Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.01.2011, 20:23   #1
Jelly
 
JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Standard

JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c



Hallo,
gestern brachte mein Avira Antivir folgende Meldung:
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\p3tmb3a6.default\Cache\5601FA08d01'
enthielt einen Virus oder unerwünschtes Programm 'HEUR/HTML.Malware' [heuristic].
Durchgeführte Aktion(en):
Der Fund wurde als verdächtig eingestuft.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48fa4ee5.qua' verschoben!

Habe dann erstmal den Cache-Ordner Inhalt gelöscht(macht das Sinn ?)
Dann nach erneutem späteren Scan:
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c8f7e'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Agent.2212' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b99b4ff.qua' verschoben!
Danach hab ich Search&Destroy installiert und laufen lassen, hat aber nur 3 verfolgende Cookies gefunden, welche ich dann löschen habe lassen.
Anschließend hab ich dann gestern und heute jeweils Malwarebytes drüber laufen lassen.
Das Ergebnis von heute(das von gestern hat auch nichts ergeben):

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5649

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31.01.2011 20:56:47
mbam-log-2011-01-31 (20-56-47).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 157472
Laufzeit: 2 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Gerade eben Scan mit OTL!
Ergebnis:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.01.2011 20:59:03 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,11 Gb Total Space | 203,12 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
 
Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Miranda IM\miranda32.exe ( )
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV:64bit: - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (IviRegMgr) -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (s217mdm) -- C:\Windows\SysNative\drivers\s217mdm.sys (MCCI Corporation)
DRV:64bit: - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\SysNative\drivers\s217unic.sys (MCCI)
DRV:64bit: - (s217obex) -- C:\Windows\SysNative\drivers\s217obex.sys (MCCI Corporation)
DRV:64bit: - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\SysNative\drivers\s217nd5.sys (MCCI Corporation)
DRV:64bit: - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s217mgmt.sys (MCCI Corporation)
DRV:64bit: - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\SysNative\drivers\s217bus.sys (MCCI Corporation)
DRV:64bit: - (s217mdfl) -- C:\Windows\SysNative\drivers\s217mdfl.sys (MCCI Corporation)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.01.08 11:19:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.11 20:33:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.01.08 11:19:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.11 20:33:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.01.08 11:19:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.11 20:33:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.01.08 11:19:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.11 20:33:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.01.08 11:19:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.11 20:33:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.01.08 11:19:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.11 20:33:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.01.08 11:19:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.11 20:33:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.01.08 11:19:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.11 20:33:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.01.08 11:19:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.11 20:33:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.01.08 11:19:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.11 20:33:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.01.08 11:19:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.11 20:33:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.01.08 11:19:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.11 20:33:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.01.08 11:19:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.11 20:33:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.12.16 19:12:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.08.25 13:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.25 13:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.31 20:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p3tmb3a6.default\extensions
[2010.01.29 20:25:29 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p3tmb3a6.default\extensions\firefox@tvunetworks.com
[2009.11.03 15:13:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010.01.22 16:16:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.05.22 10:11:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.25 21:34:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.20 22:23:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2011.01.31 00:56:19 | 000,000,824 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\SysWOW64\\NeroCheck.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ea4fb6fe-0f5b-11e0-bcb3-00264373782a}\Shell - "" = AutoRun
O33 - MountPoints2\{ea4fb6fe-0f5b-11e0-bcb3-00264373782a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.31 20:55:55 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011.01.31 00:51:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2011.01.31 00:51:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.01.31 00:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.31 00:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.31 00:51:35 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.01.31 00:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.01.31 00:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.01.31 00:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.01.31 00:38:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.01.25 20:59:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
[2011.01.12 22:08:27 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.01.12 22:08:27 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011.01.08 17:24:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Generic
[2009.11.08 13:05:31 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe64CA.dll
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.31 20:56:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011.01.31 20:32:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.31 20:27:43 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.31 20:21:18 | 000,000,123 | -H-- | M] () -- C:\Users\***\Desktop\.~lock.asdf.odt#
[2011.01.31 20:19:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.31 09:18:38 | 000,040,810 | ---- | M] () -- C:\Users\***\Desktop\Bewerbung BWK.pdf
[2011.01.31 09:18:28 | 000,015,380 | ---- | M] () -- C:\Users\***\Desktop\BWK Bewerbung.odt
[2011.01.31 09:17:32 | 000,038,677 | ---- | M] () -- C:\Users\***l\Desktop\Lebenslauf 2011.pdf
[2011.01.31 08:59:11 | 000,000,508 | ---- | M] () -- C:\Users\***\Documents\dotakeys.ini
[2011.01.31 00:56:19 | 000,000,824 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.01.31 00:51:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.31 00:40:59 | 000,019,408 | ---- | M] () -- C:\Users\***\Desktop\asdf.odt
[2011.01.31 00:38:14 | 000,001,262 | ---- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk
[2011.01.30 15:06:22 | 000,013,211 | ---- | M] () -- C:\Users\***\Desktop\Lebenslauf 2011.odt
[2011.01.30 15:06:07 | 000,010,752 | ---- | M] () -- C:\Users\***\Desktop\Lebenslauf.doc
[2011.01.30 14:13:46 | 000,019,968 | ---- | M] () -- C:\Users\***\Desktop\br070707_Klinik EI.doc
[2011.01.30 11:59:05 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.30 11:59:05 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.30 11:51:20 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.28 16:22:33 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.28 16:22:33 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.01.28 16:22:33 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.28 16:22:33 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.01.28 16:22:33 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.28 16:21:07 | 000,000,478 | ---- | M] () -- C:\Users\***\Desktop\Elements (H) - Verknüpfung.lnk
[2011.01.25 00:02:58 | 000,000,403 | ---- | M] () -- C:\Windows\ODBC.INI
[2011.01.08 16:46:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dev_ineo250
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.31 20:21:18 | 000,000,123 | -H-- | C] () -- C:\Users\***\Desktop\.~lock.asdf.odt#
[2011.01.31 09:18:37 | 000,040,810 | ---- | C] () -- C:\Users\***\Desktop\Bewerbung BWK.pdf
[2011.01.31 09:17:30 | 000,038,677 | ---- | C] () -- C:\Users\***\Desktop\Lebenslauf 2011.pdf
[2011.01.31 00:51:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.31 00:40:59 | 000,019,408 | ---- | C] () -- C:\Users\***\Desktop\asdf.odt
[2011.01.31 00:38:14 | 000,001,262 | ---- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk
[2011.01.30 14:49:44 | 000,013,211 | ---- | C] () -- C:\Users\***\Desktop\Lebenslauf 2011.odt
[2011.01.30 14:47:18 | 000,015,380 | ---- | C] () -- C:\Users\***\Desktop\BWK Bewerbung.odt
[2011.01.30 14:14:01 | 000,010,752 | ---- | C] () -- C:\Users\***\Desktop\Lebenslauf.doc
[2011.01.30 14:13:46 | 000,019,968 | ---- | C] () -- C:\Users\***\Desktop\br070707_Klinik EI.doc
[2011.01.28 16:21:07 | 000,000,478 | ---- | C] () -- C:\Users\***\Desktop\Elements (H) - Verknüpfung.lnk
[2011.01.08 16:46:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dev_ineo250
[2010.08.01 14:37:53 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.27 12:09:07 | 000,000,160 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2009.11.22 23:56:07 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2009.09.07 06:02:38 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

< End of report >
         
--- --- ---
Zweiter LOG:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.01.2011 20:59:03 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,11 Gb Total Space | 203,12 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
 
Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}" = VAIO Content Metadata Intelligent Network Service Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8AA7EE74-114A-FFFF-B1D2-AED4707763C9}" = ccc-utility64
"{8FE3CF66-4484-4D39-B47D-DEBBA173619D}" = VAIO Content Metadata Manager Settings
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C58294-36D8-4594-8A49-7AB4AE096504}" = VAIO Content Metadata XML Interface Library
"{98C0896D-2367-4D73-A4D1-8A04E83B0828}" = Setup_VEP_x64_Contain_SSDB_VCSW
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A1255354-11F3-4D25-95CC-C9B1C2320761}" = VAIO Content Metadata Intelligent Analyzing Manager
"{A4BC24CB-F8C7-27FB-41D5-47A405031A41}" = ATI Catalyst Install Manager
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"ProInst" = Intel PROSet Wireless
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0271C003-CED0-2354-818F-A872734088B1}" = CCC Help Dutch
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = VAIO Original Funktion Einstellungen
"{06C05B90-2127-4933-8ABA-61833BDE13FA}" = Einstellungen für VAIO-Inhaltsüberwachung
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.1
"{1E40FED6-E0D6-0AA2-BA08-75B6C1E2D02F}" = CCC Help Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FE69600-3A33-FFFF-C488-F3E40DBC2F68}" = CCC Help Czech
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2FC5CB84-9110-DE89-379B-34E87AB8BDC1}" = CCC Help Italian
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3662480D-028D-BE4E-DEC1-775818519CC2}" = CCC Help Norwegian
"{3BA4FBA3-35EE-3E3B-62D8-606AF0722950}" = ccc-core-static
"{48E29469-216B-1AE3-B156-A2DAA48E709E}" = Catalyst Control Center InstallProxy
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{4D029068-CE21-848B-5654-1409E47507BB}" = CCC Help Chinese Traditional
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E7FD54B-D551-70C1-CEE7-88FD59BE8063}" = CCC Help English
"{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}" = MusicStation
"{52AF7D37-EECF-535F-5226-E0DD16543CD1}" = CCC Help Thai
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{54108D57-A606-774B-BA31-6C9363B0B33A}" = Catalyst Control Center Graphics Light
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{575E77D1-29E9-28EC-7D28-F5ABAB72C270}" = Catalyst Control Center Graphics Full Existing
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6529B443-1BD5-D7D3-7DAF-D6AD2C98C38A}" = CCC Help Finnish
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73330752-80F1-65AE-721D-8AA10AEFF99B}" = CCC Help Turkish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E1D9B1F-A5AE-737C-E0BC-96C42D19E2CC}" = CCC Help Russian
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{876172CF-1095-181F-B037-6A713235417F}" = Catalyst Control Center Graphics Previews Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AFAF619-1FD7-71BD-26F1-8EED9C1C8A8D}" = Catalyst Control Center Graphics Previews Common
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EE47674-9AD3-B099-C6E4-7FB9F0D14D38}" = CCC Help Spanish
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B00435C-61FA-BB7F-4B7A-98FCC4881C3F}" = CCC Help French
"{9D179733-28AD-DF80-B74A-5A0F9FD4E332}" = CCC Help Japanese
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A1432157-D6B5-BD3C-42C8-E54BEED3EB0E}" = CCC Help Korean
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB30697D-E02D-2FD7-2EF4-E60887B4B22E}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{ACE78B09-BD0C-E6A4-1250-2482B5A126B8}" = Catalyst Control Center Graphics Full New
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2A7278B-6D98-8640-760B-3D34485D1AD6}" = CCC Help Portuguese
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BBA68DFD-AA0F-2CD0-932A-17442B41A350}" = CCC Help Danish
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E23CBEC5-533E-054A-4109-95751B7C3A81}" = CCC Help German
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0A034FE-0951-EF71-145E-F0DF36F5A203}" = Catalyst Control Center Core Implementation
"{F0F05BDF-4AE4-096C-C8E9-4B4DAD2DE13D}" = CCC Help Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C91479-BDAC-4B42-0B7B-54D37EB63A12}" = CCC Help Hungarian
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"{F52EE3CE-A6B2-63E2-9445-EC92EEC1FB90}" = Catalyst Control Center Localization All
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FC55ADF1-53B6-269F-92F7-413AB697EE48}" = CCC Help Greek
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DotaKeys" = DotaKeys 1.32.00
"DotAzilla" = DotAzilla
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = VAIO Marketing Tools
"MFU Module" = 
"Miranda IM" = Miranda IM 0.9.15
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Nero BurnRights!UninstallKey" = Nero BurnRights
"Picasa 3" = Picasa 3
"splashtop" = VAIO Quick Web Access
"StarCraft II" = StarCraft II
"VAIO Help and Support" = 
"VAIO NW screensaver" = VAIO NW screensaver
"VAIO Premium Partners 1.00" = VAIO Premium Partners 1.00
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.18.1.0b
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QUICKMEDIACONVERTER" = QMC
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.01.2011 04:18:28 | Computer Name = ***-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10.01.2011 04:18:28 | Computer Name = ***-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10.01.2011 04:18:49 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7
Description = 
 
Error - 11.01.2011 13:47:21 | Computer Name = ***-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 11.01.2011 13:47:21 | Computer Name = ***-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 11.01.2011 13:47:45 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7
Description = 
 
