Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Combofix Log Computer verseucht?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.07.2010, 17:25   #1
totalegal
 
Combofix Log Computer verseucht? - Standard

Combofix Log Computer verseucht?



Sehr geehrtes Trojaner-Board Team,

weil ich gute Erfahrungen mit ComboFix gemacht habe, führte ich das Programm auf dem Rechner einer Kollegin aus.

Es wurde keine Rootaktivität festgestellt. Soll ich andere Logs posten oder lässt sich anhand dieses Logs schon beurteilen, ob der Computer clean ist?

Hier ist das Log:

Code:
ATTFilter
ComboFix 10-07-11.05 - *** 12.07.2010  17:11:52.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1014.687 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\xpsp1hfm.log

.
(((((((((((((((((((((((   Dateien erstellt von 2010-06-12 bis 2010-07-12  ))))))))))))))))))))))))))))))
.

2010-06-16 08:38 . 2010-06-16 08:38	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Vodafone Mobile Connect
2010-06-14 13:51 . 2009-08-18 10:07	8064	----a-r-	c:\windows\system32\drivers\gtptser.sys
2010-06-14 13:51 . 2009-08-18 10:07	37120	----a-r-	c:\windows\system32\drivers\gtuqbus.sys
2010-06-14 13:51 . 2010-06-14 13:51	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\FLEXnet
2010-06-14 13:38 . 2010-06-14 13:38	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Vodafone
2010-06-14 13:32 . 2009-08-18 10:06	9728	----a-r-	c:\windows\system32\drivers\massfilter.sys
2010-06-14 13:32 . 2008-11-07 16:55	16928	------w-	c:\windows\system32\spmsgXP_2k3.dll
2010-06-14 13:31 . 2010-06-14 13:31	--------	d-----w-	c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Vodafone
2010-06-14 13:30 . 2010-06-14 13:43	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Vodafone
2010-06-14 13:30 . 2010-06-14 13:30	--------	d-----w-	c:\programme\Vodafone
2010-06-14 13:30 . 2010-06-14 13:30	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\FLEXnet
2010-06-14 13:29 . 2010-06-14 13:29	--------	d-----w-	c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{C624CFCE-1F83-4891-AE02-5827A7445DF8}
2010-06-14 06:51 . 2010-06-14 06:51	--------	d-----w-	c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PCHealth

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 15:06 . 2010-02-05 10:27	--------	d---a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-07-12 14:59 . 2010-02-10 09:52	--------	d-----w-	c:\programme\Spyware Doctor
2010-07-12 13:39 . 2010-02-05 11:45	--------	d-----w-	c:\programme\Mozilla Thunderbird
2010-07-01 09:17 . 2005-11-21 02:33	95872	----a-w-	c:\windows\system32\perfc007.dat
2010-07-01 09:17 . 2005-11-21 02:33	485542	----a-w-	c:\windows\system32\perfh007.dat
2010-06-14 13:32 . 2010-06-14 13:32	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2010-06-14 13:32 . 2010-06-14 13:32	0	---ha-w-	c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-01 13:01 . 2010-02-05 12:11	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\HpUpdate
2010-05-06 10:31 . 2005-11-21 02:33	916480	----a-w-	c:\windows\system32\wininet.dll
2010-05-02 08:05 . 2005-11-21 02:33	1851392	----a-w-	c:\windows\system32\win32k.sys
2010-04-20 05:29 . 2005-11-21 02:32	285696	----a-w-	c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\programme\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"TrueImageMonitor.exe"="c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5140960]
"Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2009-11-12 362032]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"MobileConnect"="c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2010-03-24 2499584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42	73728	----a-w-	c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2005-03-03 20:47	483328	----a-w-	c:\programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 09:43	69632	----a-w-	c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-07 08:21	114688	----a-w-	c:\programme\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-04-29 05:56	45056	----a-w-	c:\programme\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:22	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57	369200	----a-w-	c:\programme\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	c:\programme\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-06-29 05:33	77824	----a-w-	c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17	49152	----a-w-	c:\programme\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-06-29 05:33	94208	----a-w-	c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 13:12	32768	----a-w-	c:\programme\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2002-03-14 15:46	45056	----a-w-	c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22	1695232	------w-	c:\programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-06-09 07:56	6746112	----a-w-	c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-06-29 05:33	114688	----a-w-	c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-06-29 04:25	14720000	----a-w-	c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2005-10-19 21:07	184320	----a-w-	c:\programme\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 5]
2009-12-08 20:04	1324400	----a-w-	c:\programme\Sony\VAIO Update 5\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VzFw"=2 (0x2)
"VzCdbSvc"=2 (0x2)
"VUAgent"=3 (0x3)
"Vcsw"=3 (0x3)
"VCI"=2 (0x2)
"VAIOMediaPlatform-Mobile-Gateway"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-AppServer"=3 (0x3)
"VAIO Event Service"=2 (0x2)
"VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
"SSScsiSV"=3 (0x3)
"SPTISRV"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"MSCSPTISRV"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"Image Converter video recording monitor for VAIO Entertainment"=3 (0x3)
"idsvc"=3 (0x3)
"EvtEng"=2 (0x2)
"AdobeActiveFileMonitor4.0"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Drivers\\HpUpdate\\7zS7F74\\setup\\HPZnui01.exe"=

