Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   viren % malware gehabt -> os-neuinstallation -> log-dateien erstellt > und nun lahmt laptop (https://www.trojaner-board.de/106822-viren-malware-gehabt-os-neuinstallation-log-dateien-erstellt-lahmt-laptop.html)

kamel5000 23.12.2011 22:45
viren % malware gehabt -> os-neuinstallation -> log-dateien erstellt > und nun lahmt laptop
 
nach auffälligen symptomen habe ich mehr als 8 trojaner und viren gefunden und entfernt. dann habe ich c:-partition formatiert und os-neuinstallation gemacht. zur sicherheit hab ich der anleitung auf eurer seite folgend logfiles erstellt mit hijackthis, gefogger, otl, gmer..folgende problem sind aufgetreten: der defogger forderte nicht zum neustart auf. während des germ-checks stürzte der pc ab nachdem auf einem bluescrenn viel text zu sehen war. jetzt dauert es sehr lange bis der laptop hochfährt . und er lahmt gewaltig und ist total überlastet...

kamel5000 23.12.2011 23:25
da er erst lahmt, seitdem ich gmer gestartet hatte, habe ich nun neue logfiles erstellt.. dabei fiel mir auf, dassdefogger keinen neustart von mir fordert (beim ersten mal auch schon nicht)... nun habe ich neue log-files zu defogger,hijackthis, otl. gmer habe ich diesmal aus vorsicht mal nicht ausgeführt...wohin nun mit den logfiles...danke für alle hilfe

kamel5000 23.12.2011 23:25
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:55:09, on 23.12.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\Sony\ISB Utility\ISBMgr.exe
C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\b4d47153257b6b88e5aabf82b9b7499f\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.club-vaio.com/de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.club-vaio.com/de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.club-vaio.com/de/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programme\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [KB976002-v5] C:\WINDOWS\system32\browserchoice.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=h**p://www.club-vaio.com/de/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1324585315375
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6973 bytes
--- --- ---

kamel5000 23.12.2011 23:26
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:49 on 23/12/2011 (Mensch)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

kamel5000 23.12.2011 23:27
OTL Logfile:
Code:
OTL logfile created on: 23.12.2011 22:58:16 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\Mensch\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
502,11 Mb Total Physical Memory | 164,23 Mb Available Physical Memory | 32,71% Memory free
1,20 Gb Paging File | 0,79 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 25,00 Gb Free Space | 67,11% Space Free | Partition Type: NTFS
Drive D: | 29,35 Gb Total Space | 1,52 Gb Free Space | 5,18% Space Free | Partition Type: NTFS
 