Error - 12.01.2011 05:56:36 | Computer Name = ***-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.01.2011 05:56:36 | Computer Name = ***-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.01.2011 05:56:51 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7
Description = 
 
Error - 12.01.2011 17:26:32 | Computer Name = ***-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Sony Shared\VcmXml\VcmXmlIfAdVMLib64.dll".  Die abhängige Assemblierung "Sony.Sensing.VMData,processorArchitecture="amd64",publicKeyToken="5a496c7842cd4787",type="win32",version="2.0.1.905""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 30.01.2011 11:13:40 | Computer Name = ***-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 30.01.2011 11:13:47 | Computer Name = ***-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 30.01.2011 11:59:59 | Computer Name = ***-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 30.01.2011 12:04:25 | Computer Name = ***-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 30.01.2011 12:04:32 | Computer Name = ***-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 30.01.2011 13:59:53 | Computer Name = ***-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 30.01.2011 14:00:30 | Computer Name = ***-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 30.01.2011 17:30:53 | Computer Name = ***-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 31.01.2011 03:58:12 | Computer Name = ***-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 31.01.2011 15:19:42 | Computer Name = ***-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
--- --- ---
Hoffe ich hab bis hierhin alle Forenregeln befolgt.
Ich wollte fragen wie es denn um Online-Banking bzw Wechselmedien steht. Muss morgen ein Referat abgeben und würde es gerne auf USB-Stick speichern, besteht hier Infektionsgefahr?
Viele Dank schon mal!
Gruß Jelly

Alt 31.01.2011, 21:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Standard

JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 01.02.2011, 07:37   #3
Jelly
 
JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Standard

JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c



vollständiger Scan von C (einzige Partition):

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5650

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.02.2011 01:12:53
mbam-log-2011-02-01 (01-12-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 332725
Laufzeit: 1 Stunde(n), 10 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Und jetz?
__________________

Alt 01.02.2011, 11:17   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Standard

JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Alt 01.02.2011, 23:54   #5
Jelly
 
JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Standard

JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c



Habe nur noch einen älteren Log, der aber genauso ohne Befund ist!

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5643

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31.01.2011 01:02:36
mbam-log-2011-01-31 (01-02-36).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 157138
Laufzeit: 2 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Alt 02.02.2011, 08:36   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Standard

JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c

Alt 02.02.2011, 20:54   #7
Jelly
 
JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Standard

JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c



Habe gerade nochmal Antivir-Scan durchgeführt. Bin verwundert, dass dieses jetz auch nichts mehr findet..?
Soll ich den Schritt mit Combo-Fix trotzdem durchführen?

Alt 02.02.2011, 21:00   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Standard

JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c



Ja, ich poste das nicht zur Dekoration

Alt 02.02.2011, 21:38   #9
Jelly
 
JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Standard

JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c



OK, alles erledigt!

Hier der Log von ComboFix:
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-01-31.02 - *** 02.02.2011  22:16:24.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4063.2472 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe64CA.dll
c:\users\***\AppData\Roaming\.#

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-02 bis 2011-02-02  ))))))))))))))))))))))))))))))
.

2011-02-02 21:20 . 2011-02-02 21:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-02 21:03 . 2011-02-02 21:04	--------	d-----w-	c:\program files\CCleaner
2011-02-01 23:57 . 2011-01-13 10:20	7844688	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B73BF3B9-6B32-4468-98B3-C7C88B36FA50}\mpengine.dll
2011-01-31 20:28 . 2010-03-04 04:40	184832	----a-w-	c:\windows\system32\drivers\usbvideo.sys
2011-01-31 20:28 . 2010-03-04 04:32	243712	----a-w-	c:\windows\system32\drivers\ks.sys
2011-01-30 23:51 . 2011-01-30 23:51	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2011-01-30 23:51 . 2010-12-20 17:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-30 23:51 . 2011-01-30 23:51	--------	d-----w-	c:\programdata\Malwarebytes
2011-01-30 23:51 . 2011-01-30 23:51	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-30 23:51 . 2010-12-20 17:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-30 23:38 . 2011-02-02 21:06	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-01-30 23:38 . 2011-01-30 23:38	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2011-01-12 21:08 . 2010-10-16 05:17	720896	----a-w-	c:\windows\system32\odbc32.dll
2011-01-12 21:08 . 2010-10-16 05:16	495616	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 21:08 . 2010-10-16 05:16	466944	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 21:08 . 2010-10-16 05:16	1425408	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 21:08 . 2010-10-16 05:16	258048	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 21:08 . 2010-10-16 04:34	573440	----a-w-	c:\windows\SysWow64\odbc32.dll
2011-01-12 21:08 . 2010-10-16 04:33	372736	----a-w-	c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 21:08 . 2010-10-16 04:33	352256	----a-w-	c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 21:08 . 2010-10-16 04:33	987136	----a-w-	c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 21:08 . 2010-10-16 04:33	208896	----a-w-	c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-08 16:24 . 2011-01-08 16:24	--------	d-----w-	c:\users\***\AppData\Roaming\Generic
2011-01-08 16:00 . 2009-09-09 19:53	81920	----a-w-	c:\windows\system32\Spool\prtprocs\x64\GNACHL4C.DLL

