Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Hostprozess für Windows-Dienste wurde beendet und geschlossen (https://www.trojaner-board.de/89805-hostprozess-windows-dienste-wurde-beendet-geschlossen.html)

cosinus 25.08.2010 21:21
Zitat:
Zur Verteidigung meines Systemadministrators muss ich noch erklären, dass er eigentlich ein Softwareentwickler auf einem ganz anderen Gebiet als PC oder Microsoft ist. Zu dem Job ist er gekommen, wie die Jungfrau zum Kinde. Einer musste es tun und er war am nächsten an der Materie dran.
Dein Kollege tut mir echt Leid. Er wurde ins kalte Wasser geschubst, ist jetzt dafür verantwortlich un darf die Suppe auslöffeln? Du auch?

Zitat:
Aber zurück zu meiner ursprünglichen Frage. Kann ich den Rechner morgen zur Not ausschalten?
Versteh ich nicht worauf Du da hinaus willst jetzt genau. :confused:

Allerdings find ich das auch ein Unding Deiner Firma, bei der Du angestellt bist. Wenn Du so auf die IT angewiesen bist, solltest Du Deinen Vorgesetzten mal die Notwendigkeit einer vernünftigen IT-Abteilung klarmachen. Oder dass man zumindest in Notfällen einen externen Dienstleister als Ansprechpartner hat. Sry, dass Du jetzt der Angeschmierte bist, aber dieses Vorgehen zeugt IMHO nicht gerade von Seriösität der Geschäfstführer Deiner Firma, oder der gehts so schlecht, dass man lieber am neueren Quartärsektor (Informationssektor) so lange spart bis alles zusammenbricht.

Aus diesem Grund will ich Dir eigentlich auch garnicht mehr weiterhelfen, da das kontraproduktiv ist und Deine IT bzw. die Geschäftsführer der Firma, für die Du arbeitest, Lösungen ausarbeiten muss, die auch mittel- und langfristig greifen. Oder meinst Du nicht, dass es lachhaft ist, wenn die Geschäftsführer die Empfehlung untertstützen, mal irgendwo im Board nachzufragen?? :wtf:

Seebär 25.08.2010 21:43
Hallo Arne,

wie gesagt, die Firma ist nicht so groß, dass ein Administrator wirklich ausgelastet wäre. Und selbst wenn, glaube ich nicht, dass er sich die Zeit nehmen würde, solange an dem Problem rumzubasteln. Wahrscheinlich würde er den Rechner platt machen und bis alles wieder so eingerichtet ist, wie ich es brauche, stehe ich auf dem Schlauch. Aber wie es aussieht, komme ich wohl nicht darum herum.

Meine Frage bezieht sich auf das Problem, dass ComboFix ausdrücklich davor gewarnt hat, den Rechner manuell runter zu fahren, der Shut down von ComboFix vorhin aber innerhalb von knapp 1 h nicht fertig war. Falls der Rechner morgen früh immer noch so dasteht, bleibt mir eigentlich nichts anderes übrig, als ihn hart runter zu fahren. Ich habe keinen Schimmer, was das für Konsequenzen hätte. Aber eigentlich habe ich ja keine Wahl. Also gebe ich mich der Hoffnung hin, dass der Wiederherstellungspunkt funktioniert und "ziehe den Stecker".

Gruß
Thomas

Seebär 26.08.2010 07:24
Hallo Arne,

ich musste den Rechner heute früh doch hart ausschalten. Windows hat dann zwar gemeckert, dass es nicht richtig beendet wurde, der normale Neustart lief aber problemlos. ComboFix fertigte zum Schluss noch das Log-File an und war fertig.

Nur für den Fall, dass Du mich doch noch nicht aufgibst, hier das Log-File von ComboFix.

