Trojaner-Board - bitte um hilfe

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - bitte um hilfe (https://www.trojaner-board.de/29281-bitte-um-hilfe.html)

habe mindestens einen trojaner auf demm pc... hier das logfile...
danke für die hilfe!

Logfile of HijackThis v1.99.1
Scan saved at 21:10:57, on 16.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Programme\Sony\vaio entertainment\VzTaskScheduler.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\sony\vaio update 2\VAIOUpdt.exe
C:\Programme\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
C:\Programme\Sony\vaio entertainment\VzTrayIcon.exe
C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Programme\Sony\VAIO Launcher\Launcher.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
D:\Diablo II\Game.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\DOKUME~1\SONYVA~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ch/0SEDECH/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von cablecom hispeed internet
R3 - URLSearchHook: (no name) - {733421B4-937F-48A9-9200-D48BF660F055} - ___.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\wsvty.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\wsvty.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programme\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Programme\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [BJCFD] C:\Programme\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TorontoMail] TemplateDongle.exe
O4 - HKLM\..\Run: [backorif] ssweeper.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [UnSpyPC] C:\Programme\UnSpyPC\UnSpyPC.exe
O4 - HKCU\..\Run: [_ctcp] MONITER.exe
O4 - HKCU\..\Run: [DCC_send] iesetupdll.exe
O4 - HKCU\..\Run: [LOPTCON] Testimonials.exe
O4 - Startup: VAIO Launcher.lnk = C:\Programme\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Audio Filter.lnk = C:\Programme\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
O4 - Global Startup: Aufzeichnungsstatus.lnk = C:\Programme\Sony\vaio entertainment\VzTrayIcon.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1394F862-A49D-43C2-B874-6AE81A6DB781}: NameServer = 85.255.114.103,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{144222DF-3F47-4C75-B4DD-44C420002AA7}: NameServer = 85.255.114.103,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{1527E73A-7677-4898-A44B-87822F6BD180}: NameServer = 85.255.114.103,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E933AC5-CBB2-4574-BD3F-9763F262770E}: NameServer = 85.255.114.103,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6A81A60-A3FD-49B4-A54E-27D6267ECA57}: NameServer = 85.255.114.103,85.255.112.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{1394F862-A49D-43C2-B874-6AE81A6DB781}: NameServer = 85.255.114.103,85.255.112.80
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Programme\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe

Hallo in die Ukraine :daumenhoc

und ob du einen Trojaner im System hast! Und nicht nur das..

Lass mal folgende Datei bei Virustotal auswerten:
C:\WINDOWS\system32\wsvty.dll

Gruß
Daniel

Antivirus Version Update Result
AntiVir 6.34.1.27 05.16.2006 ADSPY/SBSoft.H
Avast 4.6.695.0 05.15.2006 Win32:Trojano-1269
AVG 386 05.16.2006 Adware Generic.BXB
BitDefender 7.2 05.16.2006 Adware.Quicklinks.A
CAT-QuickHeal 8.00 05.15.2006 AdWare.ToolBar.SBSoft.h (Not a Virus)
ClamAV devel-20060426 05.16.2006 Adware.Toolbar-34
DrWeb 4.33 05.16.2006 Adware.QuickLinks
eTrust-InoculateIT 23.72.9 05.16.2006 no virus found
eTrust-Vet 12.4.2211 05.16.2006 no virus found
Ewido 3.5 05.16.2006 Adware.SBSoft
Fortinet 2.77.0.0 05.16.2006 Toolbar/Search
F-Prot 3.16c 05.15.2006 security risk named W32/Agent.YU
Ikarus 0.2.65.0 05.16.2006 AdWare.ToolBar.SBSoft.H
Kaspersky 4.0.2.24 05.16.2006 not-a-virus:AdWare.Win32.SBSoft.h
McAfee 4763 05.16.2006 potentially unwanted program Adware-SBSoft
Microsoft 1.1372 05.16.2006 Search ToolBar (threat-c)
NOD32v2 1.1541 05.16.2006 Win32/Adware.Toolbar.SBSoft
Norman 5.90.17 05.16.2006 W32/SBSoft.H
Panda 9.0.0.4 05.16.2006 Adware/SBSoft
Sophos 4.05.0 05.16.2006 no virus found
Symantec 8.0 05.16.2006 no virus found
TheHacker 5.9.7.144 05.16.2006 Adware/ToolBar.SBSoft.h
UNA 1.83 05.15.2006 Adware.ToolBar.SBSoft
VBA32 3.11.0 05.16.2006 AdWare.ToolBar.SBSoft.h

Aditional Information
File size: 155648 bytes
MD5: b88f36ad1b0775aae6b7fca1c667032d
SHA1: abed18e5231baf7c3bb6393fe49d5813f92a9e84

was soll ich jetzt tun?

