TR/Pasmu.JL.1 und TR/Trash.Gen

sonne318600 · 26.08.2010, 15:32

Mein AntiVir Programm hat Alarm gegeben, ich hab schon versucht die Trojaner zu löschen aber sie kommen immer wieder.
Malwarebytes hab ich schon installiert. einen kompletten Scan durchgeführt und auch schon OTL laufen lassen. jetzt steck ich aber irgendwie fest und weiss nicht genau was ich machen soll. Ich wäre sehr froh wenn ihr mir weiterhelfen könntet.
Vielen lieben Dank!

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 26.08.2010 16:02:47 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): c:\pagefile.sys 4557 4557 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.23 Gb Total Space | 142.87 Gb Free Space | 49.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\ExtraFilm Designer CH DE\EFUploadSrv.exe (Textalk AB)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Programme\sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
PRC - C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\J River\Media Jukebox 12\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3745.dll ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (EFUploadSrv) -- C:\Program Files\ExtraFilm Designer CH DE\EFUploadSrv.exe (Textalk AB)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- C:\Windows\System32\DRIVERS\igdkmd32.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
IE - HKU\S-1-5-21-2679933519-2713338840-982745137-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKU\S-1-5-21-2679933519-2713338840-982745137-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2679933519-2713338840-982745137-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2679933519-2713338840-982745137-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2679933519-2713338840-982745137-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2679933519-2713338840-982745137-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.me.com/fam.priller/7!/Blog/Blog.html
IE - HKU\S-1-5-21-2679933519-2713338840-982745137-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2679933519-2713338840-982745137-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2679933519-2713338840-982745137-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.hotmail.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.1.2
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.06.08 00:11:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.08.24 14:06:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.15 00:33:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.31 07:54:28 | 000,000,000 | ---D | M]
 
