| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.08.2010, 00:11
| #1 |
 |  BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. Hallo zusammen, ich habe seit einigen Tagen das Problem, dass mein Firefox nicht mehr richtig funktioniert. Ich dachte erst, es hängt mit meinem Provider zusammen, habe dann festgestellt, dass ich einige Viren auf dem PC habe. Auch IE funktioniert nicht richtig. Mit Opera kann ich dagegen surfen. Mein Betriebssystem ist Windows XP und als Antivirenprogramm nutze ich Avira Antivir Personal freeware. Dieses hat bei mir folgende Viren gefunden: BDS/Buterat.UQ, TR/Spy.ZBot.angq, TR/Spy.ZBot.anfw und TR/Spy.ZBot.ancv. Diese befinden sich alle in vergleichbaren Ordnern (z.B. C:\System Volume Information\_restore{...}\RP565\A0148476.exe). Der Virus JAVA/Agent.M.1 befand sich im Ordner C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\Cache\6.0\52\1f334a74... . Ich wäre sehr dankbar, wenn Ihr mir helfen könntet meinen PC wieder clean zu bekommen. Vielen Dank im Voraus! Gruß Anton Hier die verschiedenen Scans: Hijackthis Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:10:40, on 28.08.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\eHome\ehSched.exe C:\Programme\Java\jre1.6.0_20\bin\jqs.exe C:\WINDOWS\system32\lkcitdl.exe C:\WINDOWS\system32\lkads.exe C:\WINDOWS\system32\lktsrv.exe C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\WINDOWS\Explorer.EXE C:\Programme\NI\MAX\nimxs.exe C:\Programme\NI\multisim\Shared\Security\nidmsrv.exe C:\WINDOWS\system32\nisvcloc.exe C:\Programme\NI\multisim\Shared\Tagger\tagsrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Sony\VAIO Event Service\VESMgr.exe C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Programme\Apoint\Apoint.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\ICO.EXE C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Programme\Sony\VAIO Power Management\SPMgr.exe C:\Programme\Sony\ISB Utility\ISBMgr.exe C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\Mouse Driver\mouse_2k.exe C:\Programme\DivX\DivX Update\DivXUpdate.exe C:\Programme\Apoint\Apntex.exe C:\Programme\Canon\MyPrinter\BJMyPrt.exe C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\dllhost.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Sandboxie\SbieCtrl.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\Secunia\PSI\psi.exe C:\Programme\Avira\AntiVir Desktop\avcenter.exe C:\Programme\Opera\opera.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.6.0_20\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre1.6.0_20\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DMS-Kalenderchen] C:\Programme\Kalenderchen\Kalenderchen.exe /autorun O4 - HKLM\..\Run: [CreativeMouse ] C:\Programme\Mouse Driver\mouse_2k.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [SandboxieControl] "C:\Programme\Sandboxie\SbieCtrl.exe" O4 - HKCU\..\Run: [{AD4A7A1C-D8D2-B24C-3834-F7F47AFC7BCD}] "C:\Dokumente und Einstellungen\***\Anwendungsdaten\Qokou\lehu.exe" O4 - HKCU\..\Run: [Skype] "C:\Programmme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1613402728-2951890156-2530141515-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'postgres') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Startup: Secunia PSI.lnk = C:\Programme\Secunia\PSI\psi.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: WISO Mein Sparbuch heute.lnk = C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .app: C:\WINDOWS\npMausPlugin.dll O14 - IERESET.INF: START_PAGE_URL=hxxp://www.club-vaio.com/de/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - hxxp://www.vexcast.com/download/vexcast.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AAV UpdateService - Unknown owner - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programme\Sony\Image Converter 2\IcVzMon.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre1.6.0_20\bin\jqs.exe O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Programme\NI\MAX\nimxs.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Programme\NI\multisim\Shared\Security\nidmsrv.exe O23 - Service: NILM License Manager - Macrovision Corporation - C:\Programme\NI\multisim\Shared\License Manager\Bin\lmgrd.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Programme\NI\multisim\Shared\Tagger\tagsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Programme/PostgreSQL/8.4/bin/pg_ctl.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 18753 bytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4491
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
28.08.2010 01:00:16
mbam-log-2010-08-28 (01-00-16).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 181824
Laufzeit: 12 Minute(n), 17 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{ad4a7a1c-d8d2-b24c-3834-f7f47afc7bcd} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Qokou\lehu.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
|
|
28.08.2010, 00:12
| #2 |
| | BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. OTL1
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.08.2010 00:18:47 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 32,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 60,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,26 Gb Total Space | 5,43 Gb Free Space | 14,58% Space Free | Partition Type: NTFS Drive D: | 20,38 Gb Total Space | 9,03 Gb Free Space | 44,29% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 5,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre1.6.0_20\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\Secunia\PSI\psi.exe (Secunia) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Sandboxie\SbieCtrl.exe (tzuk) PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Programme\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\NI\multisim\Shared\Tagger\tagsrv.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.) PRC - C:\Programme\NI\multisim\Shared\Security\nidmsrv.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\lktsrv.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\lkads.exe (National Instruments Corporation) PRC - C:\Programme\NI\MAX\nimxs.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\nisvcloc.exe (National Instruments Corp.) PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Programme\Mouse Driver\Mouse_2k.exe () PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre1.6.0_20\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (tzuk) SRV - (vvdsvc) -- C:\WINDOWS\system32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.) SRV - (postgresql-8.4) -- C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (NITaggerService) -- C:\Programme\NI\multisim\Shared\Tagger\tagsrv.exe (National Instruments Corporation) SRV - (LkCitadelServer) -- C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.) SRV - (NIDomainService) -- C:\Programme\NI\multisim\Shared\Security\nidmsrv.exe (National Instruments Corporation) SRV - (lkTimeSync) -- C:\WINDOWS\system32\lktsrv.exe (National Instruments Corporation) SRV - (lkClassAds) -- C:\WINDOWS\system32\lkads.exe (National Instruments Corporation) SRV - (NILM License Manager) -- C:\Programme\NI\multisim\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation) SRV - (mxssvr) -- C:\Programme\NI\MAX\nimxs.exe (National Instruments Corporation) SRV - (niSvcLoc) -- C:\WINDOWS\System32\nisvcloc.exe (National Instruments Corp.) SRV - (OpcEnum) -- C:\WINDOWS\system32\Opcenum.exe (OPC Foundation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (vsdatant) -- C:\WINDOWS\System32\vsdatant.sys File not found DRV - (PICOPP) Pico Technology Ltd USB Driver (picopp.sys) -- C:\WINDOWS\System32\Drivers\picopp.sys File not found DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (cvintdrv) -- C:\WINDOWS\System32\drivers\cvintdrv.sys () DRV - (NiViPxiK) -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys (National Instruments Corporation) DRV - (NiViPciK) -- C:\WINDOWS\system32\drivers\NiViPciKl.sys (National Instruments Corporation) DRV - (NiViFWK) -- C:\WINDOWS\system32\drivers\NiViFWKl.sys (National Instruments Corporation) DRV - (nipalusbedl) -- C:\WINDOWS\system32\drivers\nipalusbedl.sys (National Instruments Corporation) DRV - (NIPALK) -- C:\WINDOWS\System32\drivers\nipalk.sys (National Instruments Corporation) DRV - (nipalfwedl) -- C:\WINDOWS\system32\drivers\nipalfwedl.sys (National Instruments Corporation) DRV - (nidimk) -- C:\WINDOWS\system32\drivers\nidimkl.sys (National Instruments Corporation) DRV - (niorbk) -- C:\WINDOWS\system32\drivers\niorbkl.sys (National Instruments Corporation) DRV - (nipbcfk) -- C:\WINDOWS\System32\drivers\nipbcfk.sys (National Instruments Corporation) DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation) DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (NETFWDSL) -- C:\WINDOWS\system32\drivers\NETFWDSL.SYS (AVM Berlin) DRV - (NETDSL) -- C:\WINDOWS\system32\drivers\netdsl.sys (Microsoft Corporation) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (SI3132) -- C:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (PrivateDisk) -- C:\WINDOWS\system32\drivers\privatediskm.sys (Utimaco Safeware AG) DRV - (USBCM) -- C:\WINDOWS\system32\drivers\Sacm2A.sys ( ) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre1.6.0_20\lib\deploy\jqs\ff [2010.08.27 00:38:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.23 19:09:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.27 00:36:19 | 000,000,000 | ---D | M] [2010.08.23 19:09:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.08.27 00:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\i1y9n14l.default\extensions [2010.08.23 19:13:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\i1y9n14l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.27 00:46:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.22 21:06:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2006.10.04 20:26:10 | 000,380,928 | ---- | M] (ParallelGraphics) -- C:\Programme\Mozilla Firefox\plugins\npCortona.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2006.01.23 11:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\NPLV80Win32.dll [2007.02.08 11:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\NPLV82Win32.dll [2007.07.24 19:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\nplv85win32.dll [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.6.0_20\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre1.6.0_20\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {147D6308-0614-4112-89B1-31402F9B82C4} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CreativeMouse ] C:\Programme\Mouse Driver\Mouse_2k.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DMS-Kalenderchen] C:\Programme\Kalenderchen\Kalenderchen.exe File not found O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) O4 - HKLM..\Run: [VAIO Update 2] C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation) O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKCU..\Run: [{AD4A7A1C-D8D2-B24C-3834-F7F47AFC7BCD}] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Qokou\lehu.exe (Agnitum Ltd.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [SandboxieControl] C:\Programme\Sandboxie\SbieCtrl.exe (tzuk) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Sparbuch heute.lnk = C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe () O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Secunia PSI.lnk = C:\Programme\Secunia\PSI\psi.exe (Secunia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O12 - Plugin for: .app - C:\WINDOWS\npMausPlugin.dll (Maus Software) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (Reg Error: Key error.) O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Reg Error: Key error.) O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (Reg Error: Key error.) O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.vexcast.com/download/vexcast.cab (VodClient Control Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 91.89.91.89 91.89.89.94 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Desktop\Desktop\081025CM.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Desktop\Desktop\081025CM.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.16 16:05:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{6c4c15b4-daab-11db-854e-0013a908ba47}\Shell - "" = AutoRun O33 - MountPoints2\{6c4c15b4-daab-11db-854e-0013a908ba47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d9382972-728e-11dc-85d2-0013a908ba47}\Shell\AutoRun\command - "" = G:\ O33 - MountPoints2\{d9382972-728e-11dc-85d2-0013a908ba47}\Shell\explore\Command - "" = G:\RECYCLER\autorun.exe -- File not found O33 - MountPoints2\{d9382972-728e-11dc-85d2-0013a908ba47}\Shell\open\Command - "" = G:\RECYCLER\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.28 00:16:38 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.08.27 22:21:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com [2010.08.27 22:21:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.08.27 22:21:11 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.08.27 00:39:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.27 00:39:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.27 00:39:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.27 00:32:00 | 000,000,000 | ---D | C] -- C:\Programme\Secunia [2010.08.27 00:01:29 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.08.23 21:47:25 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.23 20:36:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira [2010.08.23 20:32:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.08.23 20:09:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe [2010.08.23 19:07:57 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IECompatCache [2010.08.23 19:05:45 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE [2010.08.23 19:03:13 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache [2010.08.23 18:57:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010.08.23 18:52:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.08.23 18:47:23 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010.08.23 17:49:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2010.08.23 17:48:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.08.23 17:48:22 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.08.23 17:48:22 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.08.23 17:48:22 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.08.23 17:48:22 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.08.23 17:48:21 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.08.23 17:48:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.08.22 21:37:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Opera [2010.08.22 21:37:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2010.08.22 21:37:15 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2009.09.09 14:59:59 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys [2 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.28 00:16:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.08.27 23:49:48 | 007,864,320 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.08.27 23:32:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.08.27 22:21:14 | 000,001,646 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.27 05:45:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.27 05:44:49 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk [2010.08.27 05:44:04 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.08.27 05:43:35 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.08.27 05:42:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.27 05:42:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.27 05:42:12 | 1608,699,904 | -HS- | M] () -- C:\hiberfil.sys [2010.08.27 04:30:40 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.08.27 00:38:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.27 00:38:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.27 00:38:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.27 00:38:40 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.27 