Combofix Logfile:
Code:
ComboFix 10-08-24.0A - Meyer 25.08.2010  15:43:34.1.2 - x86
ausgeführt von:: c:\users\meyer\Desktop\CoFi.exe
AV: Trend Micro OfficeScan Virenschutz *On-access scanning disabled* (Updated) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
SP: Trend Micro OfficeScan Spyware-Schutz *disabled* (Updated) {6D124117-24A2-4555-BD42-A763D52CFEB2}
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\win32GI
c:\program files\win32GI\logg.dat
c:\programdata\hpe52EF.dll
c:\programdata\hpeDA57.dll
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Eventuell infizierte Webseiten -----

hxxp://192.168.1.21
Infizierte Kopie von c:\windows\system32\drivers\kbdclass.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
c:\windows\system32\wininit.exe . . . ist infiziert!!

.
(((((((((((((((((((((((  Dateien erstellt von 2010-07-26 bis 2010-08-26  ))))))))))))))))))))))))))))))
.

2010-08-25 13:59 . 2010-08-26 05:45        --------        d-----w-        c:\users\meyer\AppData\Local\temp
2010-08-25 13:59 . 2010-08-25 13:59        --------        d-----w-        c:\users\stephanp\AppData\Local\temp
2010-08-25 10:46 . 2010-08-25 10:46        --------        d-----w-        C:\_OTL
2010-08-21 08:05 . 2010-08-21 08:05        --------        d-----w-        c:\program files\CCleaner
2010-08-18 17:13 . 2010-08-18 17:13        --------        d-----w-        c:\program files\ESET
2010-08-18 05:38 . 2010-08-18 14:00        --------        d-----w-        c:\users\meyer\AppData\Roaming\Protector Suite
2010-08-18 04:22 . 2010-08-18 04:22        --------        d-----w-        c:\program files\RSA
2010-08-18 04:22 . 2010-08-18 04:22        --------        d-----w-        c:\program files\Common Files\SPBA
2010-08-17 09:48 . 2010-08-17 10:10        --------        d-----w-        c:\program files\Wise Registry Cleaner
2010-08-17 09:33 . 2010-08-17 09:33        --------        d-----w-        c:\program files\Microsoft Corporation
2010-08-11 07:13 . 2010-05-27 20:08        81920        ----a-w-        c:\windows\system32\iccvid.dll
2010-08-11 07:13 . 2010-06-11 16:16        274944        ----a-w-        c:\windows\system32\schannel.dll
2010-08-11 07:13 . 2010-06-21 13:37        2037760        ----a-w-        c:\windows\system32\win32k.sys
2010-08-11 07:13 . 2010-06-18 17:31        36864        ----a-w-        c:\windows\system32\rtutils.dll
2010-08-11 07:11 . 2010-06-08 17:35        3600768        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2010-08-11 07:11 . 2010-06-08 17:35        3548040        ----a-w-        c:\windows\system32\ntoskrnl.exe
2010-08-11 07:10 . 2010-06-11 16:15        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2010-08-11 07:10 . 2010-06-18 15:04        302080        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-08-11 07:10 . 2010-06-18 15:04        144896        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-08-11 07:10 . 2010-06-16 16:04        905088        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2010-08-04 21:15 . 2010-08-04 21:15        --------        d-----w-        c:\users\meyer\AppData\Roaming\Uniblue
2010-08-04 10:00 . 2009-09-14 09:56        88064        ----a-w-        c:\windows\system32\fdBth.dll
2010-08-04 10:00 . 2009-09-14 15:16        2134528        ----a-w-        c:\windows\system32\FunctionDiscoveryFolder.dll
2010-08-04 07:08 . 2010-08-04 07:08        --------        d-----w-        c:\program files\Windows Portable Devices