R0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [11.03.2010 09:36 13184]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10.02.2010 11:53 207792]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [10.02.2010 13:15 911680]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe [10.02.2010 13:15 2480048]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [10.02.2010 11:55 112592]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [25.03.2010 01:32 9216]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [10.02.2010 13:15 160288]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [14.06.2010 15:51 37120]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [10.02.2010 11:52 359624]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [01.03.2010 18:35 80000]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04.02.2010 19:11 691696]
S4 VUAgent;VUAgent;c:\programme\Sony\VAIO Update 5\VUAgent.exe [04.02.2010 16:54 673136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2005-11-21 c:\windows\Tasks\Symantec NetDetect.job
- c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2005-11-21 14:39]

2010-07-12 c:\windows\Tasks\User_Feed_Synchronization-{C8C916A8-AFEA-42FD-9A4F-5BE9D5B7D04C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google-Suche - c:\programme\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Ins Deutsche übersetzen - c:\programme\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Im Cache gespeicherte Seite - c:\programme\Google\GoogleToolbar1.dll/cmcache.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Verweisseiten - c:\programme\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Ähnliche Seiten - c:\programme\Google\GoogleToolbar1.dll/cmsimilar.html
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-Shop for HP Supplies - c:\programme\HP\Digital Imaging\HPSSupply\hpzscr01.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-12 17:16
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\VESWinlogon.dll
.
Zeit der Fertigstellung: 2010-07-12  17:19:09
ComboFix-quarantined-files.txt  2010-07-12 15:18

Vor Suchlauf: 7 Verzeichnis(se), 17.370.259.456 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 18.984.464.384 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 53CE0E663C7CFD212816757E4016533E
         

Alt 12.07.2010, 19:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Combofix Log Computer verseucht? - Standard

Combofix Log Computer verseucht?



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 19.07.2010, 16:00   #3
totalegal
 
Combofix Log Computer verseucht? - Standard

Combofix Log Computer verseucht?



Habe OTL angeworfen während Malwarebytes lief. Hoffe das führt nicht zu Problemen. Hier die Logs:

Code:
ATTFilter
OTL logfile created on: 19.07.2010 15:52:51 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 352,00 Mb Available Physical Memory | 35,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 16,61 Gb Free Space | 44,57% Space Free | Partition Type: NTFS
Drive D: | 30,28 Gb Total Space | 29,93 Gb Free Space | 98,85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe (Bytemobile, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (afcdpsrv) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Browser Defender Update Service) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (S24EventMonitor) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PCASp50) -- C:\WINDOWS\System32\Drivers\PCASp50.sys File not found
DRV - (catchme) -- C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\WINDOWS\system32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (vodafone_K3805-z_dc_enum) -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone)
DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (GTUQBUS) -- C:\WINDOWS\system32\drivers\gtuqbus.sys (Option N.V.)
DRV - (GTPTSER) -- C:\WINDOWS\system32\drivers\gtptser.sys (Option N.V.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (tifmsony) -- C:\WINDOWS\system32\drivers\tifmsony.sys (Texas Instruments)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (LEX_AS_NIC_SERVICE_YNOS) -- C:\WINDOWS\system32\drivers\ExpasAG.sys (Atheros Communications, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.06.14 15:30:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.07.16 14:39:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.02.05 13:45:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.02.05 13:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
 