Computer Name: NAME-0BF40BE3BA | User Name: Mensch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.23 21:12:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mensch\Desktop\OTL.exe
PRC - [2011.12.12 18:58:18 | 015,161,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v4.3.exe
PRC - [2011.12.07 11:44:28 | 000,092,992 | ---- | M] (Microsoft Corporation) -- c:\bc3a37a456e559def7eefdeb58\mrtstub.exe
PRC - [2011.10.26 19:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.08.10 14:17:16 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe
PRC - [2005.10.11 20:36:38 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2004.11.17 12:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe
PRC - [2004.08.19 01:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe
PRC - [2004.02.20 13:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ISB Utility\ISBMgr.exe
PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.19 16:56:03 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.03.23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.07.02 20:44:10 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006.07.02 20:42:44 | 000,348,160 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006.04.09 20:19:58 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.07.27 10:41:38 | 000,026,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2006.08.17 14:31:50 | 001,120,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006.04.27 17:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.04.27 17:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006.04.27 17:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.22 18:18:50 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2011.10.19 16:56:15 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.07.24 09:38:20 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.07.24 09:38:20 | 000,727,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006.07.24 09:38:20 | 000,208,256 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006.07.05 03:29:54 | 000,489,696 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2006.07.02 22:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006.06.14 03:04:00 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.05.23 00:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.02.21 10:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2004.11.22 05:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000.12.05 15:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000.11.09 11:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO | Welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Club VAIO | Welcome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.22 19:43:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.12.22 19:58:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.12.22 21:37:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2011.12.22 21:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten\Mozilla\Extensions
[2011.12.22 21:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.22 22:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.22 22:05:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.10 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Update 2] C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\RunOnce: [KB976002-v5] C:\WINDOWS\system32\browserchoice.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1324585315375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F66D40FA-5194-4791-BDA1-46DD015844E2}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mensch\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.17 10:24:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Flash Player 8
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.23 22:56:09 | 000,000,000 | ---D | C] -- C:\bc3a37a456e559def7eefdeb58
[2011.12.23 22:49:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Desktop\Neuer Ordner
[2011.12.23 22:41:32 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2011.12.23 22:34:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011.12.23 21:12:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mensch\Desktop\OTL.exe
[2011.12.23 20:57:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten\Avira
[2011.12.23 20:41:47 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2011.12.23 20:41:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2011.12.23 20:28:42 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2011.12.23 20:28:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Startmenü\Programme\HiJackThis
[2011.12.23 20:18:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.12.23 20:17:23 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.12.23 20:17:12 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.12.23 20:17:12 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011.12.23 20:17:11 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.12.23 20:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2011.12.23 20:16:51 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.12.23 20:11:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.12.23 09:53:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-de
[2011.12.23 09:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.12.23 09:53:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2011.12.23 09:53:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.12.23 09:48:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011.12.23 09:43:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.12.23 08:57:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011.12.23 02:52:37 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011.12.22 22:23:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
[2011.12.22 22:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011.12.22 22:07:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011.12.22 22:06:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Cisco Systems VPN Client
[2011.12.22 22:06:11 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Deterministic Networks
[2011.12.22 22:06:10 | 000,000,000 | ---D | C] -- C:\Programme\Cisco Systems
[2011.12.22 22:04:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten\Skype
[2011.12.22 22:04:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2011.12.22 22:04:21 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2011.12.22 22:04:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[2011.12.22 21:37:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Lokale Einstellungen\Anwendungsdaten\Thunderbird
[2011.12.22 21:37:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten\Thunderbird
[2011.12.22 21:37:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Thunderbird
[2011.12.22 21:37:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2011.12.22 21:18:36 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Mensch\UserData
[2011.12.22 20:51:41 | 000,000,000 | ---D | C] -- C:\Programme\CONEXANT
[2011.12.22 20:44:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten\Adobe
[2011.12.22 20:20:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Lokale Einstellungen\Anwendungsdaten\Google
[2011.12.22 20:16:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011.12.22 20:08:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten\Malwarebytes
[2011.12.22 20:08:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.12.22 20:08:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.12.22 20:08:32 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.22 20:08:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.22 19:59:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Winamp
[2011.12.22 19:58:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011.12.22 19:58:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Startmenü\Programme\Winamp Erkennungs-Plug-in
[2011.12.22 19:58:41 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Detect
[2011.12.22 19:58:25 | 000,000,000 | ---D | C] -- C:\Programme\Winamp
[2011.12.22 19:58:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten\Winamp
[2011.12.22 19:46:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Eigene Dateien\Downloads
[2011.12.22 19:44:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2011.12.22 19:44:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten\Mozilla
[2011.12.22 19:43:24 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.12.22 19:38:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten\Macromedia
[2011.12.22 19:33:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011.12.22 18:11:55 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2011.12.22 18:10:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works
[2011.12.22 18:08:08 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server
[2011.12.22 18:06:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VAIO Media Platform
[2011.12.22 18:06:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VAIO Media
[2011.12.22 18:05:53 | 000,770,048 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CDDBUISony.dll
[2011.12.22 18:05:53 | 000,643,072 | ---- | C] (Gracenote, Inc.) -- C:\WINDOWS\System32\CDDBControlSony.dll
[2011.12.22 18:05:53 | 000,585,728 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CddbMusicIDSony.dll
[2011.12.22 18:05:53 | 000,098,304 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CddbLangDESony.dll
[2011.12.22 18:05:53 | 000,073,728 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CddbLinkSony.dll
[2011.12.22 18:03:25 | 000,000,000 | ---D | C] -- C:\Programme\Roxio
[2011.12.22 18:02:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Anmeldung Internet Service Providers