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35	4280320	----a-w-	c:\windows\SysWow64\GPhotos.scr
2010-11-26 23:19 . 2009-11-11 14:47	83120	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-11-12 17:53 . 2010-04-21 01:07	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-07 39408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2007-10-19 286720]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-09-07 26624]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]
"NeroCheck"="c:\windows\SysWOW64\\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-07 133104]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-30 35104]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-08-05 139264]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-05 5435904]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-04 834544]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-27 203264]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-06 135336]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-16 14112]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-07-16 411496]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 1223024]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]

.
Inhalt des "geplante Tasks" Ordners

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-07 04:35]

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-07 04:35]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmb3a6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Notify-VESWinlogon - VESWinlogon.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-Apoint - %ProgramFiles%\Apoint\Apoint.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-02-02  22:22:18
ComboFix-quarantined-files.txt  2011-02-02 21:22

Vor Suchlauf: 11 Verzeichnis(se), 218.901.508.096 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 218.731.749.376 Bytes frei

- - End Of File - - D86635874B03E23CAA474BC4271CC6D5
         
--- --- ---

Alt 02.02.2011, 22:58   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Standard

JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c



Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Alt 03.02.2011, 21:55   #11
Jelly
 
JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Standard

JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c



Nummers eins:GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-02-03 22:54:30
Windows 6.1.7600  
Running: uh34qqgk.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024337512d1                                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433d3db9f                                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264373782a                                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x6F 0xE6 0xDE 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xD1 0xC9 0xDF 0x54 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x04 0xEB 0x9E 0x1E ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024337512d1 (not active ControlSet)                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433d3db9f (not active ControlSet)                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264373782a (not active ControlSet)                     
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x6F 0xE6 0xDE 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xD1 0xC9 0xDF 0x54 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x04 0xEB 0x9E 0x1E ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 03.02.2011, 21:58   #12
Jelly
 
JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Standard

JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c



Nummer zwei:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Sony Corporation
System Product Name: VGN-NW21ZF_T
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 192):
0x03053000 \SystemRoot\system32\ntoskrnl.exe
0x0300A000 \SystemRoot\system32\hal.dll
0x00BAF000 \SystemRoot\system32\kdcom.dll
0x00C2F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C73000 \SystemRoot\system32\PSHED.dll
0x00C87000 \SystemRoot\system32\CLFS.SYS
0x00CE5000 \SystemRoot\system32\CI.dll
0x00EA5000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F49000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0100A000 \SystemRoot\System32\Drivers\spso.sys
0x01130000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01139000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01168000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x011BF000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x011C9000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F58000 \SystemRoot\system32\DRIVERS\pci.sys
0x011D6000 \SystemRoot\System32\drivers\partmgr.sys
0x011EB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x011F4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F8B000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00FA0000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x0124F000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0136B000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01376000 \SystemRoot\system32\drivers\fltmgr.sys
0x013C2000 \SystemRoot\system32\drivers\fileinfo.sys
0x013D6000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01455000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00E1A000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0161D000 \SystemRoot\System32\Drivers\cng.sys
0x01690000 \SystemRoot\System32\drivers\pcw.sys
0x016A1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016AB000 \SystemRoot\system32\drivers\ndis.sys
0x0179D000 \SystemRoot\system32\drivers\NETIO.SYS
0x0141A000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01200000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01600000 \SystemRoot\System32\Drivers\spldr.sys
0x00DA5000 \SystemRoot\System32\drivers\rdyboost.sys
0x01608000 \SystemRoot\System32\Drivers\mup.sys
0x01445000 \SystemRoot\System32\drivers\hwpolicy.sys
0x018AB000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x018E5000 \SystemRoot\system32\DRIVERS\disk.sys
0x018FB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02D7A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02DA4000 \SystemRoot\System32\Drivers\Null.SYS
0x02DAD000 \SystemRoot\System32\Drivers\Beep.SYS
0x02DB4000 \SystemRoot\System32\drivers\vga.sys
0x02DC2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02DE7000 \SystemRoot\System32\drivers\watchdog.sys
0x02DF7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02C00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02C09000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02C12000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02C1D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03A00000 \SystemRoot\System32\drivers\tcpip.sys
0x01939000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01983000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02C2E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01800000 \SystemRoot\system32\drivers\afd.sys
0x019A1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02C3B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x00E78000 \SystemRoot\system32\DRIVERS\pacer.sys
0x019E6000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0188A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x013E2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x00DDF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03C9B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03CEC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03CF8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03D03000 \SystemRoot\System32\drivers\discache.sys
0x03D12000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D30000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03D41000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03E35000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0444C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04540000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04586000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x045AA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03D67000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x045B7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03C00000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x0483E000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x04EEB000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04EF8000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04F36000 \SystemRoot\system32\DRIVERS\risdsn64.sys
0x04F4E000 \SystemRoot\system32\DRIVERS\rimssn64.sys
0x04F6C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04F8A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04F99000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x04FDC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04FEB000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x052F8000 \SystemRoot\System32\Drivers\aqu3r2bw.SYS
0x0533D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05353000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05358000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05368000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0537E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x053A2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x053AE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x053DD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05200000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05221000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0523B000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x05247000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05249000 \SystemRoot\system32\DRIVERS\ks.sys
0x0528C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0529E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04800000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x045C8000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x03DBD000 \SystemRoot\system32\drivers\portcls.sys
0x04815000 \SystemRoot\system32\drivers\drmk.sys
0x053F8000 \SystemRoot\system32\drivers\ksthunk.sys
0x0743C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x07400000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0741D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0741F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x03E00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0742D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03C64000 \SystemRoot\System32\Drivers\usbvideo.sys
0x04FEE000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x03E19000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x03E26000 \SystemRoot\System32\drivers\Dxapi.sys
0x02C44000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02C52000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x00C00000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0254E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004B0000 \SystemRoot\System32\TSDDD.dll
0x00770000 \SystemRoot\System32\cdd.dll
0x026D0000 \SystemRoot\system32\drivers\luafv.sys
0x026F3000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x02710000 \SystemRoot\system32\drivers\WudfPf.sys
0x02731000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02746000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02799000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x027AC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x054BF000 \SystemRoot\system32\drivers\HTTP.sys
0x05587000 \SystemRoot\system32\DRIVERS\bowser.sys
0x055A5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x055BD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0544E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07A70000 \SystemRoot\system32\drivers\peauth.sys
0x07B16000 \??\C:\Windows\system32\drivers\regi.sys
0x07B1E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07B29000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07B56000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07B68000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x07B72000 \SystemRoot\System32\DRIVERS\srv2.sys
0x02600000 \SystemRoot\System32\DRIVERS\srv.sys
0x07A00000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77630000 \Windows\System32\ntdll.dll
0x484E0000 \Windows\System32\smss.exe
0xFF950000 \Windows\System32\apisetschema.dll
0xFFB20000 \Windows\System32\autochk.exe
0xFF8A0000 \Windows\System32\clbcatq.dll
0xFF7D0000 \Windows\System32\usp10.dll
0xFF6F0000 \Windows\System32\oleaut32.dll
0x77800000 \Windows\System32\normaliz.dll
0xFF6A0000 \Windows\System32\ws2_32.dll
0xFF5C0000 \Windows\System32\advapi32.dll
0xFF3B0000 \Windows\System32\ole32.dll
0xFF3A0000 \Windows\System32\lpk.dll
0xFF300000 \Windows\System32\comdlg32.dll
0xFF280000 \Windows\System32\difxapi.dll
0x77530000 \Windows\System32\user32.dll
0xFF1E0000 \Windows\System32\msvcrt.dll
0xFE450000 \Windows\System32\shell32.dll
0x777F0000 \Windows\System32\psapi.dll
0xFE3D0000 \Windows\System32\shlwapi.dll
0xFE2A0000 \Windows\System32\rpcrt4.dll
0xFE230000 \Windows\System32\gdi32.dll
0x77410000 \Windows\System32\kernel32.dll
0xFDFD0000 \Windows\System32\iertutil.dll
0xFDFB0000 \Windows\System32\imagehlp.dll
0xFDE80000 \Windows\System32\wininet.dll
0xFDE70000 \Windows\System32\nsi.dll
0xFDD60000 \Windows\System32\msctf.dll
0xFDD10000 \Windows\System32\Wldap32.dll
0xFDCE0000 \Windows\System32\imm32.dll
0xFDB00000 \Windows\System32\setupapi.dll
0xFDAE0000 \Windows\System32\sechost.dll
0xFD960000 \Windows\System32\urlmon.dll
0xFD7F0000 \Windows\System32\crypt32.dll
0xFD7B0000 \Windows\System32\cfgmgr32.dll
0xFD740000 \Windows\System32\KernelBase.dll
0xFD700000 \Windows\System32\wintrust.dll
0xFD660000 \Windows\System32\comctl32.dll
0xFD640000 \Windows\System32\devobj.dll
0xFD630000 \Windows\System32\msasn1.dll
0x75980000 \Windows\SysWOW64\normaliz.dll