O1 HOSTS File: ([2010.07.12 17:16:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.11.21 12:46:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.19 15:33:37 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.07.19 15:32:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2010.07.19 15:32:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.19 15:32:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.19 15:32:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.19 15:32:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.19 15:32:03 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe
[2010.07.14 14:15:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc
[2010.07.14 14:12:50 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2010.07.14 14:04:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.07.14 10:12:55 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.12 17:10:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.07.12 17:07:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.07.12 17:07:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.07.12 17:07:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.07.12 17:07:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.07.12 17:07:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.07.12 17:02:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.19 15:33:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.07.19 15:32:28 | 000,000,680 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.19 15:32:14 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe
[2010.07.19 15:01:43 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C8C916A8-AFEA-42FD-9A4F-5BE9D5B7D04C}.job
[2010.07.19 14:21:01 | 000,039,936 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\GmbH - Formular.DOC
[2010.07.19 08:24:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.19 08:24:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.19 08:24:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.19 08:24:00 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.17 16:44:24 | 003,407,872 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.07.17 16:44:24 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.07.12 17:16:46 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.12 17:16:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.07.12 17:11:05 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.07.09 12:02:39 | 000,187,392 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Linckersdorff- Liste city.doc
[2010.07.02 19:01:12 | 000,023,552 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Bank Austria-Erträgnisaufstellung.doc
[2010.07.02 10:28:49 | 000,002,533 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone Mobile Connect.lnk
[2010.07.01 11:17:27 | 001,093,884 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.01 11:17:27 | 000,485,542 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.07.01 11:17:27 | 000,462,192 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.01 11:17:27 | 000,095,872 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.07.01 11:17:27 | 000,079,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.19 15:32:28 | 000,000,680 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.12 17:11:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.07.12 17:11:01 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.07.12 17:07:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.12 17:07:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.07.12 17:07:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.07.12 17:07:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.12 17:07:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.03.01 12:56:59 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010.02.10 11:55:30 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010.02.10 11:55:30 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.02.05 14:35:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010.02.04 19:11:50 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.02.03 18:08:10 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.02.03 17:54:55 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2010.02.03 17:50:59 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.04.09 15:47:02 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\CallSimReader.dll
[2009.04.09 15:46:02 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\SimReader.dll
[2008.01.14 18:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2005.11.22 10:49:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.11.21 17:53:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.11.21 17:53:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005.11.21 17:53:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005.11.21 17:53:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005.11.21 17:53:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005.11.21 17:53:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005.11.21 17:40:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005.11.21 16:10:44 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
[2005.11.21 13:11:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.11.21 04:33:30 | 000,004,152 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.11.01 10:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 217 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D282699C
@Alternate Data Stream - 201 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 19.07.2010 15:52:52 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\G***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 352,00 Mb Available Physical Memory | 35,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 16,61 Gb Free Space | 44,57% Space Free | Partition Type: NTFS
Drive D: | 30,28 Gb Total Space | 29,93 Gb Free Space | 98,85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: G***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Yahoo!\Messenger\YPager.exe" = C:\Programme\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Programme\Yahoo!\Messenger\YServer.exe" = C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Drivers\HpUpdate\7zS7F74\setup\HPZnui01.exe" = C:\Drivers\HpUpdate\7zS7F74\setup\HPZnui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3a6f8a27-fa78-48a4-bbd1-399b000bcc9a}" = C8100_Help
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu 4.x for Office 2007
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update 5
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91252C0A-59F9-42F9-9181-B9CC74F592C0}" = Vodafone Mobile Connect
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9CF6A157-F0E8-4216-B229-C0CA8204BE2C}_is1" = Copy Handler 1.31 Final
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-0000-7EC8-7489-000000000702}" = Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
"{AC76BA86-0000-7EC8-7489-000000000703}" = Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000704}" = Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBFFB027-7D53-4E1B-95BC-35A2216D1D60}" = VAIO Long Battery Life Wallpaper
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDAC27F9-8293-465f-A4B0-011F1D38BBA1}" = RoxioShim
"{DF204E20-C29C-4434-BCFE-D9BAF76CEF8D}" = Sun ODF Plugin for Microsoft Office 3.1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EF3F9770-CA7B-4c5d-8A98-49AB97216546}" = C8100
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Skype_is1" = Skype 1.4
"Spyware Doctor" = Spyware Doctor 7.0
"VLC media player" = VLC media player 1.1.0
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Messenger" = Yahoo! Messenger
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.07.2010 05:14:08 | Computer Name = *** | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 vmcservice.exe, P2 9.4.9.22273, P3 4baaaf0f,
 P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 3580, P8 24, P9 system.io.filenotfoundexception,
 P10 NIL.
 