[2011.12.22 18:02:22 | 000,000,000 | ---D | C] -- C:\Programme\ISP
[2011.12.22 18:01:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Memory Stick Utility
[2011.12.22 17:59:19 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten\Microsoft
[2011.12.22 17:59:19 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Mensch\Cookies
[2011.12.22 17:59:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Mensch\SendTo
[2011.12.22 17:59:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Mensch\Recent
[2011.12.22 17:59:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten
[2011.12.22 17:59:19 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Mensch\Startmenü\Programme\Zubehör
[2011.12.22 17:59:19 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Mensch\Startmenü
[2011.12.22 17:59:19 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Mensch\Favoriten
[2011.12.22 17:59:19 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Mensch\Eigene Dateien\Eigene Musik
[2011.12.22 17:59:19 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Mensch\Eigene Dateien
[2011.12.22 17:59:19 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Mensch\Eigene Dateien\Eigene Bilder
[2011.12.22 17:59:19 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Mensch\Startmenü\Programme\Autostart
[2011.12.22 17:59:19 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Mensch\Vorlagen
[2011.12.22 17:59:19 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Mensch\Netzwerkumgebung
[2011.12.22 17:59:19 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Mensch\Lokale Einstellungen
[2011.12.22 17:59:19 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Mensch\Druckumgebung
[2011.12.22 17:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten\Sony Corporation
[2011.12.22 17:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2011.12.22 17:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten\Identities
[2011.12.22 17:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten\Google
[2011.12.22 17:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Desktop
[2011.12.22 17:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
[2011.12.22 17:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mensch\Lokale Einstellungen\Anwendungsdaten\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2011.12.22 17:57:28 | 000,000,000 | ---D | C] -- C:\Programme\Programmverknüpfungen
[23 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.23 23:12:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.23 22:53:59 | 000,002,433 | ---- | M] () -- C:\Dokumente und Einstellungen\Mensch\Desktop\HiJackThis.lnk
[2011.12.23 22:31:25 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2011.12.23 22:27:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.23 22:27:35 | 526,569,472 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.23 22:24:23 | 000,414,154 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.23 22:24:23 | 000,398,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.23 22:24:23 | 000,074,070 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.23 22:24:23 | 000,060,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.23 21:28:46 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Mensch\Desktop\nljz2pwj.exe
[2011.12.23 21:27:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.23 21:12:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mensch\Desktop\OTL.exe
[2011.12.23 21:10:46 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Mensch\Desktop\Defogger.exe
[2011.12.23 20:44:03 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Mensch\defogger_reenable
[2011.12.23 20:11:58 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011.12.23 20:10:53 | 000,165,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.23 09:48:26 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011.12.23 09:00:33 | 000,000,139 | ---- | M] () -- C:\Dokumente und Einstellungen\Mensch\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.12.23 09:00:11 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011.12.22 22:07:21 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNInstall.MIF
[2011.12.22 21:37:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011.12.22 18:29:09 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011.12.22 18:19:05 | 000,031,614 | ---- | M] () -- C:\WINDOWS\System32\Snyres.oem
[2011.12.22 18:19:03 | 000,000,266 | ---- | M] () -- C:\WINDOWS\System32\Snysplst.oem
[2011.12.22 18:19:03 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\SNYINST.OEM
[2011.12.22 18:18:50 | 000,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2011.12.22 18:04:18 | 000,000,057 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011.12.22 17:58:20 | 000,000,099 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011.12.22 17:57:37 | 000,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\Sony_VGN-N11MW.mrk
[29 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.23 21:28:45 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Mensch\Desktop\nljz2pwj.exe
[2011.12.23 21:10:46 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Mensch\Desktop\Defogger.exe
[2011.12.23 20:44:03 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Mensch\defogger_reenable
[2011.12.23 20:28:42 | 000,002,433 | ---- | C] () -- C:\Dokumente und Einstellungen\Mensch\Desktop\HiJackThis.lnk
[2011.12.23 20:11:56 | 000,000,751 | ---- | C] () -- C:\Dokumente und Einstellungen\Mensch\Startmenü\Programme\Internet Explorer.lnk
[2011.12.23 08:59:39 | 009,271,864 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ehcir.ird
[2011.12.23 08:59:33 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011.12.23 08:59:33 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011.12.23 08:59:32 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011.12.22 22:06:12 | 000,002,423 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2011.12.22 22:05:56 | 000,001,594 | ---- | C] () -- C:\WINDOWS\VPNInstall.MIF
[2011.12.22 21:37:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.12.22 19:43:31 | 000,000,706 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2011.12.22 18:14:39 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.12.22 18:07:23 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2011.12.22 18:05:53 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2011.12.22 18:04:18 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011.12.22 17:59:20 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Mensch\Startmenü\Programme\Remoteunterstützung.lnk
[2011.12.22 17:59:20 | 000,000,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Mensch\Startmenü\Programme\Windows Media Player.lnk
[2011.12.22 17:59:20 | 000,000,722 | ---- | C] () -- C:\Dokumente und Einstellungen\Mensch\Startmenü\Programme\Outlook Express.lnk
[2011.12.22 17:59:20 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Mensch\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.12.22 17:57:37 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\Sony_VGN-N11MW.mrk
[2011.12.22 17:53:26 | 526,569,472 | -HS- | C] () -- C:\hiberfil.sys
[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010.03.23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006.08.17 15:23:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.08.17 14:25:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006.08.17 14:25:08 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006.08.17 14:25:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006.08.17 14:25:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006.08.17 14:25:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006.08.17 14:25:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006.08.17 14:22:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006.08.17 12:52:07 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
[2006.08.17 12:23:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006.08.17 12:23:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006.08.17 11:15:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.08.17 11:14:51 | 000,165,120 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.08.17 10:27:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.08.17 10:21:01 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.08.17 03:08:55 | 000,004,150 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.08.17 03:08:40 | 000,414,154 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.08.17 03:08:40 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.08.17 03:08:40 | 000,074,070 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.08.17 03:08:40 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.08.17 03:08:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.08.17 03:07:58 | 000,398,514 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.08.17 03:07:58 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.08.17 03:07:58 | 000,060,646 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.08.17 03:07:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.08.17 03:07:55 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.08.17 03:07:55 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.08.17 03:07:52 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.08.17 03:07:45 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.08.17 03:07:45 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.08.17 03:07:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.08.17 03:07:27 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005.08.05 13:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
 