[2009.05.27 20:21:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.26 14:22:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\o1rpjlsq.default\extensions
[2009.08.24 23:39:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\o1rpjlsq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.05 15:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\o1rpjlsq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.11 11:56:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\o1rpjlsq.default\extensions\2020Player@2020Technologies.com
[2010.06.29 08:21:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\o1rpjlsq.default\extensions\https-everywhere@eff.org
[2010.06.22 13:58:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.22 13:58:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.31 07:54:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.31 07:54:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.31 07:54:24 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.31 07:54:24 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.31 07:54:24 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.01 22:39:15 | 000,000,794 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1                activate.adobe.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2679933519-2713338840-982745137-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2679933519-2713338840-982745137-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2679933519-2713338840-982745137-1003..\Run: [Regedit32] C:\Windows\System32\regedit.exe File not found
O4 - HKU\S-1-5-21-2679933519-2713338840-982745137-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2679933519-2713338840-982745137-1003..\Run: [syncman] c:\users\***\wuaucldt.exe File not found
O7 - HKU\S-1-5-21-2679933519-2713338840-982745137-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2679933519-2713338840-982745137-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2679933519-2713338840-982745137-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.soulrider.com/photoupload/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{056f577d-c2c2-11de-b802-001dbaab3eb0}\Shell\AutoRun\command - "" = G:\.\Naidoo_player.exe -- File not found
O33 - MountPoints2\{68a9f294-ca11-11de-a627-00215def758a}\Shell - "" = AutoRun
O33 - MountPoints2\{68a9f294-ca11-11de-a627-00215def758a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{68a9f2ae-ca11-11de-a627-00215def758a}\Shell - "" = AutoRun
O33 - MountPoints2\{68a9f2ae-ca11-11de-a627-00215def758a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{75aae487-ab34-11de-a56d-001dbaab3eb0}\Shell - "" = AutoRun
O33 - MountPoints2\{75aae487-ab34-11de-a56d-001dbaab3eb0}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{75aae4af-ab34-11de-a56d-001dbaab3eb0}\Shell - "" = AutoRun
O33 - MountPoints2\{75aae4af-ab34-11de-a56d-001dbaab3eb0}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {3E56FA52-19CD-11AB-8CEB-44B870DC47F2} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B1A07EE1-8E65-1D61-E43E-13EA2C756400} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CF3667DC-BBC6-CAF7-FD91-F86D1318AB25} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {DECA83F4-5357-2B42-6CE0-B307FC7DDAED} - Browser Customizations
ActiveX: {E6D8DA05-BB5C-2C84-865C-83AC082114B9} - 
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Programme\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.26 15:13:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.08.26 15:06:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.26 15:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.26 15:05:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.26 15:05:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.17 07:20:37 | 000,000,000 | ---D | C] -- C:\AECS4COMMONPATH
[2010.08.16 08:22:45 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Pinnacle Studio
[2010.08.16 08:20:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Pinnacle
[2010.08.16 08:18:32 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010.08.16 08:13:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Pinnacle
[2010.08.16 08:12:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations
[2010.08.16 08:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate
[2010.08.16 08:07:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects
[2010.08.16 07:57:55 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Pegasus Imaging
[2010.08.16 07:57:51 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Yahoo!
[2010.08.16 07:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 14
[2010.08.16 07:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus
[2010.08.16 07:57:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2010.08.16 07:57:50 | 000,000,000 | ---D | C] -- C:\Programme\Pinnacle
[2010.08.16 07:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2010.08.16 07:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio14Trial
[2010.08.15 00:39:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\No Company Name
[2010.08.15 00:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2010.08.15 00:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2010.08.15 00:28:59 | 000,000,000 | ---D | C] -- C:\Programme\SmartSound Software
[2010.08.14 23:57:05 | 000,000,000 | ---D | C] -- C:\Users\***\Library
[2010.08.14 23:53:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Akamai
[2010.08.14 23:46:22 | 000,000,000 | ---D | C] -- C:\Users\***\Application Data
[2010.08.11 14:00:28 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.11 14:00:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.11 14:00:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.11 14:00:28 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 14:00:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 14:00:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.11 14:00:28 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 14:00:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.11 14:00:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.11 14:00:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.11 14:00:28 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.11 14:00:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 14:00:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 14:00:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 14:00:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 14:00:26 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 14:00:25 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 14:00:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 13:59:59 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 13:59:59 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.05 19:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.08.05 15:26:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVDVideoSoft
[2010.08.05 15:26:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.08.05 15:26:32 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.08.03 16:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.26 16:06:14 | 005,242,880 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.26 15:54:52 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.26 15:54:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.26 15:54:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 15:54:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 15:54:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.26 15:54:31 | 3186,659,328 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.26 15:22:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.26 15:06:20 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.26 14:26:36 | 000,000,001 | ---- | M] () -- C:\Users\***\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.08.26 14:18:06 | 000,002,371 | ---- | M] () -- C:\Users\***\Desktop\Skype.lnk
[2010.08.26 12:46:04 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.26 12:46:04 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.18 08:30:09 | 1773,664,161 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.17 09:34:07 | 000,181,248 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.17 08:14:59 | 001,601,350 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.17 08:14:59 | 000,689,222 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.17 08:14:59 | 000,645,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.17 08:14:59 | 000,150,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.17 08:14:59 | 000,122,436 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.16 19:42:28 | 000,020,624 | ---- | M] () -- C:\Users\***\Desktop\Mietvertrag_Mitsubishi.odt
[2010.08.16 15:07:35 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010.08.16 13:56:00 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk
[2010.08.16 12:56:57 | 000,008,188 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.08.16 12:49:10 | 002,606,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.16 10:40:25 | 000,145,856 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.13 13:11:06 | 000,011,264 | ---- | M] () -- C:\Users\***\Desktop\einschreiben.doc
[2010.08.05 15:26:42 | 000,001,032 | ---- | M] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.31 17:59:19 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.26 15:06:20 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.26 14:26:36 | 000,000,001 | ---- | C] () -- C:\Users\***\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.08.26 14:09:35 | 3186,659,328 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.16 08:07:36 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk
[2010.08.16 07:44:10 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010.08.13 13:51:40 | 000,020,624 | ---- | C] () -- C:\Users\***\Desktop\Mietvertrag_Mitsubishi.odt
[2010.08.13 13:11:02 | 000,011,264 | ---- | C] () -- C:\Users\***\Desktop\einschreiben.doc
[2010.08.05 15:26:42 | 000,001,032 | ---- | C] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.16 12:26:42 | 004,041,728 | ---- | C] () -- C:\Windows\System32\ColoristaRenderer.dll
[2010.03.31 23:04:36 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2009.10.21 20:50:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.20 22:27:27 | 000,000,076 | ---- | C] () -- C:\Windows\System32\llbiirc.dll
[2009.07.07 09:09:01 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2009.07.07 09:09:01 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2009.07.07 09:09:01 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2009.07.07 09:05:19 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009.07.07 09:05:19 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009.05.19 23:34:39 | 000,001,562 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.05.18 19:43:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.05.12 13:52:38 | 000,181,248 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.12 12:20:36 | 000,008,188 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.04.01 16:53:34 | 000,520,192 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll
[2008.12.04 07:09:00 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008.10.23 20:50:56 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
[2008.10.23 20:49:43 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.10.23 20:48:24 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2009.09.17 14:14:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ExtraFilm
[2010.02.01 14:35:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Facebook
[2010.02.11 21:57:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2009.05.12 12:54:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo
[2009.07.20 22:27:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\J River
[2010.08.15 00:39:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\No Company Name
[2010.05.02 18:30:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2009.10.04 11:02:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.08.24 00:39:36 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.08.17 02:44:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2010.08.17 08:12:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2009.07.17 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ArcSoft
[2008.12.04 06:32:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2009.09.14 09:45:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2009.11.20 10:51:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Download Manager
[2009.09.17 14:14:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ExtraFilm
[2010.02.01 14:35:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Facebook
[2010.02.11 21:57:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2009.06.01 21:38:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google
[2009.08.24 14:08:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HP
[2008.01.21 03:43:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2008.12.04 06:30:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2008.12.04 07:14:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intel
[2009.05.12 12:54:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo
[2009.07.20 22:27:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\J River
[2008.12.04 06:38:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2010.08.26 15:13:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2010.01.14 08:27:13 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2009.05.27 20:21:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2010.08.15 00:39:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\No Company Name
[2010.05.02 18:30:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2009.10.04 11:02:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2009.12.29 12:31:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2009.05.20 18:08:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Roxio
[2010.08.26 14:45:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2010.08.26 14:13:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2009.08.25 09:26:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Corporation
[2009.06.08 10:05:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.02.01 14:35:07 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\***\AppData\Roaming\Facebook\uninstall.exe
[2008.05.29 08:03:08 | 000,037,176 | ---- | M] () -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2008.12.04 06:33:41 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
[2008.12.04 06:31:16 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{46D7A7FB-305B-F77D-60F8-8FAE1C432374}\ARPPRODUCTICON.exe
[2010.08.16 08:15:57 | 000,029,926 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2010.03.02 14:08:04 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2010.06.01 11:40:07 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2010.08.26 14:14:27 | 000,456,200 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\setup3.12\setup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.10.07 03:47:13 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< End of report >

--- --- ---

hier noch das logfile von malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4483

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

26.08.2010 18:47:41
mbam-log-2010-08-26 (18-47-41).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 153376
Laufzeit: 40 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

john.doe · 26.08.2010, 18:09

Hallo sonne318600 und

Es fehlt noch die zweite Logdatei von OTL. Falls du eine Logdatei von Avira hast, die bitte auch posten.