00:38:39 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.27 00:36:19 | 000,001,713 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.08.27 00:32:20 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Secunia PSI.lnk [2010.08.27 00:24:34 | 000,001,718 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk [2010.08.27 00:01:32 | 000,001,870 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.08.26 23:56:35 | 000,032,201 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Programme.rtf [2010.08.24 19:51:05 | 000,080,928 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.08.24 17:44:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.23 22:44:46 | 000,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.23 20:09:49 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe [2010.08.23 19:09:36 | 000,001,570 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.08.23 18:22:24 | 000,097,976 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks.html [2010.08.23 18:22:17 | 000,059,541 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks-2010-08-23.json [2010.08.23 17:52:06 | 000,000,576 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2010.08.23 17:48:39 | 000,001,675 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.08.22 19:53:55 | 000,001,368 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2010.08.14 13:02:27 | 000,485,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.14 13:02:27 | 000,462,192 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.14 13:02:27 | 000,095,834 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.14 13:02:27 | 000,079,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.14 13:02:25 | 001,132,076 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.13 03:15:04 | 000,001,613 | ---- | M] () -- C:\WINDOWS\win.ini [2 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.27 22:21:14 | 000,001,646 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.27 00:32:20 | 000,000,704 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Secunia PSI.lnk [2010.08.27 00:24:32 | 000,001,718 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk [2010.08.27 00:07:48 | 000,001,713 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.08.27 00:01:32 | 000,001,870 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.08.26 21:03:30 | 000,032,201 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Programme.rtf [2010.08.23 19:09:36 | 000,001,570 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.08.23 18:22:24 | 000,097,976 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks.html [2010.08.23 18:22:17 | 000,059,541 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks-2010-08-23.json [2010.08.23 17:52:06 | 000,000,576 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2010.08.23 17:48:39 | 000,001,675 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.02.21 18:17:52 | 000,001,368 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2010.02.14 15:44:04 | 000,000,367 | ---- | C] () -- C:\WINDOWS\wiso.ini [2010.02.11 01:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI [2009.09.27 02:40:44 | 000,000,351 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\postgresinstall.bat [2009.09.09 15:00:00 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys [2009.07.25 13:00:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\gvcasinos.ini [2008.01.20 16:03:05 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc [2007.11.09 12:56:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inscal32.INI [2007.11.09 12:55:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\scanview.INI [2007.10.23 11:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys [2007.10.20 14:01:54 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL [2007.07.19 10:25:34 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini [2007.07.18 22:12:26 | 000,003,520 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll [2007.06.22 20:14:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Editor.INI [2006.12.04 16:08:01 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006.10.24 19:45:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll [2006.08.30 20:22:10 | 000,000,842 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI [2006.08.30 18:31:29 | 000,000,569 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI [2006.08.30 18:01:29 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2006.07.26 15:04:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2006.07.08 11:10:33 | 000,000,054 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.zreglib [2006.06.29 18:24:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.iniA [2006.06.28 17:02:42 | 000,000,284 | ---- | C] () -- C:\WINDOWS\matlab.ini [2006.06.27 15:09:27 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll [2006.06.27 15:08:39 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2006.06.26 13:37:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat [2006.06.25 14:58:19 | 000,064,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.06.25 13:02:59 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.06.24 21:09:32 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.03.17 14:18:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.03.17 11:49:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.03.17 11:49:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.03.17 11:49:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.03.17 11:49:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.03.17 11:49:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.03.17 11:49:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.03.17 11:40:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI [2006.03.16 07:48:19 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.03.16 07:48:10 | 000,004,152 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005.11.01 10:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005.08.05 15:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.01.01 07:01:40 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.01.01 06:52:16 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2005.01.01 06:49:19 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2009.10.23 18:27:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy [2009.04.09 14:46:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2010.02.14 15:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.06.12 10:22:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.07.05 23:13:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2006.06.26 15:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2006.08.30 18:09:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2008.11.18 21:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments [2009.04.25 11:46:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2009.10.02 19:14:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2006.10.16 18:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2007.01.06 17:12:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Autodesk [2010.02.14 15:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buhl Data Service [2010.07.05 23:13:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon [2010.07.11 13:35:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon Easy-WebPrint EX [2007.08.27 20:30:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dev-Cpp [2009.09.09 15:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Elluminate [2009.09.16 13:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FRITZ! [2010.03.06 10:53:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GameOnPoker [2006.06.25 00:46:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo [2006.06.25 14:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech [2006.08.30 20:20:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAGIX [2007.11.06 19:44:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\National Instruments [2010.08.22 21:37:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2010.07.24 00:46:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PacificPoker [2008.03.12 08:00:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Qokou [2010.08.27 23:31:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sivea [2006.07.08 16:49:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SlySoft [2006.06.24 23:41:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\sony [2010.02.20 17:57:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\StreamTorrent [2009.04.25 11:47:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\T-Online [2006.10.17 18:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TerraTec [2007.12.25 02:14:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TrueCrypt ========== Purity Check ========== < End of report > OTL2 OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.08.2010 00:18:47 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 32,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 60,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,26 Gb Total Space | 5,43 Gb Free Space | 14,58% Space Free | Partition Type: NTFS Drive D: | 20,38 Gb Total Space | 9,03 Gb Free Space | 44,29% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 5,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre1.6.0_20\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\Secunia\PSI\psi.exe (Secunia) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Sandboxie\SbieCtrl.exe (tzuk) PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Programme\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\NI\multisim\Shared\Tagger\tagsrv.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.) PRC - C:\Programme\NI\multisim\Shared\Security\nidmsrv.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\lktsrv.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\lkads.exe (National Instruments Corporation) PRC - C:\Programme\NI\MAX\nimxs.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\nisvcloc.exe (National Instruments Corp.) PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Programme\Mouse Driver\Mouse_2k.exe () PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre1.6.0_20\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (tzuk) SRV - (vvdsvc) -- C:\WINDOWS\system32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.) SRV - (postgresql-8.4) -- C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (NITaggerService) -- C:\Programme\NI\multisim\Shared\Tagger\tagsrv.exe (National Instruments Corporation) SRV - (LkCitadelServer) -- C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.) SRV - (NIDomainService) -- C:\Programme\NI\multisim\Shared\Security\nidmsrv.exe (National Instruments Corporation) SRV - (lkTimeSync) -- C:\WINDOWS\system32\lktsrv.exe (National Instruments Corporation) SRV - (lkClassAds) -- C:\WINDOWS\system32\lkads.exe (National Instruments Corporation) SRV - (NILM License Manager) -- C:\Programme\NI\multisim\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation) SRV - (mxssvr) -- C:\Programme\NI\MAX\nimxs.exe (National Instruments Corporation) SRV - (niSvcLoc) -- C:\WINDOWS\System32\nisvcloc.exe (National Instruments Corp.) SRV - (OpcEnum) -- C:\WINDOWS\system32\Opcenum.exe (OPC Foundation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (vsdatant) -- C:\WINDOWS\System32\vsdatant.sys File not found DRV - (PICOPP) Pico Technology Ltd USB Driver (picopp.sys) -- C:\WINDOWS\System32\Drivers\picopp.sys File not found DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (cvintdrv) -- C:\WINDOWS\System32\drivers\cvintdrv.sys () DRV - (NiViPxiK) -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys (National Instruments Corporation) DRV - (NiViPciK) -- C:\WINDOWS\system32\drivers\NiViPciKl.sys (National Instruments Corporation) DRV - (NiViFWK) -- C:\WINDOWS\system32\drivers\NiViFWKl.sys (National Instruments Corporation) DRV - (nipalusbedl) -- C:\WINDOWS\system32\drivers\nipalusbedl.sys (National Instruments Corporation) DRV - (NIPALK) -- C:\WINDOWS\System32\drivers\nipalk.sys (National Instruments Corporation) DRV - (nipalfwedl) -- C:\WINDOWS\system32\drivers\nipalfwedl.sys (National Instruments Corporation) DRV - (nidimk) -- C:\WINDOWS\system32\drivers\nidimkl.sys (National Instruments Corporation) DRV - (niorbk) -- C:\WINDOWS\system32\drivers\niorbkl.sys (National Instruments Corporation) DRV - (nipbcfk) -- C:\WINDOWS\System32\drivers\nipbcfk.sys (National Instruments Corporation) DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation) DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (NETFWDSL) -- C:\WINDOWS\system32\drivers\NETFWDSL.SYS (AVM Berlin) DRV - (NETDSL) -- C:\WINDOWS\system32\drivers\netdsl.sys (Microsoft Corporation) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (SI3132) -- C:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (PrivateDisk) -- C:\WINDOWS\system32\drivers\privatediskm.sys (Utimaco Safeware AG) DRV - (USBCM) -- C:\WINDOWS\system32\drivers\Sacm2A.sys ( ) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre1.6.0_20\lib\deploy\jqs\ff [2010.08.27 00:38:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.23 19:09:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.27 00:36:19 | 000,000,000 | ---D | M] [2010.08.23 19:09:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.08.27 00:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\i1y9n14l.default\extensions [2010.08.23 19:13:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\i1y9n14l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.27 00:46:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.22 21:06:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2006.10.04 20:26:10 | 000,380,928 | ---- | M] (ParallelGraphics) -- C:\Programme\Mozilla Firefox\plugins\npCortona.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2006.01.23 11:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\NPLV80Win32.dll [2007.02.08 11:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\NPLV82Win32.dll [2007.07.24 19:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\nplv85win32.dll [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.6.0_20\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre1.6.0_20\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {147D6308-0614-4112-89B1-31402F9B82C4} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CreativeMouse ] C:\Programme\Mouse Driver\Mouse_2k.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DMS-Kalenderchen] C:\Programme\Kalenderchen\Kalenderchen.exe File not found O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) O4 - HKLM..\Run: [VAIO Update 2] C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation) O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKCU..\Run: [{AD4A7A1C-D8D2-B24C-3834-F7F47AFC7BCD}] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Qokou\lehu.exe (Agnitum Ltd.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [SandboxieControl] C:\Programme\Sandboxie\SbieCtrl.exe (tzuk) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Sparbuch heute.lnk = C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe () O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Secunia PSI.lnk = C:\Programme\Secunia\PSI\psi.exe (Secunia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O12 - Plugin for: .app - C:\WINDOWS\npMausPlugin.dll (Maus Software) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (Reg Error: Key error.) O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Reg Error: Key error.) O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (Reg Error: Key error.) O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.vexcast.com/download/vexcast.cab (VodClient Control Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 91.89.91.89 91.89.89.94 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Desktop\Desktop\081025CM.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Desktop\Desktop\081025CM.