2010-08-04 06:43 . 2009-09-10 02:00        92672        ----a-w-        c:\windows\system32\UIAnimation.dll
2010-08-04 06:42 . 2009-10-01 01:02        30208        ----a-w-        c:\windows\system32\WPDShextAutoplay.exe
2010-08-04 06:41 . 2009-10-08 21:08        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2010-08-04 06:41 . 2009-10-08 21:08        234496        ----a-w-        c:\windows\system32\oleacc.dll
2010-08-04 06:41 . 2009-10-08 21:07        4096        ----a-w-        c:\windows\system32\oleaccrc.dll
2010-08-03 13:52 . 2010-08-03 13:52        --------        d-----w-        c:\windows\system32\ca-ES
2010-08-03 13:52 . 2010-08-03 13:52        --------        d-----w-        c:\windows\system32\eu-ES
2010-08-03 13:52 . 2010-08-03 13:52        --------        d-----w-        c:\windows\system32\vi-VN
2010-08-03 13:18 . 2010-08-03 13:18        --------        d-----w-        c:\windows\system32\SPReview
2010-08-03 12:59 . 2009-04-10 21:28        928768        ----a-w-        c:\windows\system32\scavenge.dll
2010-08-03 12:59 . 2009-04-10 21:27        57856        ----a-w-        c:\windows\system32\compcln.exe
2010-08-03 12:57 . 2009-04-10 21:28        75264        ----a-w-        c:\windows\system32\adsmsext.dll
2010-08-03 12:55 . 2010-08-03 12:55        --------        d-----w-        c:\windows\system32\EventProviders
2010-08-03 10:23 . 2010-08-03 10:27        --------        d-----w-        c:\program files\VWEClient1.85.0.131
2010-08-02 09:22 . 2010-03-05 14:01        420352        ----a-w-        c:\windows\system32\vbscript.dll
2010-07-30 12:40 . 2010-07-30 12:40        --------        d-----w-        c:\users\meyer\AppData\Local\Monotype Imaging Inc
2010-07-30 11:33 . 2010-07-30 11:33        --------        d-----w-        c:\users\meyer\AppData\Roaming\ScanSoft
2010-07-30 11:22 . 2010-07-30 11:22        --------        d-----w-        c:\users\Public\LFxV2
2010-07-30 11:20 . 2010-07-30 11:20        --------        d-----w-        c:\program files\Common Files\ScanSoft Shared
2010-07-30 11:20 . 2010-07-30 11:21        --------        d-----w-        c:\programdata\ScanSoft
2010-07-30 11:20 . 2010-07-30 11:20        --------        d-----w-        c:\program files\ScanSoft
2010-07-30 11:17 . 2008-09-02 19:29        16896        ----a-w-        c:\windows\system32\LF2GPPOW.EXE
2010-07-30 11:17 . 2008-09-02 19:29        13312        ----a-w-        c:\windows\system32\LF2GPCOI.DLL
2010-07-30 11:17 . 2008-09-02 19:29        49664        ----a-w-        c:\windows\system32\LF2GPPJL.DLL
2010-07-30 11:16 . 2008-09-02 20:32        352256        ----a-w-        c:\windows\system32\OEMLanMan.exe
2010-07-30 11:16 . 2008-09-02 19:40        283136        ----a-w-        c:\windows\system32\LF2OEWIA.dll
2010-07-30 11:14 . 2010-07-30 11:22        --------        d-----w-        c:\programdata\Companion Suite Pro LL2
2010-07-29 10:07 . 2010-07-29 10:07        --------        d-----w-        c:\users\meyer\AppData\Local\Scansoft
2010-07-29 10:02 . 2010-07-29 10:02        --------        d-----w-        c:\programdata\InstallShield
2010-07-29 09:58 . 2010-07-30 11:23        --------        d-----w-        c:\users\meyer\AppData\Local\Com
2010-07-29 09:55 . 2010-08-14 17:58        --------        d-----w-        c:\users\meyer\AppData\Local\Companion Suite Pro LL2
2010-07-29 09:33 . 2008-11-28 19:26        22528        ------r-        c:\windows\system32\CSPLL2P.dll
2010-07-29 09:32 . 2010-08-14 17:58        --------        d-----w-        c:\program files\Companion Suite Pro LL2