Hast du OTL vor oder nach Malwarebytes laufen lassen?

ciao, andreas

sonne318600 · 26.08.2010, 18:18

ich stehe kurz vor Schritt 6 eurer Anleitung aber das gmer.exe wird immer wieder beendet weil anscheinend ein fehler auftritt.
kann ich einfach weitermachen mit schritt 6?

sonne318600 · 26.08.2010, 18:26

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Donnerstag, 26. August 2010 08:53

Es wird nach 2722039 Virenstämmen gesucht.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Abgesicherter Modus
Benutzername : ***
Computername : ***

Versionsinformationen:
BUILD.DAT : 9.0.0.422 21701 Bytes 09.03.2010 10:23:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 19.11.2009 22:17:24
AVSCAN.DLL : 9.0.3.0 49409 Bytes 13.02.2009 11:04:10
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:44
LUKERES.DLL : 9.0.2.0 13569 Bytes 26.01.2009 09:41:59
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 22:17:22
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 22:17:22
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 18:11:28
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 18:34:15
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 14:25:40
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 14:49:41
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 11:25:29
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 05:03:40
VBASE008.VDF : 7.10.9.166 2048 Bytes 23.07.2010 05:03:59
VBASE009.VDF : 7.10.9.167 2048 Bytes 23.07.2010 05:03:59
VBASE010.VDF : 7.10.9.168 2048 Bytes 23.07.2010 05:03:59
VBASE011.VDF : 7.10.9.169 2048 Bytes 23.07.2010 05:03:59
VBASE012.VDF : 7.10.9.170 2048 Bytes 23.07.2010 05:04:00
VBASE013.VDF : 7.10.9.198 157696 Bytes 26.07.2010 05:02:53
VBASE014.VDF : 7.10.9.255 997888 Bytes 29.07.2010 19:41:03
VBASE015.VDF : 7.10.10.28 139264 Bytes 02.08.2010 14:43:54
VBASE016.VDF : 7.10.10.52 127488 Bytes 03.08.2010 14:43:54
VBASE017.VDF : 7.10.10.84 137728 Bytes 06.08.2010 14:44:20
VBASE018.VDF : 7.10.10.107 176640 Bytes 09.08.2010 14:53:15
VBASE019.VDF : 7.10.10.130 132608 Bytes 10.08.2010 16:22:53
VBASE020.VDF : 7.10.10.158 131072 Bytes 12.08.2010 17:28:25
VBASE021.VDF : 7.10.10.190 136704 Bytes 16.08.2010 17:46:55
VBASE022.VDF : 7.10.10.191 2048 Bytes 16.08.2010 17:46:55
VBASE023.VDF : 7.10.10.192 2048 Bytes 16.08.2010 17:46:55
VBASE024.VDF : 7.10.10.193 2048 Bytes 16.08.2010 17:46:55
VBASE025.VDF : 7.10.10.194 2048 Bytes 16.08.2010 17:46:55
VBASE026.VDF : 7.10.10.195 2048 Bytes 16.08.2010 17:46:55
VBASE027.VDF : 7.10.10.196 2048 Bytes 16.08.2010 17:46:55
VBASE028.VDF : 7.10.10.197 2048 Bytes 16.08.2010 17:46:55
VBASE029.VDF : 7.10.10.198 2048 Bytes 16.08.2010 17:46:55
VBASE030.VDF : 7.10.10.199 2048 Bytes 16.08.2010 17:46:55
VBASE031.VDF : 7.10.10.201 13312 Bytes 16.08.2010 17:46:55
Engineversion : 8.2.4.34
AEVDF.DLL : 8.1.2.1 106868 Bytes 30.07.2010 19:43:10
AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 30.07.2010 19:43:06
AESCN.DLL : 8.1.6.1 127347 Bytes 15.05.2010 09:55:11
AESBX.DLL : 8.1.3.1 254324 Bytes 24.04.2010 08:40:36
AERDL.DLL : 8.1.8.2 614772 Bytes 21.07.2010 20:47:20
AEPACK.DLL : 8.2.3.5 471412 Bytes 09.08.2010 14:53:30
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 21.07.2010 20:47:18
AEHEUR.DLL : 8.1.2.11 2834805 Bytes 09.08.2010 14:53:28
AEHELP.DLL : 8.1.13.2 242039 Bytes 21.07.2010 20:47:15
AEGEN.DLL : 8.1.3.19 393587 Bytes 09.08.2010 14:53:19
AEEMU.DLL : 8.1.2.0 393588 Bytes 24.04.2010 08:40:35
AECORE.DLL : 8.1.16.2 192887 Bytes 21.07.2010 20:47:14
AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 08:40:35
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:56
AVPREF.DLL : 9.0.3.0 44289 Bytes 08.09.2009 20:35:47
AVREP.DLL : 8.0.0.7 159784 Bytes 17.02.2010 18:36:50
AVREG.DLL : 9.0.0.0 36609 Bytes 07.11.2008 14:25:04
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:37
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:04
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:28
NETNT.DLL : 9.0.0.0 11521 Bytes 07.11.2008 14:41:21
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 14:35:17
RCTEXT.DLL : 9.0.73.0 87297 Bytes 19.11.2009 22:17:22

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: c:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Donnerstag, 26. August 2010 08:53

Der Suchlauf nach versteckten Objekten wird begonnen.
Der Treiber konnte nicht initialisiert werden.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '16' Prozesse mit '16' Modulen durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '54' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\pagefile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
[HINWEIS] Bei dieser Datei handelt es sich um eine Windows Systemdatei.
[HINWEIS] Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.

Ende des Suchlaufs: Donnerstag, 26. August 2010 10:15
Benötigte Zeit: 1:22:26 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

44745 Verzeichnisse wurden überprüft
649460 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
649459 Dateien ohne Befall
3774 Archive wurden durchsucht
1 Warnungen
1 Hinweise

Ich habe in eurem Forum einen ähnlichen Beitrag gefunden und einfach mal nach dem gehandelt. also Malwarebytes installiert, laufen lassen und dann das OTL laufen lassen. tja und dann wusste ich nicht mehr weiter.

LG Jutta
PS: Bin echt froh dass mir jemand hilft

john.doe · 26.08.2010, 18:38

Zitat:

das gmer.exe wird immer wieder beendet weil anscheinend ein fehler auftritt.

Das passiert häufiger. Wir haben dafür Alternativen.

1.) Poste bitte die Datei Extras.txt von OTL. Die findest du auf deinem Desktop.

2.) Mache noch einen vollständigen Scan mit Malwarebytes und poste das Log.