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.16 16:05:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{6c4c15b4-daab-11db-854e-0013a908ba47}\Shell - "" = AutoRun O33 - MountPoints2\{6c4c15b4-daab-11db-854e-0013a908ba47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d9382972-728e-11dc-85d2-0013a908ba47}\Shell\AutoRun\command - "" = G:\ O33 - MountPoints2\{d9382972-728e-11dc-85d2-0013a908ba47}\Shell\explore\Command - "" = G:\RECYCLER\autorun.exe -- File not found O33 - MountPoints2\{d9382972-728e-11dc-85d2-0013a908ba47}\Shell\open\Command - "" = G:\RECYCLER\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.28 00:16:38 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.08.27 22:21:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com [2010.08.27 22:21:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.08.27 22:21:11 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.08.27 00:39:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.27 00:39:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.27 00:39:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.27 00:32:00 | 000,000,000 | ---D | C] -- C:\Programme\Secunia [2010.08.27 00:01:29 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.08.23 21:47:25 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.23 20:36:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira [2010.08.23 20:32:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.08.23 20:09:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe [2010.08.23 19:07:57 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IECompatCache [2010.08.23 19:05:45 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE [2010.08.23 19:03:13 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache [2010.08.23 18:57:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010.08.23 18:52:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.08.23 18:47:23 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010.08.23 17:49:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2010.08.23 17:48:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.08.23 17:48:22 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.08.23 17:48:22 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.08.23 17:48:22 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.08.23 17:48:22 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.08.23 17:48:21 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.08.23 17:48:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.08.22 21:37:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Opera [2010.08.22 21:37:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2010.08.22 21:37:15 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2009.09.09 14:59:59 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys [2 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.28 00:16:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.08.27 23:49:48 | 007,864,320 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.08.27 23:32:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.08.27 22:21:14 | 000,001,646 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.27 05:45:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.27 05:44:49 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk [2010.08.27 05:44:04 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.08.27 05:43:35 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.08.27 05:42:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.27 05:42:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.27 05:42:12 | 1608,699,904 | -HS- | M] () -- C:\hiberfil.sys [2010.08.27 04:30:40 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.08.27 00:38:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.27 00:38:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.27 00:38:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.27 00:38:40 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.27 00:38:39 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.27 00:36:19 | 000,001,713 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.08.27 00:32:20 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Secunia PSI.lnk [2010.08.27 00:24:34 | 000,001,718 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk [2010.08.27 00:01:32 | 000,001,870 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.08.26 23:56:35 | 000,032,201 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Programme.rtf [2010.08.24 19:51:05 | 000,080,928 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.08.24 17:44:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.23 22:44:46 | 000,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.23 20:09:49 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe [2010.08.23 19:09:36 | 000,001,570 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.08.23 18:22:24 | 000,097,976 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks.html [2010.08.23 18:22:17 | 000,059,541 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks-2010-08-23.json [2010.08.23 17:52:06 | 000,000,576 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2010.08.23 17:48:39 | 000,001,675 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.08.22 19:53:55 | 000,001,368 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2010.08.14 13:02:27 | 000,485,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.14 13:02:27 | 000,462,192 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.14 13:02:27 | 000,095,834 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.14 13:02:27 | 000,079,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.14 13:02:25 | 001,132,076 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.13 03:15:04 | 000,001,613 | ---- | M] () -- C:\WINDOWS\win.ini [2 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.27 22:21:14 | 000,001,646 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.27 00:32:20 | 000,000,704 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Secunia PSI.lnk [2010.08.27 00:24:32 | 000,001,718 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk [2010.08.27 00:07:48 | 000,001,713 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.08.27 00:01:32 | 000,001,870 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.08.26 21:03:30 | 000,032,201 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Programme.rtf [2010.08.23 19:09:36 | 000,001,570 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.08.23 18:22:24 | 000,097,976 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks.html [2010.08.23 18:22:17 | 000,059,541 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks-2010-08-23.json [2010.08.23 17:52:06 | 000,000,576 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2010.08.23 17:48:39 | 000,001,675 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.02.21 18:17:52 | 000,001,368 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2010.02.14 15:44:04 | 000,000,367 | ---- | C] () -- C:\WINDOWS\wiso.ini [2010.02.11 01:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI [2009.09.27 02:40:44 | 000,000,351 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\postgresinstall.bat [2009.09.09 15:00:00 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys [2009.07.25 13:00:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\gvcasinos.ini [2008.01.20 16:03:05 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc [2007.11.09 12:56:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inscal32.INI [2007.11.09 12:55:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\scanview.INI [2007.10.23 11:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys [2007.10.20 14:01:54 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL [2007.07.19 10:25:34 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini [2007.07.18 22:12:26 | 000,003,520 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll [2007.06.22 20:14:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Editor.INI [2006.12.04 16:08:01 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006.10.24 19:45:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll [2006.08.30 20:22:10 | 000,000,842 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI [2006.08.30 18:31:29 | 000,000,569 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI [2006.08.30 18:01:29 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2006.07.26 15:04:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2006.07.08 11:10:33 | 000,000,054 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.zreglib [2006.06.29 18:24:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.iniA [2006.06.28 17:02:42 | 000,000,284 | ---- | C] () -- C:\WINDOWS\matlab.ini [2006.06.27 15:09:27 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll [2006.06.27 15:08:39 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2006.06.26 13:37:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat [2006.06.25 14:58:19 | 000,064,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.06.25 13:02:59 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.06.24 21:09:32 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.03.17 14:18:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.03.17 11:49:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.03.17 11:49:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.03.17 11:49:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.03.17 11:49:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.03.17 11:49:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.03.17 11:49:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.03.17 11:40:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI [2006.03.16 07:48:19 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.03.16 07:48:10 | 000,004,152 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005.11.01 10:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005.08.05 15:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.01.01 07:01:40 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.01.01 06:52:16 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2005.01.01 06:49:19 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2009.10.23 18:27:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy [2009.04.09 14:46:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2010.02.14 15:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.06.12 10:22:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.07.05 23:13:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2006.06.26 15:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2006.08.30 18:09:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2008.11.18 21:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments [2009.04.25 11:46:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2009.10.02 19:14:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2006.10.16 18:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2007.01.06 17:12:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Autodesk [2010.02.14 15:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buhl Data Service [2010.07.05 23:13:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon [2010.07.11 13:35:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon Easy-WebPrint EX [2007.08.27 20:30:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dev-Cpp [2009.09.09 15:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Elluminate [2009.09.16 13:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FRITZ! [2010.03.06 10:53:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GameOnPoker [2006.06.25 00:46:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo [2006.06.25 14:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech [2006.08.30 20:20:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAGIX [2007.11.06 19:44:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\National Instruments [2010.08.22 21:37:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2010.07.24 00:46:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PacificPoker [2008.03.12 08:00:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Qokou [2010.08.27 23:31:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sivea [2006.07.08 16:49:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SlySoft [2006.06.24 23:41:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\sony [2010.02.20 17:57:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\StreamTorrent [2009.04.25 11:47:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\T-Online [2006.10.17 18:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TerraTec [2007.12.25 02:14:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TrueCrypt ========== Purity Check ========== < End of report > |
|
28.08.2010, 01:24
| #3 |
| /// Malwareteam   | BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [{AD4A7A1C-D8D2-B24C-3834-F7F47AFC7BCD}] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Qokou\lehu.exe (Agnitum Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {147D6308-0614-4112-89B1-31402F9B82C4} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O33 - MountPoints2\{6c4c15b4-daab-11db-854e-0013a908ba47}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4c15b4-daab-11db-854e-0013a908ba47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d9382972-728e-11dc-85d2-0013a908ba47}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{d9382972-728e-11dc-85d2-0013a908ba47}\Shell\explore\Command - "" = G:\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{d9382972-728e-11dc-85d2-0013a908ba47}\Shell\open\Command - "" = G:\RECYCLER\autorun.exe -- File not found
[2008.03.12 08:00:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Qokou
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
Schritt 2 Rootkit-Suche mit Gmer Was sind Rootkits? Wichtig: Bei jedem Rootkit-Scans soll/en:
Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Nun das Logfile in Code-Tags posten. |
|
28.08.2010, 08:05
| #4 |
| | BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. Hallo Swiss, erstmal vielen Dank für Deine Unterstützung!!! Hier erstmal der Inhalt von OTL: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{AD4A7A1C-D8D2-B24C-3834-F7F47AFC7BCD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD4A7A1C-D8D2-B24C-3834-F7F47AFC7BCD}\ not found.
File C:\Dokumente und Einstellungen\***\Anwendungsdaten\Qokou\lehu.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{147D6308-0614-4112-89B1-31402F9B82C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147D6308-0614-4112-89B1-31402F9B82C4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c4c15b4-daab-11db-854e-0013a908ba47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c4c15b4-daab-11db-854e-0013a908ba47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c4c15b4-daab-11db-854e-0013a908ba47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c4c15b4-daab-11db-854e-0013a908ba47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9382972-728e-11dc-85d2-0013a908ba47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9382972-728e-11dc-85d2-0013a908ba47}\ not found.
File G:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9382972-728e-11dc-85d2-0013a908ba47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9382972-728e-11dc-85d2-0013a908ba47}\ not found.
File G:\RECYCLER\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9382972-728e-11dc-85d2-0013a908ba47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9382972-728e-11dc-85d2-0013a908ba47}\ not found.
File G:\RECYCLER\autorun.exe not found.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Qokou folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: ***
->Temp folder emptied: 48719254 bytes
->Temporary Internet Files folder emptied: 13071034 bytes
->Java cache emptied: 118545 bytes
->FireFox cache emptied: 25750888 bytes
->Opera cache emptied: 1595947 bytes
->Flash cache emptied: 1713 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: sissi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 415794 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 86,00 mb
OTL by OldTimer - Version 3.2.10.0 log created on 08282010_085248
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2e0.dat not found!