1.lade dir die killbox und lösche folgende Datei: ("delete on reboot")
C:\WINDOWS\system32\wsvty.dll
*NEUSTART*

2.Nach dem Neustart in den abgesicherten modus wechseln und folgende Einträge Mittels HijackThis fixen:

Zitat:

R3 - URLSearchHook: (no name) - {733421B4-937F-48A9-9200-D48BF660F055} - ___.dll (file missing)
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\wsvty.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\wsvty.dll
O4 - HKLM\..\Run: [TorontoMail] TemplateDongle.exe
O4 - HKLM\..\Run: [backorif] ssweeper.exe
O4 - HKCU\..\Run: [_ctcp] MONITER.exe
O4 - HKCU\..\Run: [DCC_send] iesetupdll.exe
O4 - HKCU\..\Run: [LOPTCON] Testimonials.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1394F862-A49D-43C2-B874-6AE81A6DB781}: NameServer = 85.255.114.103,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{144222DF-3F47-4C75-B4DD-44C420002AA7}: NameServer = 85.255.114.103,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{1527E73A-7677-4898-A44B-87822F6BD180}: NameServer = 85.255.114.103,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E933AC5-CBB2-4574-BD3F-9763F262770E}: NameServer = 85.255.114.103,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6A81A60-A3FD-49B4-A54E-27D6267ECA57}: NameServer = 85.255.114.103,85.255.112.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{1394F862-A49D-43C2-B874-6AE81A6DB781}: NameServer = 85.255.114.103,85.255.112.80
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

3. Lade Dir danach [URL=http://www.spybot.info/de/mirrors/index.htmlSpybot S&D[/URL] Systemscan durchführen und "immunisieren"

4. neues Hiajcklog erstellen und posten!

lange hats gedauert... hier der neue log von HijackThis...

Logfile of HijackThis v1.99.1
Scan saved at 00:05:42, on 27.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Programme\Sony\vaio entertainment\VzTaskScheduler.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\sony\vaio update 2\VAIOUpdt.exe
C:\Programme\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
C:\Programme\Sony\vaio entertainment\VzTrayIcon.exe
C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Programme\Sony\VAIO Launcher\Launcher.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\SONYVA~1\LOKALE~1\Temp\Rar$EX00.704\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ch/0SEDECH/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von cablecom hispeed internet
R3 - URLSearchHook: (no name) - {733421B4-937F-48A9-9200-D48BF660F055} - ___.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programme\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Programme\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [UnSpyPC] C:\Programme\UnSpyPC\UnSpyPC.exe
O4 - HKCU\..\Run: [_ctcp] MONITER.exe
O4 - HKCU\..\Run: [DCC_send] iesetupdll.exe
O4 - HKCU\..\Run: [LOPTCON] Testimonials.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: VAIO Launcher.lnk = C:\Programme\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Audio Filter.lnk = C:\Programme\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
O4 - Global Startup: Aufzeichnungsstatus.lnk = C:\Programme\Sony\vaio entertainment\VzTrayIcon.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Programme\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe

Hallo,
poste noch zur Kontrolle ein Log von F-Secure Blacklight, wird nach dem Scan automatisch im selben Pfad erstelle, fsbl**.txt.

Grüße Wildone

05/27/06 15:40:50 [Info]: BlackLight Engine 1.0.36 initialized
05/27/06 15:40:50 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/27/06 15:40:50 [Note]: 7019 4
05/27/06 15:40:50 [Note]: 7005 0
05/27/06 15:40:53 [Note]: 7006 0
05/27/06 15:40:53 [Note]: 7011 320
05/27/06 15:40:53 [Note]: 7026 0
05/27/06 15:40:53 [Note]: 7026 0
05/27/06 15:40:53 [Note]: 7024 3
05/27/06 15:40:53 [Info]: Hidden process: C:\WINDOWS\system32\idemlog.exe
05/27/06 15:40:53 [Note]: FSRAW library version 1.7.1015
05/27/06 15:47:59 [Info]: Hidden file: c:\WINDOWS\ServicePackFiles\i386\wbemtest.exe
05/27/06 15:47:59 [Note]: 10002 1
05/27/06 15:48:00 [Info]: Hidden file: c:\WINDOWS\ServicePackFiles\i386\tcptest.exe
05/27/06 15:48:00 [Note]: 10002 1
05/27/06 15:48:04 [Info]: Hidden file: C:\WINDOWS\system32\idemlog.exe
05/27/06 15:48:04 [Note]: 10002 1
05/27/06 15:48:06 [Info]: Hidden file: c:\WINDOWS\system32\csqvx.exe
05/27/06 15:48:06 [Note]: 7002 32
05/27/06 15:48:06 [Note]: 7003 1
05/27/06 15:48:06 [Note]: 10002 1
05/27/06 15:48:09 [Info]: Hidden file: c:\WINDOWS\system32\favset.exe
05/27/06 15:48:16 [Note]: 7002 5
05/27/06 15:48:16 [Note]: 7003 1
05/27/06 15:48:16 [Note]: 10002 1
05/27/06 15:48:17 [Info]: Hidden file: c:\WINDOWS\system32\filesafer23.exe
05/27/06 15:48:17 [Note]: 10002 1
05/27/06 15:48:20 [Info]: Hidden file: c:\WINDOWS\system32\wbem\wbemtest.exe
05/27/06 15:48:20 [Note]: 10002 1
05/27/06 15:48:24 [Info]: Hidden file: c:\WINDOWS\system32\pppcgm.exe
05/27/06 15:48:24 [Note]: 10002 1
05/27/06 15:48:25 [Info]: Hidden file: c:\WINDOWS\system32\howiper.exe
05/27/06 15:48:28 [Note]: 7002 5
05/27/06 15:48:28 [Note]: 7003 1
05/27/06 15:48:28 [Note]: 10002 1
05/27/06 15:48:33 [Info]: Hidden file: c:\WINDOWS\system32\sphlp32.exe
05/27/06 15:48:38 [Note]: 7002 5
05/27/06 15:48:38 [Note]: 7003 1
05/27/06 15:48:38 [Note]: 10002 1
05/27/06 15:50:37 [Note]: 7007 0