3.) Rootkitsuche mit SysProt

Lade dir Sysprot auf den Desktop, entpacke es und starte das Tool.
Gehe dort auf den Reiter Log.
Setze nun alle Haken,
auch unten bei Hidden Objects Only
Klicke auf Create Log.
Es erscheint nach einem kurzen Scan die ein Dialogfenster. Wähle dort Scan root drive only
Klicke auf Start.
Wenn der Scan abgeschlossen ist, beende SysProt.
Poste den gesamten Inhalt der "SysProtLog.txt", die auf dem Desktop zu finden ist.

ciao, andreas

sonne318600 · 26.08.2010, 18:48

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 26.08.2010 16:02:47 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): c:\pagefile.sys 4557 4557 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.23 Gb Total Space | 142.87 Gb Free Space | 49.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2679933519-2713338840-982745137-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Manor Foto Service] -- "C:\Program Files\Manor\Manor Foto Service\Manor Foto Service.exe" "%1" ()
Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{087DF26B-E717-416B-BF17-3EFE04B34EEF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1BC0867D-236F-4FD1-B08F-5EF376986820}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{282FC716-3EFD-49C5-9EB9-F4A1F829AD91}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2939B624-2370-48B7-BA7C-A3FC7129E3DB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2AD2EBCE-527F-4F14-B163-C7C98A95F9BC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{42A7AC4B-E64E-4D4D-9E2D-F2AB597CB03C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{837BD776-CD0F-41DA-866D-6D7B2F5C57FF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{89D482C5-78C4-439D-A01F-271C6E015635}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{AC3943A8-98DC-482E-9A20-F57454CA890C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{ADB2D011-C563-4A2C-AF51-80B718DD9D55}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C32033E9-D211-4D15-8E9A-451B60336942}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C65413BC-7738-4F3F-B6BA-3F54325B1A30}" = lport=49174 | protocol=6 | dir=in | name=akamai netsession interface | 
"{EFB64A52-6E39-4969-8CA6-BAA5DE0C2F96}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F67F846F-AC86-44DA-811B-A4A43C1E4C03}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F9AFF1-7CD8-45E5-AFF6-CC17D1A65737}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\sohcimp.exe | 
"{057B6B1D-B118-4A7C-B156-2A06B38FE2CF}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | 
"{0CB984BE-B746-4207-AE32-8DB79D9079F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{10D69BC6-5BED-4F82-A005-C6CD84CA759A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{11B39983-D75F-4038-9D0B-F9583188FE28}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\sohdms.exe | 
"{13D640EF-DCBF-4AF5-A7CE-98BD0F83E613}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{377B3CEC-9D14-4DE0-9369-8CABC3AD7B7D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{4F4547EF-5423-48B9-ABAC-4AE67985B551}" = dir=in | app=f:\setup\hpznui01.exe | 
"{5B4DA60F-2541-47AC-B46A-A5332A20E3D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{5CC2986E-4333-4CA3-B886-F950078FDAA4}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\sohcimp.exe | 
"{614320F5-C745-4368-A6E6-580455E90834}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{64377E15-0EE4-47F9-AB2C-924C28F3FA03}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{6A67FA4E-38C0-4BA1-8BFE-FBABC52D9407}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{6C85F96B-626B-4A8D-B9CC-1C6B98B60E8B}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\sohds.exe | 
"{6D0E7683-B3EB-44B3-BF8F-7121E4693C77}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{71C9120B-B801-46BF-BCD7-4CE7A59CD483}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | 
"{740E0237-706E-4190-9251-AAF4D8928EF2}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\sohdms.exe | 
"{77CFDDF7-E2A5-4F8D-A478-EE50FF80A7D1}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | 
"{786339E5-2650-428C-9762-6BA8E2B8CE19}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8369F8AC-5E06-4B7A-90A1-3BC13EE45794}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{889260B1-5B37-44EB-AA61-31E75AB83B59}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{8E949F9D-4592-437D-B322-227D8065C754}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{98BD7A75-39E3-4C0C-84B0-B3FDD4872DB3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{9F9E013B-143D-4614-AD74-2A79B402E44F}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | 
"{9FB49D3B-5794-4891-A96A-6019CAE2BB8A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B00EA91E-25BC-44A2-A200-27EC36C49ADD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{BB3038D0-458F-499B-AAC5-BB7E7E8D2458}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{C0BAA80A-DB4E-4A09-9D0D-5C2A4189A49C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{C9C68609-FF8C-4C09-B8BC-ECF92DC5F0AB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{CD1318C9-0062-4093-B67C-B8B1E3297308}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{D97622F8-D3F7-4B54-B6CF-84D0F35229CD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DCD152B5-269C-4A16-B360-0BA2EE32FAAD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | 
"{E1EAD949-4BC3-488F-8C70-26B1968DC7AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E478CD48-EDD2-4D9F-B042-2921AA6F740C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E8E9ABCE-3ECD-4FAA-8487-65835CF1D773}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{E98803D5-959D-4C38-9775-B109D2DF498E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{EA76654C-06B6-46C6-A166-CBCA17596F79}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{EB3238F5-69E8-426D-AC53-4D8D3C7C6994}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{F0161055-204D-4ABD-A5FD-A5DC361213B6}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe | 