Registry entries deleted on Reboot...
|
|
28.08.2010, 18:49
| #5 |
| | BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. So, der GMER-Scan ist jetzt mit einer Dauer von ca 10 Stunden durchgelaufen, leider hat sich das Programm aufgehängt, als ich das log-File speichern wollte. Ich muss den Scan wohl nochmal durchlaufen lassen! Bis dann Anton |
|
29.08.2010, 07:19
| #6 |
| | BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. Guten morgen erstmal! Verflucht!!!  Gmer ist über nacht wieder durchgelaufen. Ich habe es diesmal anders gemacht als beim ersten Versuch. Statt das Log-File zu speichern, habe ich das Ergebnis in die Zwischenablage kopiert. Danach konnte ich aber kein Txt-File öffnen, um die Daten hinein zu kopieren. Am PC reagiert wie beim ersten Mal nur noch die Maus. Dateien können nicht geöffnet werden. Was kann ich nun tun??? Habe das freeware-Tool "copy handler" gefunden, dass nach einem Neustart weiterhin über die in die Zwischenablage gespeicherten Daten verfügt! Ist das sinnvoll? Bis dann Anton |
|
29.08.2010, 07:33
| #7 |
| /// Malwareteam | BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. Nein, lass das mal mit GMER. Schritt 1 Mach einen Fullscan mit Malwarebytes Anti-Malware. Schritt 2 Erneuter Systemscan mit OTL
|
|
29.08.2010, 22:36
| #8 |
| | BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. So hier ist erstmal der Scan mit Malwarebytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4499
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
29.08.2010 23:34:11
mbam-log-2010-08-29 (23-34-11).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 402291
Laufzeit: 2 Stunde(n), 2 Minute(n), 4 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Poker\PokerRoomSchool\_SetupPoker.exe (Adware.Casino) -> Quarantined and deleted successfully.
|
|
29.08.2010, 23:11
| #9 |
| | BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. Hier noch die OTL-Logs Code:
ATTFilter OTL logfile created on: 29.08.2010 23:44:56 - Run 2 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,26 Gb Total Space | 5,42 Gb Free Space | 14,56% Space Free | Partition Type: NTFS Drive D: | 20,38 Gb Total Space | 9,03 Gb Free Space | 44,29% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 5,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: xxx Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre1.6.0_20\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\Secunia\PSI\psi.exe (Secunia) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Sandboxie\SbieCtrl.exe (tzuk) PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Programme\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\NI\multisim\Shared\Tagger\tagsrv.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.) PRC - C:\Programme\NI\multisim\Shared\Security\nidmsrv.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\lktsrv.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\lkads.exe (National Instruments Corporation) PRC - C:\Programme\NI\MAX\nimxs.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\nisvcloc.exe (National Instruments Corp.) PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Programme\Mouse Driver\Mouse_2k.exe () PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre1.6.0_20\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (tzuk) SRV - (postgresql-8.4) -- C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (NITaggerService) -- C:\Programme\NI\multisim\Shared\Tagger\tagsrv.exe (National Instruments Corporation) SRV - (LkCitadelServer) -- C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.) SRV - (NIDomainService) -- C:\Programme\NI\multisim\Shared\Security\nidmsrv.exe (National Instruments Corporation) SRV - (lkTimeSync) -- C:\WINDOWS\system32\lktsrv.exe (National Instruments Corporation) SRV - (lkClassAds) -- C:\WINDOWS\system32\lkads.exe (National Instruments Corporation) SRV - (NILM License Manager) -- C:\Programme\NI\multisim\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation) SRV - (mxssvr) -- C:\Programme\NI\MAX\nimxs.exe (National Instruments Corporation) SRV - (niSvcLoc) -- C:\WINDOWS\System32\nisvcloc.exe (National Instruments Corp.) SRV - (OpcEnum) -- C:\WINDOWS\system32\Opcenum.exe (OPC Foundation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (vsdatant) -- C:\WINDOWS\System32\vsdatant.sys File not found DRV - (PICOPP) Pico Technology Ltd USB Driver (picopp.sys) -- C:\WINDOWS\System32\Drivers\picopp.sys File not found DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (cvintdrv) -- C:\WINDOWS\System32\drivers\cvintdrv.sys () DRV - (NiViPxiK) -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys (National Instruments Corporation) DRV - (NiViPciK) -- C:\WINDOWS\system32\drivers\NiViPciKl.sys (National Instruments Corporation) DRV - (NiViFWK) -- C:\WINDOWS\system32\drivers\NiViFWKl.sys (National Instruments Corporation) DRV - (nipalusbedl) -- C:\WINDOWS\system32\drivers\nipalusbedl.sys (National Instruments Corporation) DRV - (NIPALK) -- C:\WINDOWS\System32\drivers\nipalk.sys (National Instruments Corporation) DRV - (nipalfwedl) -- C:\WINDOWS\system32\drivers\nipalfwedl.sys (National Instruments Corporation) DRV - (nidimk) -- C:\WINDOWS\system32\drivers\nidimkl.sys (National Instruments Corporation) DRV - (niorbk) -- C:\WINDOWS\system32\drivers\niorbkl.sys (National Instruments Corporation) DRV - (nipbcfk) -- C:\WINDOWS\System32\drivers\nipbcfk.sys (National Instruments Corporation) DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation) DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (NETFWDSL) -- C:\WINDOWS\system32\drivers\NETFWDSL.SYS (AVM Berlin) DRV - (NETDSL) -- C:\WINDOWS\system32\drivers\netdsl.sys (Microsoft Corporation) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (SI3132) -- C:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (PrivateDisk) -- C:\WINDOWS\system32\drivers\privatediskm.sys (Utimaco Safeware AG) DRV - (USBCM) -- C:\WINDOWS\system32\drivers\Sacm2A.sys ( ) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre1.6.0_20\lib\deploy\jqs\ff [2010.08.27 00:38:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.23 19:09:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.27 00:36:19 | 000,000,000 | ---D | M] [2010.08.23 19:09:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.08.27 00:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\i1y9n14l.default\extensions [2010.08.23 19:13:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\i1y9n14l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.27 00:46:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.22 21:06:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2006.10.04 20:26:10 | 000,380,928 | ---- | M] (ParallelGraphics) -- C:\Programme\Mozilla Firefox\plugins\npCortona.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2006.01.23 11:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\NPLV80Win32.dll [2007.02.08 11:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\NPLV82Win32.dll [2007.07.24 19:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\nplv85win32.dll [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.6.0_20\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre1.6.0_20\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Copy Handler] File not found O4 - HKLM..\Run: [CreativeMouse ] C:\Programme\Mouse Driver\Mouse_2k.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DMS-Kalenderchen] C:\Programme\Kalenderchen\Kalenderchen.exe File not found O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) O4 - HKLM..\Run: [VAIO Update 2] C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation) O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [SandboxieControl] C:\Programme\Sandboxie\SbieCtrl.exe (tzuk) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Sparbuch heute.lnk = C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe () O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Secunia PSI.lnk = C:\Programme\Secunia\PSI\psi.exe (Secunia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O12 - Plugin for: .app - C:\WINDOWS\npMausPlugin.dll (Maus Software) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (Reg Error: Key error.) O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Reg Error: Key error.) O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (Reg Error: Key error.) O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 91.89.91.89 91.89.89.94 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Desktop\Desktop\081025CM.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Desktop\Desktop\081025CM.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.16 16:05:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.29 08:28:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Copy Handler [2010.08.29 08:23:24 | 000,000,000 | ---D | C] -- C:\Programme\Copy Handler [2010.08.28 08:52:48 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.28 01:17:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\backups [2010.08.28 00:16:38 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.08.27 22:21:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com [2010.08.27 22:21:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.08.27 22:21:11 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.08.27 00:39:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.27 00:39:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.27 00:39:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.27 00:32:00 | 000,000,000 | ---D | C] -- C:\Programme\Secunia [2010.08.27 00:01:29 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.08.23 21:47:25 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.23 20:36:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira [2010.08.23 20:32:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.08.23 20:09:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe [2010.08.23 19:07:57 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IECompatCache [2010.08.23 19:05:45 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE [2010.08.23 19:03:13 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache [2010.08.23 18:57:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010.08.23 18:52:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.08.23 18:47:23 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010.08.23 17:49:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2010.08.23 17:48:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.08.23 17:48:22 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.08.23 17:48:22 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.08.23 17:48:22 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.08.23 17:48:22 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.08.23 17:48:21 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.08.23 17:48:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.08.22 21:37:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Opera [2010.08.22 21:37:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2010.08.22 21:37:15 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2009.09.09 14:59:59 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys [2 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.29 23:40:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.29 23:40:46 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk [2010.08.29 23:40:03 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.08.29 23:39:31 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.08.29 23:38:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.29 23:38:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.29 23:38:08 | 1608,699,904 | -HS- | M] () -- C:\hiberfil.sys [2010.08.29 23:36:48 | 007,864,320 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.08.29 23:36:48 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.08.29 23:32:14 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.08.29 08:02:38 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.08.28 09:08:16 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2010.08.28 09:07:32 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe [2010.08.28 00:16:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.08.27 22:21:14 | 000,001,646 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.27 00:38:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.27 00:38:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.27 00:38:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.27 00:38:40 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.27 00:38:39 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.27 00:36:19 | 000,001,713 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.08.27 00:32:20 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Secunia PSI.lnk [2010.08.27 00:24:34 | 000,001,718 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk [2010.08.26 23:56:35 | 000,032,201 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Programme.rtf [2010.08.24 19:51:05 | 000,080,928 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.08.24 17:44:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.23 22:44:46 | 000,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.23 20:09:49 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe [2010.08.23 19:09:36 | 000,001,570 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.08.23 18:22:24 | 000,097,976 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks.html [2010.08.23 18:22:17 | 000,059,541 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks-2010-08-23.json [2010.08.23 17:52:06 | 000,000,576 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2010.08.23 17:48:39 | 000,001,675 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.08.22 19:53:55 | 000,001,368 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2010.08.14 13:02:27 | 000,485,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.14 13:02:27 | 000,462,192 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.14 13:02:27 | 000,095,834 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.14 13:02:27 | 000,079,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.14 13:02:25 | 001,132,076 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.13 03:15:04 | 000,001,613 | ---- | M] () -- C:\WINDOWS\win.ini [2 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.28 09:08:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2010.08.28 09:07:32 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe [2010.08.27 22:21:14 | 000,001,646 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.27 00:32:20 | 000,000,704 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Secunia PSI.lnk [2010.08.27 00:24:32 | 000,001,718 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk [2010.08.27 00:07:48 | 000,001,713 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.08.27 00:01:32 | 000,002,241 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.08.26 21:03:30 | 000,032,201 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Programme.rtf [2010.08.23 19:09:36 | 000,001,570 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.08.23 18:22:24 | 000,097,976 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks.html [2010.08.23 18:22:17 | 000,059,541 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks-2010-08-23.json [2010.08.23 17:52:06 | 000,000,576 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2010.08.23 17:48:39 | 000,001,675 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.02.21 18:17:52 | 000,001,368 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2010.02.14 15:44:04 | 000,000,367 | ---- | C] () -- C:\WINDOWS\wiso.ini [2010.02.11 01:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI [2009.09.27 02:40:44 | 000,000,351 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\postgresinstall.bat [2009.09.09 15:00:00 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys [2009.07.25 13:00:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\gvcasinos.ini [2008.01.20 16:03:05 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc [2007.11.09 12:56:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inscal32.INI [2007.11.09 12:55:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\scanview.INI [2007.10.23 11:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys [2007.10.20 14:01:54 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL [2007.07.19 10:25:34 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini [2007.07.18 22:12:26 | 000,003,520 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll [2007.06.22 20:14:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Editor.INI [2006.12.04 16:08:01 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006.10.24 19:45:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll [2006.08.30 20:22:10 | 000,000,842 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI [2006.08.30 18:31:29 | 000,000,569 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI [2006.08.30 18:01:29 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2006.07.26 15:04:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2006.07.08 11:10:33 | 000,000,054 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.zreglib [2006.06.29 18:24:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini [2006.06.28 17:02:42 | 000,000,284 | ---- | C] () -- C:\WINDOWS\matlab.ini [2006.06.27 15:09:27 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll [2006.06.27 15:08:39 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2006.06.26 13:37:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat [2006.06.25 14:58:19 | 000,064,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.06.25 13:02:59 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.06.24 21:09:32 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.03.17 14:18:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.03.17 11:49:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.03.17 11:49:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.03.17 11:49:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.03.17 11:49:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.03.17 11:49:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.03.17 11:49:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.03.17 11:40:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI [2006.03.16 07:48:19 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.03.16 07:48:10 | 000,004,152 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005.11.01 10:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005.08.05 15:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.01.01 07:01:40 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.01.01 06:52:16 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2005.01.01 06:49:19 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2009.10.23 18:27:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy [2009.04.09 14:46:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2010.02.14 15:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.06.12 10:22:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.07.05 23:13:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2006.06.26 15:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2006.08.30 18:09:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2008.11.18 21:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments [2009.04.25 11:46:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2009.10.02 19:14:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2006.10.16 18:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2007.01.06 17:12:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Autodesk [2010.02.14 15:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buhl Data Service [2010.07.05 23:13:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon [2010.07.11 13:35:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon Easy-WebPrint EX [2007.08.27 20:30:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dev-Cpp [2009.09.09 15:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Elluminate [2009.09.16 13:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FRITZ! [2010.03.06 10:53:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GameOnPoker [2006.06.25 00:46:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo [2006.06.25 14:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech [2006.08.30 20:20:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAGIX [2007.11.06 19:44:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\National Instruments [2010.08.22 21:37:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2010.07.24 00:46:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PacificPoker [2010.08.28 01:00:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sivea [2006.07.08 16:49:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SlySoft [2006.06.24 23:41:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\sony [2010.02.20 17:57:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\StreamTorrent [2009.04.25 11:47:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\T-Online [2006.10.17 18:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TerraTec [2007.12.25 02:14:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TrueCrypt ========== Purity Check ========== < End of report > |
|
29.08.2010, 23:11
| #10 |
| | BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. Extras OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.08.2010 23:44:56 - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 5,42 Gb Free Space | 14,56% Space Free | Partition Type: NTFS
Drive D: | 20,38 Gb Total Space | 9,03 Gb Free Space | 44,29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 5,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: xxx
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5432:TCP" = 5432:TCP:*:Enabled:postgres
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- File not found
"C:\Programme\Google\Google Talk\googletalk.exe" = C:\Programme\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found
"C:\Programme\Sony\VAIO Media 5.0\Vc.exe" = C:\Programme\Sony\VAIO Media 5.0\Vc.exe:*:Disabled:[VAIO Media] VAIO Media -- (Sony Corporation)
"C:\Programme\Sony\Click to DVD 2\CtoDvd.exe" = C:\Programme\Sony\Click to DVD 2\CtoDvd.exe:*:Disabled:Click to DVD -- (Sony Corporation)
"C:\Dokumente und Einstellungen\***\Desktop\UnrealTournament\System\UnrealTournament.exe" = C:\Dokumente und Einstellungen\***\Desktop\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament -- File not found
"C:\Dokumente und Einstellungen\***\Desktop\valve\hl.exe" = C:\Dokumente und Einstellungen\***\Desktop\valve\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"C:\Programme\Maple 9.5\jre\bin\java.exe" = C:\Programme\Maple 9.5\jre\bin\java.exe:*:Enabled:java -- ()
"C:\Programme\Maple 9.5\bin.win\mserver.exe" = C:\Programme\Maple 9.5\bin.win\mserver.exe:*:Enabled:mserver -- ()
"C:\games\valve\hl.exe" = C:\games\valve\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\NI\LabVIEW 8.2\LabVIEW.exe" = C:\Programme\NI\LabVIEW 8.2\LabVIEW.exe:*:Enabled:LabVIEW 8.2 Development System -- File not found
"C:\Programme\Meilhaus Electronic\ME-RedLab\MccSkts.exe" = C:\Programme\Meilhaus Electronic\ME-RedLab\MccSkts.exe:*:Enabled:MccSkts Module -- File not found
"C:\Programme\NI\multisim\Shared\Example Finder\1.0\BIN\NIExampleFinder.exe" = C:\Programme\NI\multisim\Shared\Example Finder\1.0\BIN\NIExampleFinder.exe:*:Enabled:NIExampleFinder -- (National Instruments Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Java\jre1.5.0_06\bin\javaw.exe" = C:\Programme\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\Programme\Holdem Indicator\HoldemIndicator.exe" = C:\Programme\Holdem Indicator\HoldemIndicator.exe:*:Enabled:Holdem Indicator -- (HoldemIndicator.com)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\TVAnts\Tvants.exe" = C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0087583F-1ED8-4A92-88A4-D49DCD56FC6B}" = NI Circuit Design Suite 10 Core
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{04333594-B0F2-47C8-AFAE-3A372B178159}" = NI LabVIEW 8.5.1 Manuals
"{065F29A4-D4D9-4BB9-85AF-8A878907BBD6}" = NI LabVIEW Run-Time Engine 8.5.1
"{0699C67B-F5B5-4CA3-A3A9-B976406FA4DA}" = NI Service Locator
"{071ED036-038F-4F6C-8188-B5E02602C8AD}" = NI LabVIEW MAX XML
"{074A23EE-23DB-4393-BCDF-441FF5539DD1}" = NI LabVIEW 8.5.1 WWW
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{07EC2A8F-AF18-4908-942A-3CD62E9FB4B7}" = NI License Manager
"{087A9C62-E00E-47F7-8D77-4BB9A0774686}" = NI LabVIEW SignalExpress 2.5.1 Datatypes
"{0FB31DF8-38DF-4C9D-B313-AFAFC3FBA02B}" = NI LVBrokerAux 8.2.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{148B1E59-71A1-441B-ACF6-342612CE68F4}" = NI LabVIEW 8.5.1 Menus
"{1538B06D-3F62-4622-B9D2-27B894C3496C}" = NI LVBrokerAux 8.5.0
"{15D5755D-3795-45FE-9ED6-BC0DAFA3B333}" = NI-RPC 3.4.0f1
"{1621361B-A165-4ABF-AB5D-86EA36E5C861}" = NI LabVIEW Modulation Toolkit 4.0
"{17F4ADCB-387E-43A5-8292-A4A37704D670}" = NI MDF Support
"{1A710265-096B-46CB-8849-53A209D9A8CF}" = NI Certificates Deployment Support
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1C523A18-9AAF-422F-A494-96D2ABF0D19E}" = NI LabVIEW Simulation Module Shared Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{21848659-B9DA-4F53-89BC-B4D9E8E257CB}" = NI LabVIEW 8.5.1 gMath
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{243F0DFE-9945-4212-93CD-9B49D38477BE}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0
"{24E2D472-2F24-40EF-88EA-F201C36E4F87}" = NI LabVIEW SignalExpress 2.5.1 LabVIEW Support
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{297BDF30-471F-4E8C-9C05-09C3882300CD}" = NI LabWindows/CVI 8.1.1 Run-Time Engine
"{297FA251-FF30-4F16-978C-4A65EA804EFF}" = NI LabVIEW Real-Time Error Dialog
"{29A816A6-86EF-41ED-806C-012728927595}" = NI Remote Provider for MAX
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A904A2C-17D7-4A4A-AD83-D11562A9D4CC}" = NI LabVIEW SignalExpress 2.5.1 Steps
"{2EBA5473-558B-462C-AEE4-FE50FA799F2A}" = Mouse Driver 1.0
"{2F60CB4C-4134-42CA-B8A6-76F732CBADC2}" = NI Variable Manager
"{2F8BE683-EF69-4D18-9974-DB0C1832A516}" = ICM Trainer Light
"{2FD67C2E-0F4B-4691-8680-24CD60217220}" = NI Variable Engine
"{3401C71A-99BA-492F-B7F2-652705326BBE}" = NI LabVIEW 8.5.1 Templates
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36DC540B-3062-4538-B1D1-E367BC9F47FC}" = NI LVBrokerAux71