Processes (total 79):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
476 csrss.exe
552 C:\Windows\System32\wininit.exe
564 csrss.exe
608 C:\Windows\System32\services.exe
644 C:\Windows\System32\winlogon.exe
652 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
796 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\atiesrxx.exe
1012 C:\Windows\System32\svchost.exe
484 C:\Windows\System32\svchost.exe
600 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\atieclxx.exe
1228 C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
1320 C:\Windows\System32\svchost.exe
1460 C:\Windows\System32\wlanext.exe
1468 C:\Windows\System32\conhost.exe
1560 C:\Windows\System32\spoolsv.exe
1596 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1652 C:\Windows\System32\svchost.exe
1756 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1776 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1828 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1920 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1952 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
1976 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1984 C:\Windows\System32\conhost.exe
1260 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1672 C:\Windows\System32\svchost.exe
2224 C:\Windows\System32\taskeng.exe
2248 C:\Windows\System32\dwm.exe
2284 C:\Windows\explorer.exe
2500 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
2528 C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
2604 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
2652 C:\Windows\System32\taskhost.exe
2776 C:\Program Files\Java\jre6\bin\jusched.exe
2808 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2820 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2832 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
2896 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2956 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
2972 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
2496 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2516 C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
2076 C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
2052 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2640 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2916 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
2188 dllhost.exe
3100 C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
3124 C:\Windows\System32\svchost.exe
3176 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3316 C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
3364 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3388 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
3576 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3688 unsecapp.exe
3752 WmiPrvSE.exe
4092 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3296 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3460 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
4156 C:\Windows\System32\SearchIndexer.exe
4484 C:\Windows\System32\svchost.exe
4720 C:\Windows\System32\svchost.exe
4848 WUDFHost.exe
4856 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
5280 C:\Program Files\Windows Media Player\wmpnetwk.exe
3900 C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
5384 C:\Windows\System32\audiodg.exe
1628 C:\Program Files\Mozilla Firefox\firefox.exe
2488 C:\Program Files\Mozilla Firefox\plugin-container.exe
4632 C:\Users\***\Desktop\MBRCheck.exe
5516 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`69a00000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM500JI, Rev: 2AC101C4

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Alt 04.02.2011, 13:09   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Standard

JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Alt 04.02.2011, 21:40   #14
Jelly
 
JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Standard

JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c



Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5679

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.02.2011 22:39:18
mbam-log-2011-02-04 (22-39-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 334508
Laufzeit: 1 Stunde(n), 14 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Zweiter Log kommt morgen früh

Geändert von Jelly (04.02.2011 um 22:07 Uhr)