"{F301377F-908B-4CB5-83CC-7BDEE262B327}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F47ADAF2-E9D7-4246-92FA-1B516B0CD847}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\sohds.exe | 
"{F48CDFB6-4FA3-4322-BF1D-713BD36028E6}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | 
"{F701BC3A-99C6-48E4-860C-26635CD3CBC9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F9C11E90-42C0-434C-8021-0337224BA5DC}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe | 
"TCP Query User{12F3FD11-72BE-4086-B40A-8F56B6C5AAE6}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{3FD70A1A-78B5-4495-B7AD-64C955918846}C:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe | 
"TCP Query User{97755D54-9F0A-405A-B708-67ABA6E68871}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{B9EC0ED8-EB02-4C6E-B807-70BFF84306C2}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{BF5C4CEA-0B28-4956-845C-5D08AED4B3F6}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{D57DA818-71EF-4CBF-97B0-89A2C3AA922C}C:\users\***\downloads\serial.red_giant_magic_bullet_looks_1.4.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\serial.red_giant_magic_bullet_looks_1.4.exe | 
"TCP Query User{D7770E65-D068-4739-AC64-A5AE7EAFE1BA}C:\program files\scotland yard\bin\win32\scotlandyard.exe" = protocol=6 | dir=in | app=c:\program files\scotland yard\bin\win32\scotlandyard.exe | 
"TCP Query User{F40DE065-1A0D-43D6-AD1F-BE92D2D8A244}C:\program files\pinnacle\studio 14\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | 
"UDP Query User{054FD959-9632-49D9-9F40-ACF8D64402A9}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{1643E9CF-8652-4AD8-94F4-087F08343CBE}C:\program files\scotland yard\bin\win32\scotlandyard.exe" = protocol=17 | dir=in | app=c:\program files\scotland yard\bin\win32\scotlandyard.exe | 
"UDP Query User{1EE28AED-813E-421B-BA4A-10EF5FABE2AF}C:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe | 
"UDP Query User{3807347B-C45C-482C-B714-765EDE6F65E4}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{3B3C1E56-0E24-4C49-BA5D-03C96547E700}C:\program files\pinnacle\studio 14\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | 
"UDP Query User{993F33C0-7397-41BC-A4CD-DC5A3858433B}C:\users\***\downloads\serial.red_giant_magic_bullet_looks_1.4.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\serial.red_giant_magic_bullet_looks_1.4.exe | 
"UDP Query User{B9C43ED3-E2D8-47FD-A25E-6AC5E1DD1A9A}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{E54F0ECF-07FD-4F76-A849-BD8D1E66E711}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{018F8F57-B46B-B9B9-C452-DE8F5618434F}" = Catalyst Control Center Graphics Full Existing
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07C93E59-2DE3-1565-28A9-8C848B26D0F5}" = CCC Help German
"{083286D9-7F95-4CE6-B0CD-667BA492D30E}" = Adobe Setup
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{088C7311-A3BB-43C5-B046-C114D2F9728C}" = VAIO Media plus
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A6F9244-8C79-1296-3A43-097F67EB666A}" = Catalyst Control Center Localization Dutch
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1790FDA2-938F-C886-8988-1ECB74E45517}" = Catalyst Control Center Localization Norwegian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19a5dd5e-9675-41ef-b02a-5bdb53fb5557}" = C309a
"{1C815731-19F3-0770-8776-D78D6BEBC291}" = Catalyst Control Center Localization Hungarian
"{1EC06E70-BE43-DAAA-A217-E5C98869B1F8}" = Catalyst Control Center Localization Greek
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{252E50FD-F27C-C8DD-C9E2-D2845A2DC399}" = ATI Catalyst Install Manager
"{25BA8D5A-228A-7192-6FA1-890D9F1C679F}" = CCC Help Korean
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20
"{270F9094-DF19-40C9-9DBE-E2DD37614FDD}" = Adobe Media Encoder CS4 Importer
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2A780209-2A41-4C75-932A-F6F0390D430A}" = Adobe Photoshop CS2 Functional Content
"{2D250E57-9890-44a6-B08F-5C02C991EF24}" = HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B311FB9-5B6A-328C-D7AE-2445D639D886}" = CCC Help Norwegian
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D333C7C-102B-F474-9524-72AAA3F292B8}" = Catalyst Control Center Localization Danish
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4529BC6B-16AE-6829-4946-36C33DBF8DD1}" = Catalyst Control Center Localization French
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{527EB2A4-BF51-B1B6-3F09-2032A861548E}" = Catalyst Control Center Graphics Light
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55C0F7C1-8B6D-CBBD-2B88-EE7261A87254}" = CCC Help Greek
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = 
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{629FD96D-5877-0832-2D31-0EFE781F870D}" = CCC Help Portuguese
"{65173BC2-60E7-4DE8-A61D-A81FCB96EE93}" = Pinnacle Studio Ultimate Plugins
"{652C5DED-9B9F-93D0-5E94-931B8C38EF0E}" = Catalyst Control Center Localization Thai
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6A54CB6A-59D1-6A3A-08F3-E34ECF8905A9}" = Catalyst Control Center Graphics Previews Vista
"{6AA6EEA5-BF09-932B-AC25-0E9CCA4B709A}" = CCC Help Danish
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C4EF0CA-A9DD-96CF-B722-CCDEB589DD26}" = Catalyst Control Center Localization Chinese Traditional
"{6D4673B7-A982-43E5-82E9-13E037681478}" = Click to Disc
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{711D43D7-24FE-A2B7-CC52-A48BCAAF3926}" = Catalyst Control Center Graphics Previews Common
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi-Software
"{73496381-83C9-7BE6-6EB6-4CF97C00E5FD}" = CCC Help Polish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{73F71699-7290-45A4-AD5A-89A2F3CE1084}_is1" = WinWAP Smartphone Browser Emulator
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{740C878C-5B11-4DF0-B220-07D2FDE66BDF}" = Magic Bullet Colorista II 32 Bit
"{75F52FAC-16CE-4A2A-B89A-9742F39A1864}" = VAIO Movie Story
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{79BBD55C-9FF6-D496-8AE6-E2EC2829F974}" = Catalyst Control Center Localization Czech
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7CC28423-465C-F4B9-9379-343DF715BE62}" = CCC Help Swedish
