287-407D-9B5C-9D8B4C388D1A}" = hppPQVideoCM1312
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 20
"{282E3F81-CC37-44AF-8156-C35104D21033}" = Nero 7 Essentials
"{28AD24E2-BC9F-49B8-A20C-31C6C2D78428}" = VAIO Database Converter 1.0
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C2943D2-61CB-4F91-A3DA-A50FA1E93F54}" = bcWebCam
"{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000
"{2E6567D5-BCDA-4A7B-855F-687480D0835C}" = Gantt Designer
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{325D1D94-4F34-46A7-A489-737C801B931D}" = hppusgCM1312
"{3344F175-63B2-4435-8757-16613315E61C}" = Netdrive
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6970AAC9-A97B-4F89-A887-2F0636791E10}" = VAIO Status Monitor
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6DD822CC-4CDD-4949-9000-CE62C3B22B26}" = hppSendFaxCM1312
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FAF7261-8F5F-411B-9FD1-93CBCF701DAD}" = hpzTLBXFX
"{70294646-CF46-4223-A2F4-EDC6A8420B2A}" = hppFaxUtilityCM1312
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 3.0
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.3
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{92E2CA49-B6B9-4FE2-A39B-F6EA18AC5405}_is1" = Auslogics Task Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9930D47E-BF88-4EED-9531-CC9EDAE1E448}" = hppscanCM1312
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1EA13D0-40C6-4DFC-98D6-6A8AB501DA63}" = hppCLJCM1312
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABBACAD2-4DAF-490E-932B-E330B33FCF98}" = Softi FreeOCR
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C793675F-0692-4969-A9D4-C191EFBF5518}" = hppScanToCM1312
"{C88386DE-0D91-4738-9ABD-A991D118A191}" = HiNetRecorder
"{C915F8C1-A885-4289-B1B0-D2E56F1B15C8}_is1" = FlowHeater® 1.1.3
"{CCA3335D-2BA0-4C31-8A90-D6B50CDE452F}" = WISO Mein Geld 2010 Professional
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECB7782-F35F-45CE-97C0-74BBBDC51C22}" = Webcam Video Viewer
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{D9AE5B83-86A9-4D59-9F62-104A884BDAAC}" = hppFaxDrvCM1312
"{DD074614-2EF5-4F41-9073-2769191C0CA0}" = EASY Office
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF30AD3D-50DE-4C6B-9435-56C22A99F9FA}" = hppTLBXFXCM1312
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F412B21E-9FEF-4FFC-ABFC-9DC9C5A69A1B}" = hppManualsCM1312
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FB1DADB7-462D-4163-B803-23EB846F3D8A}" = AbelCam
"{FB557C20-AF8C-471E-AB56-0EBE5ECD007C}" = MySQL Workbench 5.1 OSS
"{FF29ABB2-357B-4A0F-8CD2-ADBFF0BCFB3E}" = YearPlanner
"{FFCB1B04-5B1C-4A17-AA60-CA6F00BA50F9}" = StarMoney
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Amaya" = Amaya
"CCleaner" = CCleaner
"Clickster16341" = Clickster
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"CONVERT_is1" = CONVERT
"CSVed_is1" = CSVed 1.4.8b
"Directory Compare_is1" = Directory Compare
"DiskAid_is1" = DiskAid 3.11
"dt icon module" = 
"Effective-Planner_is1" = Effective-Planner v1.3.0.14
"ElsterFormular  ***unknown variable buildnummer***" = ElsterFormular 
"FastStone Capture" = FastStone Capture 5.3
"FBDBServer_2_1_is1" = Firebird 2.1.3.18185 (Win32)
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"FinePrint" = FinePrint
"Free Download Manager_is1" = Free Download Manager 2.5
"Freez FLV to AVI/MPEG/WMV Converter 1.5_is1" = Freez FLV to AVI/MPEG/WMV Converter
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"Freez iPod Video Converter 1.5_is1" = Freez iPod Video Converter
"Freez Screen Video Capture v1.2_is1" = Freez Screen Video Capture v1.2
"FrostWire" = FrostWire 4.20.6
"FSC External Modem Driver_is1" = FSC External Modem 2.0.1
"GMX SMS-Manager" = GMX SMS-Manager
"gtfirstboot Setting Request" = 
"HDBPPCStd_is1" = HanDBase® for Pocket PC/Windows Mobile v3.5
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IE PassView" = IE PassView
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"ipnetinfo" = ipnetinfo
"IrfanView" = IrfanView (remove only)
"LiveEditor_is1" = LiveEditor 2.0.4
"Macro Mania_is1" = Macro Mania v12.5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = Vaio Marketing Tools
"MessageGroups 1.0" = MessageGroups 1.0
"MFU Module" = 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2005b" = Microsoft Money 2005
"Moo0 SystemMonitor" = Moo0 SystemMonitor 1.38
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mp3 Audio Editor" = Mp3 Audio Editor
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Open Ports Scanner_is1" = Open Ports Scanner 2.4
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Orbit_is1" = Orbit Downloader
"PapierZuPDF" = PapierZuPDF
"PDF Genie 4_is1" = DATA BECKER PDF Genie 4
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"pdfFactory Pro" = pdfFactory Pro
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"Picasa2" = Picasa 2
"ProInst" = Intel(R) PROSet/Wireless Software
"ProMa5_FREE" = ProMa FREEWARE
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PTS Waterfall Charter_is1" = PTS Waterfall Charter 1.11
"Q1" = QTime GmbH Q1
"RedBox_is1" = RedBox 7.0
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Run BASIC v1.01 Free Edition" = Run BASIC v1.01 Free Edition
"s25atonce_is1" = s25atonce 3.6.8
"Security Task Manager" = Security Task Manager 1.7f
"Shop for HP Supplies" = Shop for HP Supplies
"Siemens DCA-140/540 USB Treiber_is1" = Siemens DCA-140/540 USB Treiber 1.0.7
"Signature995" = Signature995
"SopCast" = SopCast 2.0.4
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"TeamViewer 5" = TeamViewer 5
"Total Organizer_is1" = Total Organizer
"TuneUp Utilities" = TuneUp Utilities
"URLSnooper 2_is1" = URL Snooper v2.23.01
"VAIO Help and Support" = 
"VAIO_My Club VAIO" = My Club VAIO
"VAIO_Photoshop" = 
"VAIO_Standard" = 
"Web Page Maker_is1" = Web Page Maker V3.12
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1 beta5
"WISO Mein Geld 2010 Professional" = WISO Mein Geld 2010 Professional
"WYSIWYG_Web_Builder_5" = WYSIWYG Web Builder 5.0 
"XSManager" = XSManager
"Yahoo! Messenger" = Yahoo! Messenger
"yEd Graph Editor 3.4.0.2" = yEd Graph Editor 3.4.0.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"H2" = H2
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         