"{37DABC6A-3662-4A68-A1D8-A6E4958F64B6}" = NI Measurement Studio 8.1 Enterprise RunTime for VS2005
"{38A4AD83-3492-4A4E-A502-48106D88DD3E}" = NI USI 1.5.0
"{3BEFE7B3-1FAF-4C0E-A44D-7E5AF5916087}" = NI LabVIEW 8.5 Help File
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{4262645A-40CC-47C7-8934-903FB7E9DC09}" = NI-PAL 2.1.0f1
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{48D9B619-826B-428E-97E6-041B46528DBE}" = NI LabVIEW SignalExpress 2.5.1 Licenses
"{48E9DE14-39D1-4974-91A6-D4E1836F648D}" = SafeGuard® PrivateDisk 1.00.6 - Try and Buy Version
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CF5749D-2D10-4F5F-8AEC-DA808F15D665}" = NI IVI Class Driver LabVIEW 8.5 Support
"{4DD8D80C-6AC9-4E19-B3CE-E2CEB656AF2A}" = NI IVI Engine
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{53736430-DBEC-4582-B072-2F1F0A2C4EA6}" = NI LabVIEW Run-Time Engine 7.1.1
"{5377A7B4-D916-4B82-98C0-FB58264CD331}" = NI System Identification Assistant LabVIEW Support
"{5474BF08-A9D0-49A2-9FCA-4D081B3797B5}" = NI Logos XT Support
"{55B66634-D835-424A-A248-17A55128B209}" = NI LabVIEW System Identification Toolkit 3.0.1
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{597F2892-688F-4E80-92A5-B573625FAB6D}" = NI LabVIEW 8.5.1 Project
"{59DD18B4-3953-4D52-BB1C-C68275F47CE8}" = NI Portable Configuration
"{5A99B3DD-C5BB-4BB8-A1D9-C03FA3CD120F}" = NI LabVIEW Analog Modulation Toolkit 4.0
"{5C2AD01A-C3FC-4F0E-899A-30D9B86D9941}" = NI-IVI Provider for MAX
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{5DBDA3D6-7D16-419C-8434-219011CF652B}" = NI-VISA Runtime 4.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6053D1E2-7F27-4A9F-8CDD-3AFC5D4E3308}" = NI LabVIEW 8.5 Control Design and Simulation Module - Control Design Support
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65F1EE0F-F9D2-45E1-8E14-2EBFF34E90A0}" = NI LVBrokerAux8.0
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{671A5B67-1A00-424A-A902-49BC020FB3D1}" = NI VC2005MSMs x86
"{681DD3FE-F5D0-4781-B159-E2422524BF98}" = NI IVI Class Simulation Drivers
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{69674082-8C33-4877-A3EA-EF9B1C17A92F}" = NI LabVIEW 8.5.1 VI.lib
"{69CAA81F-B084-4DF6-8D33-A5A9B125DA88}" = NI LabVIEW 8.5.1 User.lib
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6CF70201-637F-4A89-B82C-30A163B87016}" = NI LabVIEW 8.5 License
"{6D07932A-EB9B-46F5-8D6E-50F115EB0B74}" = NI LabVIEW SignalExpress 2.5.1
"{6D482078-8D15-4FD3-B838-C7B49174650F}" = Opera 10.61
"{6E605604-E2CE-4331-AA19-5FEF273F3CFD}" = NI LabVIEW Real-Time FIFO for Runtime
"{6F000158-EC45-498F-8CA6-FB2FCA44234D}" = NI LabVIEW 8.5 Control Design and Simulation Module - Simulation Support
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{6FADAF5C-C9AC-49E5-8B14-7021F91EF0B5}" = NI LabVIEW Run-Time Engine 8.0.1
"{707A4E0C-8ACE-41BD-8597-117E6C3A5EA2}" = NI DataSocket 4.5.4
"{70825D2A-A8FA-4BD4-8709-64A002B493AC}" = NI LabVIEW SignalExpress 2.5.1 Core
"{73935D21-6136-4FF6-8069-33D767E61429}" = NI-DIM 1.7.0f0
"{74F4EA0E-6E74-4336-BFB7-8B1376CACBB1}" = NI Instrument IO Assistant for LabVIEW 8.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F73F6E-139D-4B38-AB0D-6D2F0E860478}" = NI Logos 4.9.1
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7998C54B-5D31-48A6-93D1-72C73FFFC043}" = NI Circuit Design Suite Support and Upgrade Utility
"{7C0B9FD1-5181-4446-AD62-299873B5508B}" = NI Uninstaller
"{7CA34861-8B1C-49AE-B9D5-9D12AA2DC5F8}" = NI Circuit Design Suite 10 Educational
"{7D3BB762-4011-40DA-AEB9-917F72ADF664}" = NI Control Design Shared VIs
"{7DE3B2CC-B0EA-4607-B407-7E5E7C8BEAB0}" = NI LabVIEW Broker
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{7F45BC6B-5C1B-41FA-822A-279072FC49FF}" = NI LabVIEW System Identification 3.0 Toolkit VIs
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{873B6C52-4EAF-4FA8-A156-907FE78D74F3}" = NI LabWindows/CVI Code Generator
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A53CFE0-A77B-4256-B232-9BAFCDB8EBA3}" = NI LabVIEW 8.5.1 iMath
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D01F0F0-8887-4674-ABC0-14A1A9E376E9}" = NI LabVIEW Digital Filter Design Toolkit 8.2.1
"{8DF4BC37-2D90-4F99-8F20-7D5EB0679094}" = IVI Shared Component
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{90F878B3-11B9-4BAD-8772-6251ADC7779C}" = NI LabVIEW Deployable License 8.5.0
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{911F2BEE-4919-4BA3-A097-B014070FD738}" = NI Assistant Framework LabVIEW Code Generator 8.0
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{92E15D54-5972-4E8B-A8B9-71C47B7941A2}" = NI LabVIEW 8.5.1 Help
"{95F1D58C-3A9C-4505-A554-A10322E4766B}" = NI-ORB 1.7.0f0
"{969B34AE-635A-4FED-9392-24C55489C6D9}" = NI LabVIEW 8.5.1 Resource
"{98618CFE-CACD-48C4-85EA-F9197FFEDD0C}" = NI Assistant Framework LabVIEW Code Generator 6.1
"{989FEA7C-966B-4A52-AE2D-41759E8CE598}" = NI LabVIEW SignalExpress 2.5.1 Tools
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{99A125D2-366A-49BE-A144-B6CFB9668A90}" = IVI Shared Component
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD46573-F087-44E3-84FD-4685946C1241}" = NI Sound and Vibration Frequency Analysis 6.0
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9CF6A157-F0E8-4216-B229-C0CA8204BE2C}_is1" = Copy Handler 1.32Final
"{9D9C8C52-6D2F-4FBA-B98B-DDA5817F6D67}" = NI LabVIEW 8.5 MeasAppChm File
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9EE80A8F-C9C4-40C6-9B06-79889C8489BB}" = NI LabVIEW SimControl Shared Help Files
"{9FBEC876-60EB-4BAC-BF51-E7EF29C1D71A}" = NI Assistant Framework LabVIEW Code Generator 8.2
"{9FC283EF-65DB-4DBE-930E-D5754091DF63}" = NI LabVIEW 8.5.1 Applibs
"{A0AEA1F9-687A-4587-95B1-9354135CE5D2}" = NI LabVIEW 8.5.1 Examples
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.4
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A55F93BA-925B-4237-93A6-6276534E4640}" = NI LabVIEW System Identification 3.0 Assistant
"{A6690E8C-65E3-4E40-9106-BD9D63A80902}" = NI LabVIEW Analog Modulation Toolkit 4.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AAEAC72F-9B68-464A-BC8B-587946B99B4E}" = NI MAX LabVIEW Support
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B753F52D-6541-4C53-B86B-D59529280210}" = NI LabVIEW Simulation Module Converter
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.1
"{BAFBA29B-7219-4A45-8B18-0C992126A280}" = NI OPC Support
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2
"{C03A2D71-DB89-4AB4-876C-FB2DAA57BB07}" = NI AFW Channel Configuration Tool
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C70C9D30-6DB4-445F-AAAB-E21FB8783569}" = NI IVI Class Drivers
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{CA3B6B06-5FA5-4C1B-87FC-44C050E1B563}" = NI IVI Compliance Package 3.1
"{CAC62539-C267-45A6-873B-89E1E2735177}" = NI LabVIEW SignalExpress 2.5.1 Core LabVIEW Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD7FE5D3-4678-4C79-B9EA-32D14E9BE583}" = NI IVI Online Help
"{CDA7A019-02C1-437C-87E5-AD0097AB162F}" = NI Variable Engine LabVIEW 8.5.1 Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEAAF141-289E-4E28-85CF-4C07C9FAA3D8}" = SteuerSoftware2009
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"{D105D090-E9E5-4572-A61C-01EDE7568A17}" = NI TDMS
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline
"{D3FE1E36-DF92-442F-AAE6-FFF4D5913834}" = NI LabVIEW Merge Utility 8.5.0
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D7DCC734-7F6F-4E82-9B74-0BAB4BB36C4A}" = PokerStrategy Elephant
"{D88B4D82-11CD-4E56-872F-6E34A643D2DE}" = NI MXS
"{D9529709-28B0-4DA1-8749-8924C11AAFF2}" = NI Registration Wizard
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DCC02AC1-1A01-4A72-9B16-0E328803CD91}" = NI MXS 4.4.0f0 for LabVIEW Real-Time
"{DD59BC08-8840-42FF-8755-851A83A38610}" = NI LabVIEW 8.5.1 CINtools
"{DE68F9CC-50F9-4F3F-9DDE-B7DFFF4D054E}" = NI LabVIEW 8.5.1 Instr.lib
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{DF7480B8-0986-4D9A-8778-28F32BFC0AB0}" = AAVUpdateManager
"{E040BA70-61B7-434E-A273-F62EB400AC4F}" = NI Session Manager 3.5
"{E046A9E5-3991-40F6-91D2-57A28B4ACC60}" = NI Remote PXI Provider for MAX
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E206D8E1-5682-4F1D-9F14-8E0C038BF023}" = NI Control Design Mathscript VIs
"{E31E2A9F-D76D-49DD-9851-930DD1B0A081}" = Poker Grapher
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E51A29FF-C828-4AA1-AC39-9A312411FFEC}" = NI LabVIEW 8.5 Simulation
"{E5B1DA8B-D2C2-4E4F-82CF-28C169FD4598}" = NI Assistant Framework LabVIEW Code Generator 7.1
"{E6BBBB50-76E9-4F2F-AA8C-3FDDEB978A87}" = NI Assistant Framework LabVIEW Code Generator 8.5
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.32
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EAC51DC4-FE98-42EA-ADE0-63155EB412A2}" = NI LabVIEW Simulation Module Optimization
"{EB9E7F70-8F2E-412A-A182-FAC85345FDCC}" = NI Assistant Framework LabVIEW Code Generator 7.0
"{EBB36B68-9FD1-4AC2-852C-714D42607B67}" = NI LabVIEW 8.5.1
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EDF51FA5-6909-47E1-AAFE-411BA8900AA1}" = NI-DAQmx - LabVIEW shared documentation
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF168C8D-7EAD-4BEC-ACC7-167A0AA2944B}" = NI Example Finder 8.5.1
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EFF4152D-BBAB-40F4-8FA7-D49116BEAAC1}" = NI Logos LabVIEW 8.5.1 Support
"{F08FF422-BDBC-4816-810A-085880C15FC6}" = NI Software Provider for MAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F21E9435-7FA3-4361-ADCF-1246736363D1}" = NI Assistant Framework
"{F28D6E4E-EA52-49F5-B5E8-EDA4F380F83A}" = NI DN 2.0 installer
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F566E322-AA55-4AAE-A3E8-43B1786710A5}" = NI Measurement & Automation Explorer 4.3
"{F7D0E9F5-6025-49FA-B13C-CFA27E062062}" = NI EULA Depot
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FDA3B45E-073C-4394-90F5-44887B54CC2C}" = NI LabVIEW 8.5 Device Detection and Deployment Support
"{FDEABB07-6AC3-41E1-A17C-CA5D9707EF72}" = NI-RPC 3.4.0f1 for Phar Lap ETS
"888poker" = 888poker
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = FRITZ!Box
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Cortona® VRML Client" = Cortona® VRML Client
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diamond Club Poker" = PokerRoomSchool
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Everest Poker" = Everest Poker (Remove Only)
"FRITZ!DSL" = AVM FRITZ!DSL
"GameOnPoker" = GameOnPoker
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"HijackThis" = HijackThis 1.99.1
"Holdem Indicator_is1" = Holdem Indicator 1.7.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Inno Setup 5_is1" = Inno Setup Version 5.1.12
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"IviSharedComponent" = IVI Shared Components
"LHTTSGED" = L&H TTS3000 Deutsch
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX Music Cleaning Lab 2006 deluxe D" = MAGIX Music Cleaning Lab 2006 deluxe (D)
"MAGIX Music Manager D" = MAGIX Music Manager (D)
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 9.5" = Maple 9.5
"MatlabR14" = MATLAB Family of Products Release 14
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX" = MiKTeX
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"NI Uninstaller" = National Instruments-Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.4-05-12-06-01" = OpenMG Limited Patch 4.4-06-13-19-01
"PartyPoker" = PartyPoker
"Picasa 3" = Picasa 3
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Red Star Poker" = Red Star Poker
"Sandboxie" = Sandboxie 3.44
"Secunia PSI" = Secunia PSI
"SitNGoWizard" = SitNGo Wizard
"SopCast" = SopCast 3.2.4
"Teachmaster 3.7" = Teachmaster 3.7 (nur Entfernen)
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Titan Poker" = Titan Poker
"ToolbarICQToolbar.ICQToolbarObjectIEToolbar" = ICQ Toolbar
"TrueCrypt" = TrueCrypt
"WebSTAR DPC2100 Uninstall" = Scientific-Atlanta WebSTAR 2000 series Cable Modem
"Windows Lemmings" = Lemmings for Windows 95
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = The GIMP 2.2.11
"WinGTK-2_is1" = GTK+ 2.8.9 runtime environment
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.08.2010 10:32:14 | Computer Name = xxx | Source = Google Update | ID = 20
Description =
Error - 29.08.2010 11:32:14 | Computer Name = xxx | Source = Google Update | ID = 20
Description =
Error - 29.08.2010 12:32:14 | Computer Name = xxx | Source = Google Update | ID = 20
Description =
Error - 29.08.2010 13:32:14 | Computer Name = xxx | Source = Google Update | ID = 20
Description =
Error - 29.08.2010 14:32:14 | Computer Name = xxx | Source = Google Update | ID = 20
Description =
Error - 29.08.2010 15:32:14 | Computer Name = xxx | Source = Google Update | ID = 20
Description =
Error - 29.08.2010 16:32:14 | Computer Name = xxx | Source = Google Update | ID = 20
Description =
Error - 29.08.2010 17:32:14 | Computer Name = xxx | Source = Google Update | ID = 20
Description =
Error - 29.08.2010 17:39:35 | Computer Name = xxx | Source = PostgreSQL | ID = 0
Description =
Error - 29.08.2010 17:39:36 | Computer Name = xxx | Source = PostgreSQL | ID = 0
Description =
[ OSession Events ]
Error - 06.12.2009 18:16:16 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10538
seconds with 360 seconds of active time. This session ended with a crash.