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{80828DF5-270E-F8E6-6274-55ACA4C7E229}" = Catalyst Control Center Localization Japanese
"{819E24AA-DB15-4BA8-8D76-92BDF710610B}" = Adobe Setup
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84037798-D63A-F5CA-9FB2-829B362BF712}" = CCC Help Finnish
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8470A1D9-536E-C7C1-AE2D-24B739B1665A}" = Catalyst Control Center Localization Russian
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{882683C6-8B60-5CBC-38A8-55ED185FD975}" = CCC Help Turkish
"{8843C5E1-51E5-DFA6-1AD8-757C8DCA7E37}" = CCC Help Russian
"{88C596E4-6882-8E76-EBEF-AB739F5A3B69}" = Catalyst Control Center Localization Italian
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C467DE1-6E04-0888-B281-172909C96F37}" = Skins
"{8C7FB08D-7A84-22E0-F553-F6B827023E17}" = CCC Help Chinese Traditional
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F2D688-B8CB-4461-A92D-6B35279DAE8F}" = VAIO Content Folder Watcher
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{93F32124-BB54-C599-CF55-E1E57565BCE3}" = CCC Help Czech
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{96C951BB-47C8-8497-78F0-7D8D328B58E3}" = Catalyst Control Center Localization Portuguese
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{98EEEC57-B4A4-4E0E-80DB-85E251452FBD}" = Adobe Setup
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99A89BD2-21DF-43EB-9024-9A4040F167F5}" = SPSS 16.0 fÃ¼r Windows
"{99D8CD4E-A5D2-A9DF-A152-B28EB5A71F85}" = Catalyst Control Center Localization German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A2052C95-48CC-4AC9-A8D4-FCD89DDD8F2C}" = VAIO Content Folder Watcher
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A939F952-1C7E-CBF8-EE77-CFBD9C6A4ECC}" = ccc-core-static
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA75988E-9EC1-EECE-CE00-D5D935974528}" = CCC Help Dutch
"{AAB061B3-99A6-4EE5-93F4-6EB1F60295C4}" = Adobe Production Studio
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACB5FD4A-6C58-972C-180C-9677C037E71D}" = Catalyst Control Center Localization Chinese Standard
"{ADBDB038-FF77-C672-04A1-7A0E67E8C73C}" = Catalyst Control Center Core Implementation
"{ADECE95F-585D-8B33-BF50-53C2BDA1E241}" = Catalyst Control Center Localization Korean
"{AE0FBCB5-3193-4583-C6CB-AA96F307EA70}" = ccc-utility
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFF10119-F154-4888-77F3-B149DE987976}" = Catalyst Control Center Localization Polish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1991F22-4F93-4D11-9866-A7DFE551DF9E}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B3B7836C-A1AD-4A56-811C-C18ABDE5EAAD}" = Adobe Video Suite Extras
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-0000-0000-0000-EDED00000102}" = Adobe ExtendScript Toolkit 1.0
"{B74D4E10-0000-0000-0000-EDED00000103}" = Adobe ExtendScript Toolkit 1.0
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C767EE67-9AA4-1CBF-8FD4-87F52CBB041D}" = CCC Help Italian
"{C8E57F8C-64FE-28D7-0F65-7BE87AF49745}" = Catalyst Control Center Graphics Full New
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CAE07D54-A400-DAF9-912B-306DD941B61C}" = Catalyst Control Center Localization Finnish
"{CB6CF566-E06F-2556-55EF-EE149FC6EE7F}" = CCC Help French
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D355ECA7-DBF5-F22E-4E1A-BF69CFC5CED8}" = CCC Help Japanese
"{d3c33f97-7936-4301-815f-2cf4ea5a467f}" = PS_AIO_05_C309_Software_Min
"{D44DF260-2D5A-3277-97D6-C97D1A806CF5}" = CCC Help Thai
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5FBA9C1-21D3-4210-A604-CF9E38238F35}" = VAIO Entertainment Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D7019E24-BF07-3690-18C7-3D0DE87D09AB}" = CCC Help Chinese Standard
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7FFE7EB-1A15-864C-B335-E768BF623B84}" = Catalyst Control Center Localization Swedish
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DE1F799A-0A02-FF3B-8786-195E91D0DE94}" = CCC Help Spanish
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E31010F6-DE18-0E9F-E028-FC709306C6F1}" = Catalyst Control Center Localization Turkish
"{E4B4F6AA-0653-4418-A84B-70D437C28A66}" = Adobe Media Encoder CS4 Exporter
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5BD6683-301D-B224-FB7C-320299CD51F9}" = CCC Help Hungarian
"{E9730C7A-E5DA-8222-45FE-2D71E810BE46}" = Catalyst Control Center Localization Spanish
"{EA39F1F5-D4A1-C02A-0865-7F6A95A33A56}" = CCC Help English
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_674de92534e78ca5194a049722987cc" = Adobe Media Encoder CS4 Exporter
"Adobe_6e02d32c7e5a9d9fc86bc91618cafda" = Adobe Premiere Pro CS4 Third Party Content
"Adobe_9107cc52ed6a148a98fad4f22b15a79" = Adobe Media Encoder CS4 Importer
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFG-Big Fish Games Spiel-Suite" = Big Fish Games Spiel-Suite
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dt icon module" = 
"ExtraFilmDesignerCH DE" = ExtraFilm Designer CH DE
"FileZilla Client" = FileZilla Client 3.3.1
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.7
"Google Desktop" = Google Desktop
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{740C878C-5B11-4DF0-B220-07D2FDE66BDF}" = Magic Bullet Colorista II 32 Bit
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Manor Foto Service" = Manor Foto Service
"MarketingTools" = VAIO Marketing Tools
"Media Jukebox 12" = Media Jukebox 12
"MFU Module" = 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Nannoid_is1" = Nannoid 1.0
"OnlineFotoservice" = OnlineFotoservice
"Pet Racer" = Pet Racer
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"RealPlayer 6.0" = RealPlayer
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trapcode Shine Premiere Pro" = Trapcode Shine Premiere Pro
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2679933519-2713338840-982745137-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.07.2010 14:04:36 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1954271
 