Alt 24.05.2010, 12:14   #6
rwjstoehr
 
Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert? - Standard

Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?



Und für alle Fälle das Ergebnis von Virus Total für die von Malwarescan gemeldeten Files:
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.05.10 Win32.SuspectCrc!IK
AhnLab-V3 2010.05.23.00 2010.05.22 -
AntiVir 8.2.1.242 2010.05.23 -
Antiy-AVL 2.0.3.7 2010.05.24 -
Authentium 5.2.0.5 2010.05.23 -
Avast 4.8.1351.0 2010.05.23 -
Avast5 5.0.332.0 2010.05.23 -
AVG 9.0.0.787 2010.05.23 -
BitDefender 7.2 2010.05.24 -
CAT-QuickHeal 10.00 2010.05.24 -
ClamAV 0.96.0.3-git 2010.05.22 -
Comodo 4930 2010.05.24 -
DrWeb 5.0.2.03300 2010.05.24 -
eSafe 7.0.17.0 2010.05.23 -
eTrust-Vet 35.2.7506 2010.05.24 -
F-Prot 4.6.0.103 2010.05.23 -
F-Secure 9.0.15370.0 2010.05.24 -
Fortinet 4.1.133.0 2010.05.23 -
GData 21 2010.05.24 -
Ikarus T3.1.1.84.0 2010.05.24 Win32.SuspectCrc
Jiangmin 13.0.900 2010.05.22 -
Kaspersky 7.0.0.125 2010.05.24 -
McAfee 5.400.0.1158 2010.05.24 -
McAfee-GW-Edition 2010.1 2010.05.23 -
Microsoft 1.5802 2010.05.24 -
NOD32 5139 2010.05.23 -
Norman 6.04.12 2010.05.23 -
nProtect 2010-05-23.01 2010.05.23 -
Panda 10.0.2.7 2010.05.23 Generic Malware
PCTools 7.0.3.5 2010.05.24 -
Prevx 3.0 2010.05.24 -
Rising 22.49.00.03 2010.05.24 -
Sophos 4.53.0 2010.05.24 -
Sunbelt 6346 2010.05.24 -
Symantec 20101.1.0.89 2010.05.24 -
TheHacker 6.5.2.0.286 2010.05.24 -
TrendMicro 9.120.0.1004 2010.05.24 CRCK_FPRINT.A
TrendMicro-HouseCall 9.120.0.1004 2010.05.24 CRCK_FPRINT.A
VBA32 3.12.12.5 2010.05.22 -
ViRobot 2010.5.20.2326 2010.05.24 -
VirusBuster 5.0.27.0 2010.05.23 -
weitere Informationen
File size: 64000 bytes
MD5...: fad32224a5cd23ecf23e6e135bfd2228
SHA1..: a00e8313ef227c545b66a3631a88d89516c7c3bf
SHA256: 4ec2a023dcac06eb9e491919a25f283abd8f29f69f3f547588df617fdeed93ae
ssdeep: 1536:H1yTfeQpqZgEYklWga+shtEO8WXWLlq1++VZ:VyjdpggEjWgHEeO8Ww3+VZ