Error - 30.01.2010 07:06:42 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5142
seconds with 60 seconds of active time. This session ended with a crash.
[ SitNGoWizard Events ]
Error - 15.04.2010 17:01:37 | Computer Name = xxx | Source = SitNGoWizard | ID = 1
Description = at System.Windows.Forms.Control.MarshaledInvoke(Control caller,
Delegate method, Object[] args, Boolean synchronous) at System.Windows.Forms.Control.Invoke(Delegate
method, Object[] args) at System.Windows.Forms.Control.Invoke(Delegate method)
at SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e) at
System.Windows.Forms.Timer.OnTick(EventArgs e) at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
wparam, IntPtr lparam)
Error - 15.04.2010 17:01:47 | Computer Name = xxx | Source = SitNGoWizard | ID = 1
Description = Invoke or BeginInvoke cannot be called on a control until the window
handle has been created.
Error - 15.04.2010 17:01:47 | Computer Name = xxx | Source = SitNGoWizard | ID = 1
Description = at System.Windows.Forms.Control.MarshaledInvoke(Control caller,
Delegate method, Object[] args, Boolean synchronous) at System.Windows.Forms.Control.Invoke(Delegate
method, Object[] args) at System.Windows.Forms.Control.Invoke(Delegate method)
at SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e) at
System.Windows.Forms.Timer.OnTick(EventArgs e) at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
wparam, IntPtr lparam)
Error - 15.04.2010 17:01:57 | Computer Name = xxx | Source = SitNGoWizard | ID = 1
Description = Invoke or BeginInvoke cannot be called on a control until the window
handle has been created.
Error - 15.04.2010 17:01:57 | Computer Name = xxx | Source = SitNGoWizard | ID = 1
Description = at System.Windows.Forms.Control.MarshaledInvoke(Control caller,
Delegate method, Object[] args, Boolean synchronous) at System.Windows.Forms.Control.Invoke(Delegate
method, Object[] args) at System.Windows.Forms.Control.Invoke(Delegate method)
at SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e) at
System.Windows.Forms.Timer.OnTick(EventArgs e) at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
wparam, IntPtr lparam)
Error - 15.04.2010 17:02:07 | Computer Name = xxx | Source = SitNGoWizard | ID = 1
Description = Invoke or BeginInvoke cannot be called on a control until the window
handle has been created.
Error - 15.04.2010 17:02:07 | Computer Name = xxx | Source = SitNGoWizard | ID = 1
Description = at System.Windows.Forms.Control.MarshaledInvoke(Control caller,
Delegate method, Object[] args, Boolean synchronous) at System.Windows.Forms.Control.Invoke(Delegate
method, Object[] args) at System.Windows.Forms.Control.Invoke(Delegate method)
at SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e) at
System.Windows.Forms.Timer.OnTick(EventArgs e) at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
wparam, IntPtr lparam)
Error - 15.04.2010 17:02:17 | Computer Name = xxx | Source = SitNGoWizard | ID = 1
Description = Invoke or BeginInvoke cannot be called on a control until the window
handle has been created.
Error - 15.04.2010 17:02:17 | Computer Name = xxx | Source = SitNGoWizard | ID = 1
Description = at System.Windows.Forms.Control.MarshaledInvoke(Control caller,
Delegate method, Object[] args, Boolean synchronous) at System.Windows.Forms.Control.Invoke(Delegate
method, Object[] args) at System.Windows.Forms.Control.Invoke(Delegate method)
at SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e) at
System.Windows.Forms.Timer.OnTick(EventArgs e) at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
wparam, IntPtr lparam)
Error - 15.04.2010 17:02:29 | Computer Name = xxx | Source = SitNGoWizard | ID = 1
Description = Invoke or BeginInvoke cannot be called on a control until the window
handle has been created.
[ System Events ]
Error - 29.08.2010 01:59:49 | Computer Name = xxx | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 29.08.2010 01:59:49 | Computer Name = xxx | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 29.08.2010 01:59:50 | Computer Name = xxx | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 29.08.2010 01:59:50 | Computer Name = xxx | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 29.08.2010 02:00:05 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Pico Technology Ltd USB Driver (picopp.sys)" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2
Error - 29.08.2010 02:00:25 | Computer Name = xxx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SI3132
Error - 29.08.2010 17:39:56 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Pico Technology Ltd USB Driver (picopp.sys)" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2
Error - 29.08.2010 17:40:13 | Computer Name = xxx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SI3132
< End of report >
Mir ist gerade aufgefallen, dass ich bei meinem ersten OTL-Post zweimal das gleich Log-File geschickt habe  !Bis dann Anton |
|
29.08.2010, 23:54
| #11 | |
| /// Malwareteam | BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. Schritt 1 Infos zu Pokerspielen Party Poker, PartyCasino, Ultimate Bet, EmpirePoker und andere Poker-Websites (Liste schädlicher Pokerseiten) beinhalten das Risiko, dass Du Dir beim Besuch der Seiten Malware auf den Rechner holst. In vielen Fällen werden ungefragt Plugins installiert, die weitere Parasiten "nachladen". Mir derzeit bekannte sichere Alternativen sind PokerStars und Pogo.com. Meine Empfehlung lautet, alle anderen über Systemsteuerung => Software zu deinstallieren. Zitat:
Was jetzt nötig ist, sind Online-Scans, da wir immer nur einen kleinen Teil des Rechners prüfen können. Mit Online-Scans kann man den kompletten Rechner auf Schädlinge prüfen lassen. Nimm am besten gleich den Internet Explorer. Vorbereitung
<B> Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.</B>
|
|
30.08.2010, 00:29
| #12 |
| | BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. Hallo Swisstreasure, vielen Dank nochmal für die schnellen Reaktionen! Ich habe eine kurze Frage bezgl. des Online-Scans. Muss das mit dem IE gemacht werden? Oder kann ich auch Opera dafür nutzen? Gruß Anton |
|
30.08.2010, 07:31
| #13 |
| | BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. Hi, das mit dem IE hatte ich gefragt, da IE und Firefox bei mir doch nicht richtig funktioniert haben, aber mittlerweile funktionieren sie scheinbar wieder! Hier ist das ESET-Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8f944e8a1a7ff44c8b48a4480512c7b4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-30 06:13:27
# local_time=2010-08-30 08:13:27 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775125 100 93 279376 42233711 0 0
# compatibility_mode=8192 67108863 100 0 14819 14819 0 0
# scanned=211349
# found=0
# cleaned=0
# scan_time=8190
Gruß Anton |
|
30.08.2010, 10:56
| #14 |
| /// Malwareteam | BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. Schritt 1 CCleaner installieren und einstellen
Schritt 2 Erneuter Systemscan mit OTL
Schritt 3 Wie läuft das System? |
|
30.08.2010, 22:26
| #15 |
| | BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. Hi Swiss, Hier die OTL-Files: OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.08.2010 23:50:22 - Run 4 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,26 Gb Total Space | 5,87 Gb Free Space | 15,76% Space Free | Partition Type: NTFS Drive D: | 20,38 Gb Total Space | 9,02 Gb Free Space | 44,28% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 5,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: xxx Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre1.6.0_20\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\Secunia\PSI\psi.exe (Secunia) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Sandboxie\SbieCtrl.exe (tzuk) PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Programme\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\NI\multisim\Shared\Tagger\tagsrv.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.) PRC - C:\Programme\NI\multisim\Shared\Security\nidmsrv.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\lktsrv.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\lkads.exe (National Instruments Corporation) PRC - C:\Programme\NI\MAX\nimxs.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\nisvcloc.exe (National Instruments Corp.) PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Programme\Mouse Driver\Mouse_2k.exe () PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre1.6.0_20\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (tzuk) SRV - (postgresql-8.4) -- C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (NITaggerService) -- C:\Programme\NI\multisim\Shared\Tagger\tagsrv.exe (National Instruments Corporation) SRV - (LkCitadelServer) -- C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.) SRV - (NIDomainService) -- C:\Programme\NI\multisim\Shared\Security\nidmsrv.exe (National Instruments Corporation) SRV - (lkTimeSync) -- C:\WINDOWS\system32\lktsrv.exe (National Instruments Corporation) SRV - (lkClassAds) -- C:\WINDOWS\system32\lkads.exe (National Instruments Corporation) SRV - (NILM License Manager) -- C:\Programme\NI\multisim\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation) SRV - (mxssvr) -- C:\Programme\NI\MAX\nimxs.exe (National Instruments Corporation) SRV - (niSvcLoc) -- C:\WINDOWS\System32\nisvcloc.exe (National Instruments Corp.) SRV - (OpcEnum) -- C:\WINDOWS\system32\Opcenum.exe (OPC Foundation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (vsdatant) -- C:\WINDOWS\System32\vsdatant.sys File not found DRV - (PICOPP) Pico Technology Ltd USB Driver (picopp.sys) -- C:\WINDOWS\System32\Drivers\picopp.sys File not found DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (cvintdrv) -- C:\WINDOWS\System32\drivers\cvintdrv.sys () DRV - (NiViPxiK) -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys (National Instruments Corporation) DRV - (NiViPciK) -- C:\WINDOWS\system32\drivers\NiViPciKl.sys (National Instruments Corporation) DRV - (NiViFWK) -- C:\WINDOWS\system32\drivers\NiViFWKl.sys (National Instruments Corporation) DRV - (nipalusbedl) -- C:\WINDOWS\system32\drivers\nipalusbedl.sys (National Instruments Corporation) DRV - (NIPALK) -- C:\WINDOWS\System32\drivers\nipalk.sys (National Instruments Corporation) DRV - (nipalfwedl) -- C:\WINDOWS\system32\drivers\nipalfwedl.sys (National Instruments Corporation) DRV - (nidimk) -- C:\WINDOWS\system32\drivers\nidimkl.sys (National Instruments Corporation) DRV - (niorbk) -- C:\WINDOWS\system32\drivers\niorbkl.sys (National Instruments Corporation) DRV - (nipbcfk) -- C:\WINDOWS\System32\drivers\nipbcfk.sys (National Instruments Corporation) DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation) DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (NETFWDSL) -- C:\WINDOWS\system32\drivers\NETFWDSL.SYS (AVM Berlin) DRV - (NETDSL) -- C:\WINDOWS\system32\drivers\netdsl.sys (Microsoft Corporation) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (SI3132) -- C:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (PrivateDisk) -- C:\WINDOWS\system32\drivers\privatediskm.sys (Utimaco Safeware AG) DRV - (USBCM) -- C:\WINDOWS\system32\drivers\Sacm2A.sys ( ) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre1.6.0_20\lib\deploy\jqs\ff [2010.08.27 00:38:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.23 19:09:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.27 00:36:19 | 000,000,000 | ---D | M] [2010.08.23 19:09:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.08.30 01:58:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\i1y9n14l.default\extensions [2010.08.23 19:13:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\i1y9n14l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.30 01:58:27 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.22 21:06:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2006.10.04 20:26:10 | 000,380,928 | ---- | M] (ParallelGraphics) -- C:\Programme\Mozilla Firefox\plugins\npCortona.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2006.01.23 11:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\NPLV80Win32.dll [2007.02.08 11:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\NPLV82Win32.dll [2007.07.24 19:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\nplv85win32.dll [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.6.0_20\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre1.6.0_20\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Copy Handler] File not found O4 - HKLM..\Run: [CreativeMouse ] C:\Programme\Mouse Driver\Mouse_2k.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) O4 - HKLM..\Run: [VAIO Update 2] C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation) O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [SandboxieControl] C:\Programme\Sandboxie\SbieCtrl.exe (tzuk) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Sparbuch heute.lnk = C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe () O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Secunia PSI.lnk = C:\Programme\Secunia\PSI\psi.exe (Secunia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O12 - Plugin for: .app - C:\WINDOWS\npMausPlugin.dll (Maus Software) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (Reg Error: Key error.) O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Reg Error: Key error.) O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (Reg Error: Key error.) O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 91.89.91.89 91.89.89.94 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Desktop\Desktop\081025CM.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Desktop\Desktop\081025CM.