Error - 06.07.2010 14:04:37 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.07.2010 14:04:37 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1955285
 
Error - 06.07.2010 14:04:37 | Computer Name = ***| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1955285
 
Error - 06.07.2010 14:04:38 | Computer Name =***| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.07.2010 14:04:38 | Computer Name = ***| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1956284
 
Error - 06.07.2010 14:04:38 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1956284
 
Error - 06.07.2010 14:04:39 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.07.2010 14:04:39 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1957282
 
Error - 06.07.2010 14:04:39 | Computer Name = ***| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1957282
 
[ OSession Events ]
Error - 17.07.2009 18:39:33 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4845
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.09.2009 03:47:10 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6069
 seconds with 2820 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.08.2010 03:12:19 | Computer Name = *** | Source = DCOM | ID = 10005
Description = 
 
Error - 26.08.2010 08:10:21 | Computer Name = ***| Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.08.2010 08:15:33 | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 26.08.2010 08:18:33 | Computer Name = *** | Source = DCOM | ID = 10005
Description = 
 
Error - 26.08.2010 08:18:33 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 26.08.2010 08:18:33 | Computer Name = ***| Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.08.2010 08:42:27 | Computer Name = *** | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 00215DEF758A zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 26.08.2010 08:43:19 | Computer Name = *** | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 00215DEF758A zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 26.08.2010 09:54:37 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 26.08.2010 um 15:52:29 unerwartet heruntergefahren.
 
Error - 26.08.2010 09:54:59 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

sonne318600 · 26.08.2010, 21:27

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4483

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

26.08.2010 22:19:01
mbam-log-2010-08-26 (22-19-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 376424
Laufzeit: 2 Stunde(n), 29 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

sonne318600 · 26.08.2010, 21:34

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: TURBOSCHNÄGGLI:50689
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2740 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:50688
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2740 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:49851
Remote Address: ADSLGO.SSO.BLUEWIN.CH:HTTP
Type: TCP
Process: 5052 (PID)
State: ESTABLISHED

Local Address: TURBOSCHNÄGGLI:49845
Remote Address: A1294.W20.AKAMAI.NET:HTTP
Type: TCP
Process: 5052 (PID)
State: ESTABLISHED

Local Address: TURBOSCHNÄGGLI:49844
Remote Address: WWW-GOOGLE-ANALYTICS.L.GOOGLE.COM:HTTP
Type: TCP
Process: 5052 (PID)
State: ESTABLISHED

Local Address: TURBOSCHNÄGGLI:49843
Remote Address: 212.243.221.231:HTTP
Type: TCP
Process: 5052 (PID)
State: ESTABLISHED

Local Address: TURBOSCHNÄGGLI:49841
Remote Address: SCALER01-CTS.NETLINE.COM:HTTP
Type: TCP
Process: 5052 (PID)
State: FIN_WAIT1

Local Address: TURBOSCHNÄGGLI:49840
Remote Address: MAJORGEEKS.COM:HTTP
Type: TCP
Process: 5052 (PID)
State: LAST_ACK

Local Address: TURBOSCHNÄGGLI:49834
Remote Address: A.TRIBALFUSION.COM:HTTP
Type: TCP
Process: 5052 (PID)
State: ESTABLISHED

Local Address: TURBOSCHNÄGGLI:49830
Remote Address: I79UST-007-SER1-3.BB.IP-PLUS.NET:HTTP
Type: TCP
Process: 1296 (PID)
State: ESTABLISHED

Local Address: TURBOSCHNÄGGLI:49829
Remote Address: E935.G.AKAMAIEDGE.NET:HTTPS
Type: TCP
Process: 1296 (PID)
State: ESTABLISHED

Local Address: TURBOSCHNÄGGLI:49825
Remote Address: 212.243.221.231:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49818
Remote Address: E1303.C.AKAMAIEDGE.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49814
Remote Address: E2943.C.AKAMAIEDGE.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49813
Remote Address: A1521.X.AKAMAI.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49808
Remote Address: A1128.G.AKAMAI.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49807
Remote Address: A1128.G.AKAMAI.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49806
Remote Address: A1128.G.AKAMAI.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49805
Remote Address: A1128.G.AKAMAI.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49804
Remote Address: A1128.G.AKAMAI.NET:HTTP
Type: TCP
Process: 5052 (PID)
State: FIN_WAIT1

Local Address: TURBOSCHNÄGGLI:49802
Remote Address: A1294.W20.AKAMAI.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49797
Remote Address: A1294.W20.AKAMAI.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49790
Remote Address: A.TRIBALFUSION.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49785
Remote Address: A.TRIBALFUSION.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49783
Remote Address: EZ-IN-F105.1E100.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49777
Remote Address: EZ-IN-F156.1E100.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49776
Remote Address: EZ-IN-F155.1E100.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49775
Remote Address: EZ-IN-F155.1E100.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49768
Remote Address: CN1.CLIENT.AKADNS.NET:HTTPS
Type: TCP
Process: 2148 (PID)
State: ESTABLISHED

Local Address: TURBOSCHNÄGGLI:49766
Remote Address: WWW.ASSOC-AMAZON.DE:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49765
Remote Address: EZ-IN-F113.1E100.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: TURBOSCHNÄGGLI:49764
Remote Address: EZ-IN-F113.1E100.NET:HTTP
Type: TCP
Process: 5052 (PID)
State: FIN_WAIT1

Local Address: TURBOSCHNÄGGLI:49165
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2148 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:50689
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2740 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:50688
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2740 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:49235
Remote Address: LOCALHOST:49234
Type: TCP
Process: 5052 (PID)
State: ESTABLISHED

Local Address: TURBOSCHNÄGGLI:49234
Remote Address: LOCALHOST:49235
Type: TCP
Process: 5052 (PID)
State: ESTABLISHED

Local Address: TURBOSCHNÄGGLI:49233
Remote Address: LOCALHOST:49232
Type: TCP
Process: 5052 (PID)
State: ESTABLISHED

Local Address: TURBOSCHNÄGGLI:49232
Remote Address: LOCALHOST:49233
Type: TCP
Process: 5052 (PID)
State: ESTABLISHED

Local Address: TURBOSCHNÄGGLI:49198
Remote Address: LOCALHOST:27015
Type: TCP
Process: 4884 (PID)
State: ESTABLISHED

Local Address: TURBOSCHNÄGGLI:27015
Remote Address: LOCALHOST:49198
Type: TCP
Process: 2176 (PID)
State: ESTABLISHED