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x33e40
timedatestamp.....: 0x44d4ceac (Sat Aug 05 17:00:28 2006)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x24000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x25000 0xf000 0xf000 7.92 199d65c066fa70419b733a3805e2a6a3
.rsrc 0x34000 0x1000 0x600 1.91 e44c66aa8f1cad7dbf167a4a32323421

( 3 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
> GDI32.dll: CreateSolidBrush
> USER32.dll: EndDialog

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

packers (Kaspersky): UPX
packers (F-Prot): UPX

Alt 24.05.2010, 14:19   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert? - Standard

Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?



Zitat:
Infizierte Dateien:
C:\irgendwo in einem Dateiarchiv\***\keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\irgendwo in einem Dateiarchiv\***\Keygen.exe (RiskWare.Tool.CK) -> No action taken.

Die beiden gemeldeten Dateien wurden nicht auf diesem Rechner geöffnet, sie liegen in einem alten Archiv c:\user\documente\archive\... und werden auch von Norton, Webroot etc. als clean eingestuft. Die waren auch schon vor dem vermeintlichen Befall mit Bifrose/Bitfrost da.
Das mag ja alles sein, aber wenn in den Logs sowas wie Keygen zu sehen ist, wird der Support eingestellt...

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?
adobe, ask.com, becker, bho, bifrose, bifrost, bonjour, browser, datei gelöscht, desktop, downloader, error, excel, explorer, frage, free download, google, hijackthis, hkus\s-1-5-18, infiziert?, internet, internet explorer, intrusion prevention, pc infiziert, photoshop, picasa, registry, rundll, scr file, security, server, software, symantec, system, vista, webroot, windows



Ähnliche Themen: Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?


  1. Zip datei von pay online24.de geöffnet
    Smartphone, Tablet & Handy Security - 28.10.2015 (1)
  2. Wahrscheinlichinfizierte PDF Datei geöffnet
    Überwachung, Datenschutz und Spam - 23.07.2015 (1)
  3. DHL Fake Link geöffnet, ZIP extrahiert und .exe Datei geöffnet
    Plagegeister aller Art und deren Bekämpfung - 02.06.2015 (10)
  4. Infizierte .doc-Datei geöffnet
    Log-Analyse und Auswertung - 18.05.2015 (4)
  5. zip Datei auf Mac geöffnet
    Plagegeister aller Art und deren Bekämpfung - 12.04.2015 (3)
  6. Falsche paypal Mahnung geöffnet, Zip Datei mit Trojaner geöffnet, Avira hat Trojaner gefunden, Ist dann alles sauber?
    Log-Analyse und Auswertung - 18.09.2014 (13)
  7. Zip Datei Inkassounternehmen geöffnet
    Plagegeister aller Art und deren Bekämpfung - 06.08.2014 (6)
  8. Zip-Datei von Rechnungsemail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (13)
  9. Mahnung von www.wahlbusch.de zip-Datei und darin enthaltene Datei geöffnet
    Log-Analyse und Auswertung - 18.04.2013 (7)
  10. Spammail über Googlemail geöffnet (Könnte mein Rechner jetzt infiziert sein?)
    Überwachung, Datenschutz und Spam - 10.01.2013 (12)
  11. Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2010 (7)
  12. PayPal Transaktion ohne mein Einverständis (Bifrost?)
    Plagegeister aller Art und deren Bekämpfung - 13.05.2009 (2)
  13. Bifrose.LA & versteckter Ordner Bifrost
    Plagegeister aller Art und deren Bekämpfung - 16.04.2009 (7)
  14. bin ich mit Bifrost infiziert?
    Log-Analyse und Auswertung - 10.02.2009 (3)
  15. Mein PC total befallen..Backdoor.Win32.Bifrose.zuh usw.
    Plagegeister aller Art und deren Bekämpfung - 15.01.2009 (0)
  16. Bifrost infiziert?
    Log-Analyse und Auswertung - 08.10.2008 (5)
  17. Datei geöffnet, nun Trojaner?
    Log-Analyse und Auswertung - 03.03.2006 (6)

Zum Thema Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert? - Hallo, im Nachhinein habe ich festgestellt, dass die Datei dhm.scr, die ich mit Rechtsklick - "Testen" - ausgeführt habe, Bifrose / Bifrost enthalten könnte. Norton SONAR hat zwar die Ausführung - Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?...
Archiv
Du betrachtest: Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.