Error - 01.07.2010 05:15:21 | Computer Name = *** | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 vmcservice.exe, P2 9.4.9.22273, P3 4baaaf0f,
 P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 3580, P8 24, P9 system.io.filenotfoundexception,
 P10 NIL.
 
Error - 02.07.2010 11:47:03 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 02.07.2010 11:47:16 | Computer Name = *** | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich 1180947459.
 
Error - 07.07.2010 12:47:31 | Computer Name = *** | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 09.07.2010 05:10:23 | Computer Name = *** | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6425.1000, stamp 49d64d22,
 faulting module mso.dll, version 12.0.6425.1000, stamp 49d65443, debug? 0, fault
 address 0x0030fcae.
 
Error - 09.07.2010 12:29:17 | Computer Name = *** | Source = VMCService | ID = 0
Description = GetProcessOwner
 
Error - 12.07.2010 02:38:55 | Computer Name = *** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 12.07.2010 02:38:55 | Computer Name = *** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 12.07.2010 10:45:29 | Computer Name = *** | Source = sdCoreService | ID = 0
Description = 
 
[ OSession Events ]
Error - 26.04.2010 09:03:44 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 47
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.06.2010 10:52:19 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1719
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2010 05:10:15 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1486
 seconds with 600 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19.07.2010 06:28:40 | Computer Name = *** | Source = Srv | ID = 2011
Description = Der Konfigurationsparameter "irpstacksize" des Servers ist zu klein,
 um ein lokales Gerät zu verwenden. Vergrößern Sie den Wert dieses Parameters.
 
Error - 19.07.2010 06:28:40 | Computer Name = *** | Source = Srv | ID = 2011
Description = Der Konfigurationsparameter "irpstacksize" des Servers ist zu klein,
 um ein lokales Gerät zu verwenden. Vergrößern Sie den Wert dieses Parameters.
 
Error - 19.07.2010 06:28:40 | Computer Name = *** | Source = Srv | ID = 2011
Description = Der Konfigurationsparameter "irpstacksize" des Servers ist zu klein,
 um ein lokales Gerät zu verwenden. Vergrößern Sie den Wert dieses Parameters.
 
Error - 19.07.2010 06:28:40 | Computer Name = *** | Source = Srv | ID = 2011
Description = Der Konfigurationsparameter "irpstacksize" des Servers ist zu klein,
 um ein lokales Gerät zu verwenden. Vergrößern Sie den Wert dieses Parameters.
 
Error - 19.07.2010 06:28:40 | Computer Name = *** | Source = Srv | ID = 2011
Description = Der Konfigurationsparameter "irpstacksize" des Servers ist zu klein,
 um ein lokales Gerät zu verwenden. Vergrößern Sie den Wert dieses Parameters.
 
Error - 19.07.2010 06:28:40 | Computer Name = *** | Source = Srv | ID = 2011
Description = Der Konfigurationsparameter "irpstacksize" des Servers ist zu klein,
 um ein lokales Gerät zu verwenden. Vergrößern Sie den Wert dieses Parameters.
 
Error - 19.07.2010 06:28:40 | Computer Name = *** | Source = Srv | ID = 2011
Description = Der Konfigurationsparameter "irpstacksize" des Servers ist zu klein,
 um ein lokales Gerät zu verwenden. Vergrößern Sie den Wert dieses Parameters.
 
Error - 19.07.2010 06:28:40 | Computer Name = *** | Source = Srv | ID = 2011
Description = Der Konfigurationsparameter "irpstacksize" des Servers ist zu klein,
 um ein lokales Gerät zu verwenden. Vergrößern Sie den Wert dieses Parameters.
 