Local Address: TURBOSCHNÄGGLI:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2176 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:9423
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2148 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:9422
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2148 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:9421
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2148 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2220 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:4664
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4724 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:51493
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1340 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:49172
Remote Address: 0.0.0.0:0
Type: TCP
Process: 752 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:49170
Remote Address: 0.0.0.0:0
Type: TCP
Process: 744 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1296 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: 764 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1224 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: 704 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:8001
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1060 (PID)
State: LISTENING

Local Address: TURBOSCHNÄGGLI:61737
Remote Address: NA
Type: UDP
Process: 2148 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:61736
Remote Address: NA
Type: UDP
Process: 2148 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:5353
Remote Address: NA
Type: UDP
Process: 2220 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:SSDP
Remote Address: NA
Type: UDP
Process: 2740 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:SSDP
Remote Address: NA
Type: UDP
Process: 2740 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:SSDP
Remote Address: NA
Type: UDP
Process: 2756 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:SSDP
Remote Address: NA
Type: UDP
Process: 1484 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:SSDP
Remote Address: NA
Type: UDP
Process: 1340 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:427
Remote Address: NA
Type: UDP
Process: 2032 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:138
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:63636
Remote Address: NA
Type: UDP
Process: 1296 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:62362
Remote Address: NA
Type: UDP
Process: 2148 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:62361
Remote Address: NA
Type: UDP
Process: 2148 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:61735
Remote Address: NA
Type: UDP
Process: 2148 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:58862
Remote Address: NA
Type: UDP
Process: 1484 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:SSDP
Remote Address: NA
Type: UDP
Process: 2740 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:SSDP
Remote Address: NA
Type: UDP
Process: 2756 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:SSDP
Remote Address: NA
Type: UDP
Process: 1484 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:SSDP
Remote Address: NA
Type: UDP
Process: 2740 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:60557
Remote Address: NA
Type: UDP
Process: 2220 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:51493
Remote Address: NA
Type: UDP
Process: 1340 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:46151
Remote Address: NA
Type: UDP
Process: 2756 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:46150
Remote Address: NA
Type: UDP
Process: 2756 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:LLMNR
Remote Address: NA
Type: UDP
Process: 2016 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:MS-SQL-M
Remote Address: NA
Type: UDP
Process: 2792 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:427
Remote Address: NA
Type: UDP
Process: 2032 (PID)
State: NA

Local Address: TURBOSCHNÄGGLI:123
Remote Address: NA
Type: UDP
Process: 1484 (PID)
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found

so...endlich geschafft. bin ja mal gespannt was du alles aus diesen hieroglyphen lesen kannst :-)

vielen dank schon mal für deine geduld und zeit!
Jutta

john.doe · 26.08.2010, 21:50

Sieht gut aus.

Bis auf:

Zitat:

"TCP Query User{D57DA818-71EF-4CBF-97B0-89A2C3AA922C}C:\users\***\downloads\serial.red_giant_magic_bullet_looks_1.4.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\serial.red_giant_magic_bullet_looks_1.4.exe |

Wie geht es dem Rechner? Noch irgendwelche Auffälligkeiten oder Meldungen?

ciao, andreas

sonne318600 · 26.08.2010, 22:05

nein, bis jetzt keine meldungen. er ist einfach sehr langsam. aber das ist vielleicht ein anderes problem.
sollte ich immer wieder 2-3x am tag das antiVir laufen lassen? oder wie kann ich mir sicher sein dass da nichts mehr da ist?
hat schon ein paarmal so ausgesehen als wäre der trojaner weg....und schwupps...da war er wieder.

was kann man noch machen?
was schlägst du vor?

lieben gruss
Jutta

john.doe · 26.08.2010, 22:12

Zitat:

O1 - Hosts: 127.0.0.1 activate.adobe.com

Ganz simpel => http://www.trojaner-board.de/51262-a...sicherung.html

Danach in Zukunft keine gestohlene Software einsetzen, denn die angeblichen Keygens oder Patches sind (fast) alle verseucht.

Ich bin raus,
Andreas

sonne318600 · 27.08.2010, 17:55

this was the shit I downloaded.
C:\users\***\downloads\serial.red_giant_magic_bullet_looks_1.4.exe
-->zitat des downloaders

heisst das jetzt dass der computer befreit ist vom trojaner? versteh ich das richtig?
soll ich noch deine ganz-simpel-anleitung machen? :-)
oder ist das nicht unbedingt notwendig?

Vielen herzlichen Dank für deine Hilfe und Unterstützung!!!

Jutta

john.doe · 27.08.2010, 18:07

Das war nur eines von weiteren. Der Eintrag O1 - Hosts: 127.0.0.1 activate.adobe.com ist eindeutig die gestohlene Adobe Master Collection.

Falls du dir den Spaß machen möchtest, gib in Google keygen adobe master collection ein. Lade dir die ersten 10 Funde herunter (nicht starten!) und lasse sie bei Virustotal auswerten. Sollte auch nur einer dabei sein, der nicht von allen als Schädling erkannt wird, hast du den Jackpot gezogen.

Üblicherweise endet der Support bei Fund von Keygens, Cracks, Patches usw., denn
a) leisten wir hier keine Beihilfe zum Diebstahl und
b) wissen wir Helfer alle, dass (fast) alle Keygens verseucht sind. Wer damit arbeitet versaut sich den Rechner vorsätzlich.

Bist du zufälligerweise die Mutter von dem Helden?

ciao, andreas

sonne318600 · 27.08.2010, 19:05

oh nein, das wusste ich nicht! bin nicht die computer-checkerin.
ich bin die freundin des herrn downloaders. und leider ist es mein laptop!

heisst das, dass ich jetzt selber schauen muss wie ich zurecht komme?
kann verstehen dass ihr keine beihilfe leisten wollt.

Vielen Dank trotzdem!

Jutta

TR/Pasmu.JL.1 und TR/Trash.Gen

Plagegeister aller Art und deren Bekämpfung: TR/Pasmu.JL.1 und TR/Trash.Gen