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.16 16:05:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.30 23:40:43 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2010.08.30 23:13:51 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.08.30 01:49:59 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2010.08.29 08:28:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Copy Handler [2010.08.29 08:23:24 | 000,000,000 | ---D | C] -- C:\Programme\Copy Handler [2010.08.28 08:52:48 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.28 01:17:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\backups [2010.08.28 00:16:38 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.08.27 22:21:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com [2010.08.27 22:21:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.08.27 22:21:11 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.08.27 00:39:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.27 00:39:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.27 00:39:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.27 00:32:00 | 000,000,000 | ---D | C] -- C:\Programme\Secunia [2010.08.27 00:01:29 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.08.23 21:47:25 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.23 20:36:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira [2010.08.23 20:32:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.08.23 20:09:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe [2010.08.23 19:07:57 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IECompatCache [2010.08.23 19:05:45 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE [2010.08.23 19:03:13 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache [2010.08.23 18:57:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010.08.23 18:52:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.08.23 18:47:23 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010.08.23 17:49:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2010.08.23 17:48:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.08.23 17:48:22 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.08.23 17:48:22 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.08.23 17:48:22 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.08.23 17:48:22 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.08.23 17:48:21 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.08.23 17:48:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.08.22 21:37:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Opera [2010.08.22 21:37:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2010.08.22 21:37:15 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2009.09.09 14:59:59 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys [2 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.30 23:47:04 | 008,126,464 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.08.30 23:32:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.08.30 23:13:58 | 000,000,658 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.08.30 23:10:29 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk [2010.08.30 23:10:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.30 23:09:57 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.08.30 23:09:48 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.08.30 23:04:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.30 23:04:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.30 23:04:04 | 1608,699,904 | -HS- | M] () -- C:\hiberfil.sys [2010.08.30 22:58:27 | 000,001,357 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\DivX Movies.lnk [2010.08.30 22:57:58 | 000,000,761 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Player.lnk [2010.08.30 08:35:05 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.08.29 08:02:38 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.08.28 09:08:16 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2010.08.28 09:07:32 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe [2010.08.28 00:16:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.08.27 22:21:14 | 000,001,646 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.27 00:38:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.27 00:38:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.27 00:38:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.27 00:38:40 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.27 00:38:39 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.27 00:36:19 | 000,001,713 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.08.27 00:32:20 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Secunia PSI.lnk [2010.08.27 00:24:34 | 000,001,718 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk [2010.08.26 23:56:35 | 000,032,201 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Programme.rtf [2010.08.24 19:51:05 | 000,080,928 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.08.23 22:44:46 | 000,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.23 20:09:49 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe [2010.08.23 19:09:36 | 000,001,570 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.08.23 18:22:24 | 000,097,976 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks.html [2010.08.23 18:22:17 | 000,059,541 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks-2010-08-23.json [2010.08.23 17:52:06 | 000,000,576 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2010.08.23 17:48:39 | 000,001,675 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.08.22 19:53:55 | 000,001,368 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2010.08.14 13:02:27 | 000,485,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.14 13:02:27 | 000,462,192 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.14 13:02:27 | 000,095,834 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.14 13:02:27 | 000,079,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.14 13:02:25 | 001,132,076 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.13 03:15:04 | 000,001,613 | ---- | M] () -- C:\WINDOWS\win.ini [2 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.30 23:13:58 | 000,000,658 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.08.30 22:57:58 | 000,000,761 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Player.lnk [2010.08.28 09:08:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2010.08.28 09:07:32 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe [2010.08.27 22:21:14 | 000,001,646 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.27 00:32:20 | 000,000,704 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Secunia PSI.lnk [2010.08.27 00:24:32 | 000,001,718 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk [2010.08.27 00:07:48 | 000,001,713 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.08.27 00:01:32 | 000,002,241 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.08.26 21:03:30 | 000,032,201 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Programme.rtf [2010.08.23 19:09:36 | 000,001,570 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.08.23 18:22:24 | 000,097,976 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks.html [2010.08.23 18:22:17 | 000,059,541 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks-2010-08-23.json [2010.08.23 17:52:06 | 000,000,576 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2010.08.23 17:48:39 | 000,001,675 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.02.21 18:17:52 | 000,001,368 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2010.02.14 15:44:04 | 000,000,367 | ---- | C] () -- C:\WINDOWS\wiso.ini [2010.02.11 01:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI [2009.09.27 02:40:44 | 000,000,351 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\postgresinstall.bat [2009.09.09 15:00:00 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys [2009.07.25 13:00:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\gvcasinos.ini [2008.01.20 16:03:05 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc [2007.11.09 12:56:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inscal32.INI [2007.11.09 12:55:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\scanview.INI [2007.10.23 11:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys [2007.10.20 14:01:54 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL [2007.07.19 10:25:34 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini [2007.07.18 22:12:26 | 000,003,520 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll [2007.06.22 20:14:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Editor.INI [2006.12.04 16:08:01 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006.10.24 19:45:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll [2006.08.30 20:22:10 | 000,000,842 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI [2006.08.30 18:31:29 | 000,000,569 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI [2006.08.30 18:01:29 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2006.07.26 15:04:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2006.07.08 11:10:33 | 000,000,054 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.zreglib [2006.06.29 18:24:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini [2006.06.28 17:02:42 | 000,000,284 | ---- | C] () -- C:\WINDOWS\matlab.ini [2006.06.27 15:09:27 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll [2006.06.27 15:08:39 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2006.06.26 13:37:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat [2006.06.25 14:58:19 | 000,064,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.06.25 13:02:59 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.06.24 21:09:32 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.03.17 14:18:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.03.17 11:49:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.03.17 11:49:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.03.17 11:49:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.03.17 11:49:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.03.17 11:49:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.03.17 11:49:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.03.17 11:40:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI [2006.03.16 07:48:19 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.03.16 07:48:10 | 000,004,152 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005.11.01 10:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005.08.05 15:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.01.01 07:01:40 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.01.01 06:52:16 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2005.01.01 06:49:19 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2009.10.23 18:27:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy [2009.04.09 14:46:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2010.02.14 15:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.06.12 10:22:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.07.05 23:13:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2006.06.26 15:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2006.08.30 18:09:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2008.11.18 21:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments [2009.04.25 11:46:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2009.10.02 19:14:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2006.10.16 18:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2007.01.06 17:12:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Autodesk [2010.02.14 15:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buhl Data Service [2010.07.05 23:13:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon [2010.07.11 13:35:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon Easy-WebPrint EX [2007.08.27 20:30:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dev-Cpp [2009.09.09 15:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Elluminate [2009.09.16 13:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FRITZ! [2006.06.25 00:46:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo [2006.06.25 14:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech [2006.08.30 20:20:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAGIX [2007.11.06 19:44:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\National Instruments [2010.08.22 21:37:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2010.08.28 01:00:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sivea [2006.07.08 16:49:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SlySoft [2006.06.24 23:41:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\sony [2010.02.20 17:57:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\StreamTorrent [2009.04.25 11:47:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\T-Online [2006.10.17 18:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TerraTec [2007.12.25 02:14:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TrueCrypt ========== Purity Check ========== < End of report > Gruß Anton Geändert von Anton70 (30.08.2010 um 22:56 Uhr) |
|
| Themen zu BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a. |
| antivir guard, avira, bho, canon, citadel, converter, desktop, excel, firefox, google, hkus\s-1-5-18, hängt, internet, internet explorer, java/agent.m.1, national, plug-in, problem, programm, registry, security, senden, server, skype.exe, software, sparbuch, symantec, trojan.zbotr.gen, viren, virus, windows, windows xp, wiso |
.
drücken.
Button.
Linear-Darstellung