Alt 05.02.2011, 16:28   #15
Jelly
 
JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Standard

JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c



SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 02/05/2011 at 09:51 AM

Application Version : 4.48.1000

Core Rules Database Version : 6344
Trace Rules Database Version: 4156

Scan type : Complete Scan
Total Scan Time : 11:06:10

Memory items scanned : 777
Memory threats detected : 0
Registry items scanned : 14379
Registry threats detected : 0
File items scanned : 180636
File threats detected : 1

Trojan.Agent/Gen-SVC[Fake]
C:\PROGRAM FILES (X86)\VAIO NW SCREENSAVERS\NW_SCREENSAVER.EXE

Hab das mal in Quarantäne geschoben

Antwort

Themen zu JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c
0x00000001, 64-bit, antivir, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, data restore, downloader, e-banking, error, fehler, firefox, flash player, frage, google, google chrome, home, home premium, iastor.sys, ieframe.dll, install.exe, java/agent.2212, jdownloader, location, logfile, mozilla, mozilla thunderbird, nicht gefunden, oldtimer, otl.exe, picasa, programdata, programm, realtek, registry, rundll, safer networking, saver, scan, sched.exe, security, server, shell32.dll, shortcut, software, sptd.sys, start menu, syswow64, teamspeak, usb, verfolgende cookies, virus, vlc media player, webcheck, youtube downloader



Ähnliche Themen: JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c


  1. Windows 7: Trojanerfund TR/Dldr.Agent.2343.1 in ..\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\29352a0f-2c1714bd
    Log-Analyse und Auswertung - 04.11.2014 (10)
  2. Win7, JAVA/Lamar.SFD.12 in C:\Users\...\Java\Deployment\cache\6.0\54\453e86f6-10c60f
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (16)
  3. Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen in c:\documents and settings\***\appdata\locallow\sun\java\deployment\cache\6.0\34\ gefunden
    Log-Analyse und Auswertung - 30.05.2013 (7)
  4. Virus wurde nicht mehr gefunden. Ist er weg? - C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\...
    Plagegeister aller Art und deren Bekämpfung - 05.01.2013 (27)
  5. HEUR:Exploit.Java.CVE-2012-1723.gen in c:/documents and settings/.../appdata/locallow/sun/java/deployment/cache/6.0/1/3935ec1-7693a783
    Plagegeister aller Art und deren Bekämpfung - 14.12.2012 (2)
  6. Exploit.Java.CVE-2012-0507.be in C:\Documents and Settings\Jonathan\Appdata\LocalLow\Sun\Java [...]
    Log-Analyse und Auswertung - 16.04.2012 (8)
  7. Exploit.Java.CVE-2010-0840.N in \AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (21)
  8. Systemblockierung EXP/CVE-2010-0840.EO C:\...\Anwendungsdaten\Sun\Java\Deployment\Cache\6.0\...
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (34)
  9. java/agent.2212 + ADWARE/OpenCandy.A.7
    Plagegeister aller Art und deren Bekämpfung - 24.02.2011 (17)
  10. Java/Agent.2212 und weitere
    Log-Analyse und Auswertung - 14.01.2011 (7)
  11. JAVA/Agent.2212
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (29)
  12. Bereinigung Trojan.Dropper und Java/Agent.2212
    Plagegeister aller Art und deren Bekämpfung - 13.12.2010 (4)
  13. JAVA/Agent.2212 auf meinen Rechner!
    Log-Analyse und Auswertung - 10.12.2010 (30)
  14. JAVA/Agent.2212 und alle Programme stürzen ab
    Plagegeister aller Art und deren Bekämpfung - 03.12.2010 (22)
  15. TR/Crypt.XPACK.Gen3 in C:\Users\***\AppData\Local\umevevukoviker.dll und JAVA/Agent.HN'
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (1)
  16. JAVA/Agent.M.1 im Java Cache
    Log-Analyse und Auswertung - 28.09.2010 (4)
  17. Trojaner im Java Deployment Cache
    Plagegeister aller Art und deren Bekämpfung - 26.01.2005 (2)

Zum Thema JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c - Hallo, gestern brachte mein Avira Antivir folgende Meldung: C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\p3tmb3a6.default\Cache\5601FA08d01' enthielt einen Virus oder unerwünschtes Programm 'HEUR/HTML.Malware' [heuristic]. Durchgeführte Aktion(en): Der Fund wurde als verdächtig eingestuft. Die Datei wurde ins Quarantäneverzeichnis - JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c...
Archiv
Du betrachtest: JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.