Error - 19.07.2010 06:28:40 | Computer Name = *** | Source = Srv | ID = 2011
Description = Der Konfigurationsparameter "irpstacksize" des Servers ist zu klein,
 um ein lokales Gerät zu verwenden. Vergrößern Sie den Wert dieses Parameters.
 
Error - 19.07.2010 06:28:40 | Computer Name = *** | Source = Srv | ID = 2011
Description = Der Konfigurationsparameter "irpstacksize" des Servers ist zu klein,
 um ein lokales Gerät zu verwenden. Vergrößern Sie den Wert dieses Parameters.
 
 
< End of report >
         
__________________

Alt 20.07.2010, 13:06   #4
totalegal
 
Combofix Log Computer verseucht? - Standard

Combofix Log Computer verseucht?



Malwarebytes Log:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4326

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.07.2010 16:27:23
mbam-log-2010-07-19 (16-27-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 207755
Laufzeit: 54 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Alt 21.07.2010, 18:28   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Combofix Log Computer verseucht? - Standard

Combofix Log Computer verseucht?



Sieht ok aus. Noch Probleme?

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.07.2010, 15:18   #6
totalegal
 
Combofix Log Computer verseucht? - Standard

Combofix Log Computer verseucht?



Danke für die Analyse. Es waren Probleme vorhanden, aber die Symptome sind mittlerweile verschwunden. Melde mich dann wieder sollte es erneut zu Problemen kommen.

Vielen Dank!

Antwort

Themen zu Combofix Log Computer verseucht?
adobe, browser, combofix, computer, converter, defender, desktop, einstellungen, excel, home, malware, mozilla, mssql, opera, programm, programme, realtek, scan, software, sptd.sys, spyware, svchost, symantec, system, trojaner-board, vodafone, windows, windows recovery, windows xp, winlogon.exe



Ähnliche Themen: Combofix Log Computer verseucht?


  1. Computer ist mit Trojan.0Access verseucht
    Plagegeister aller Art und deren Bekämpfung - 09.06.2015 (20)
  2. Windows 7 - Home 64bit - Computer total verseucht
    Log-Analyse und Auswertung - 28.07.2014 (7)
  3. Windows EXTREMST langsam - seit Kaperskyupdate Bluescreens (Kapersky meinte Computer verseucht)
    Log-Analyse und Auswertung - 16.04.2014 (5)
  4. Computer war mit Trojanern und Maleware verseucht
    Log-Analyse und Auswertung - 26.01.2014 (11)
  5. Combofix - aktueller Installer verseucht?
    Diskussionsforum - 31.01.2013 (6)
  6. Mein Computer ist verseucht, aber kein Virenprogramm kann etwas finden
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (4)
  7. 3 Benutzerprofile--Eines davon verseucht---Computer gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (11)
  8. WinXP verseucht: "...ihr Computer wurde gesperrt... Bundespolizei..."
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (1)
  9. Mein Computer wurde angegriffen. Laptop auch verseucht?
    Plagegeister aller Art und deren Bekämpfung - 28.05.2011 (1)
  10. Computer verseucht - gründlich säubern?
    Log-Analyse und Auswertung - 16.05.2011 (22)
  11. Computer verseucht oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (9)
  12. Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!
    Log-Analyse und Auswertung - 28.09.2010 (35)
  13. Computer verseucht. Werbefenster öffnet sich immer wieder.
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (2)
  14. Computer total verseucht, Bitte um Auswertung der Logfile
    Log-Analyse und Auswertung - 29.07.2007 (10)
  15. Computer total verseucht, bitte helfen
    Log-Analyse und Auswertung - 22.07.2007 (6)
  16. is mein computer verseucht?!
    Log-Analyse und Auswertung - 31.03.2005 (9)
  17. Computer verseucht?? Spyware, kazaa läuft nicht
    Plagegeister aller Art und deren Bekämpfung - 12.02.2005 (9)

Zum Thema Combofix Log Computer verseucht? - Sehr geehrtes Trojaner-Board Team, weil ich gute Erfahrungen mit ComboFix gemacht habe, führte ich das Programm auf dem Rechner einer Kollegin aus. Es wurde keine Rootaktivität festgestellt. Soll ich andere - Combofix Log Computer verseucht?...
Archiv
Du betrachtest: Combofix Log Computer verseucht? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.