========== LOP Check ==========
 
[2011.12.22 21:37:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mensch\Anwendungsdaten\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2006.08.17 14:26:24 | 000,000,000 | ---D | M] -- C:\Documentation
[2011.12.22 17:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2006.08.17 12:14:11 | 000,000,000 | ---D | M] -- C:\Drivers
[2011.12.23 22:41:32 | 000,000,000 | R--D | M] -- C:\Programme
[2011.12.22 20:52:33 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.22 17:58:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.23 23:14:59 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[31 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3GDR\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.14 00:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2008.04.14 00:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\SoftwareDistribution\Download\e424457fa03b62ac525a28d5c035253c\sp3qfe\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\SoftwareDistribution\Download\aea616e16ad5c2769a1797d4d8c932aa\SP3QFE\afd.sys
[2008.08.14 10:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\SoftwareDistribution\Download\aea616e16ad5c2769a1797d4d8c932aa\SP2GDR\afd.sys
[2004.08.10 13:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008.08.14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\SoftwareDistribution\Download\aea616e16ad5c2769a1797d4d8c932aa\SP2QFE\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\SoftwareDistribution\Download\e424457fa03b62ac525a28d5c035253c\sp3gdr\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\SoftwareDistribution\Download\aea616e16ad5c2769a1797d4d8c932aa\SP3GDR\afd.sys
[2008.06.20 11:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp2gdr\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp3qfe\afd.sys
[2008.06.20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp2qfe\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp3gdr\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3QFE\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2004.08.10 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.14 00:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008.04.14 00:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004.08.10 13:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2004.08.10 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2004.08.10 13:00:00 | 000,153,600 | R--- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\I386\REGEDIT.EXE
[2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.10 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.10 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtUninstallKB307154$\winlogon.exe
[2004.08.14 00:07:41 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=4C5B48AB9179DE15A7B6A48DC8E56121 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2008.04.14 07:23:18 | 001,845,760 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-22 20:23:17

< End of report >
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:42 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129