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 12:57 . 2009-06-08 18:06        12        ----a-w-        c:\windows\bthservsdp.dat
2010-08-25 12:12 . 2006-11-02 15:42        752216        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-25 12:12 . 2006-11-02 15:42        176346        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-25 10:39 . 2009-01-30 07:31        197845        ----a-w-        c:\users\meyer\AppData\Roaming\nvModes.dat
2010-08-25 07:56 . 2009-02-19 21:18        --------        d-----w-        c:\program files\Sfirm32
2010-08-21 14:35 . 2009-01-30 07:32        106976        ----a-w-        c:\users\meyer\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-21 13:23 . 2008-07-29 09:38        --------        d-----w-        c:\program files\Trend Micro
2010-08-19 07:21 . 2008-07-29 10:34        --------        d-----w-        c:\programdata\FLEXnet
2010-08-18 04:39 . 2008-07-23 07:59        --------        d-----w-        c:\program files\Protector Suite QL
2010-08-18 04:19 . 2008-07-23 07:59        --------        d-----w-        c:\programdata\UIB
2010-08-17 09:06 . 2009-10-01 14:07        --------        d-----w-        c:\users\meyer\AppData\Roaming\kikin
2010-08-11 07:13 . 2007-07-09 07:39        --------        d-----w-        c:\programdata\Microsoft Help
2010-08-11 07:10 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-08-04 16:35 . 2009-10-01 14:08        --------        d-----w-        c:\program files\No23 Recorder
2010-08-04 07:07 . 2010-08-04 07:07        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-08-04 07:06 . 2010-08-04 07:06        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-03 13:52 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Sidebar
2010-08-03 13:52 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Calendar
2010-08-03 13:52 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Photo Gallery
2010-08-03 13:52 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Journal
2010-08-03 13:52 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Collaboration
2010-08-03 13:52 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Defender
2010-08-03 10:49 . 2010-05-19 14:17        --------        d-----w-        c:\program files\Varial World Editiontest
2010-08-03 10:44 . 2010-04-27 11:41        --------        d-----w-        c:\program files\Varial World Edition
2010-08-03 10:10 . 2009-02-28 00:34        --------        d-----w-        c:\users\meyer\AppData\Roaming\Apple Computer
2010-07-29 10:01 . 2007-07-06 13:27        --------        d-----w-        c:\program files\Common Files\InstallShield
2010-07-27 06:55 . 2009-02-19 14:54        34        ----a-w-        c:\windows\system32\BD5270DN.DAT
2010-07-25 14:35 . 2010-07-25 14:35        --------        d-----w-        c:\users\meyer\AppData\Roaming\Malwarebytes
2010-07-25 14:35 . 2010-07-25 14:35        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-07-25 14:35 . 2010-07-25 14:35        --------        d-----w-        c:\programdata\Malwarebytes
2010-07-25 13:59 . 2010-07-25 13:59        --------        d-----w-        c:\programdata\CA
2010-07-24 01:34 . 2010-07-24 01:23        --------        d-----w-        c:\program files\shellexviewer
2010-07-15 15:46 . 2007-07-09 07:19        --------        d-----w-        c:\program files\Common Files\Java
2010-07-15 15:45 . 2010-07-15 15:46        423656        ----a-w-        c:\windows\system32\deployJava1.dll
2010-07-15 15:45 . 2007-07-09 07:19        --------        d-----w-        c:\program files\Java
2010-07-15 07:43 . 2010-07-15 07:43        --------        d-----w-        c:\users\meyer\AppData\Roaming\Thunderbird
2010-07-15 07:40 . 2010-07-15 07:38        --------        d-----w-        c:\program files\Mozilla Thunderbird
2010-07-10 05:52 . 2010-07-10 05:52        392320        ----a-w-        c:\windows\system32\drivers\timntr.sys
2010-07-10 05:52 . 2010-07-10 05:52        32768        ----a-w-        c:\windows\system32\drivers\tifsfilt.sys
2010-07-10 05:52 . 2010-07-10 05:52        114048        ----a-w-        c:\windows\system32\drivers\snapman.sys
2010-07-10 05:51 . 2010-07-10 05:51        --------        d-----w-        c:\program files\Common Files\Acronis
2010-07-10 05:51 . 2010-07-10 05:51        --------        d-----w-        c:\program files\Acronis
2010-07-09 06:42 . 2010-06-30 16:57        --------        d-----w-        c:\programdata\DivX
2010-07-09 05:42 . 2009-12-13 15:19        --------        d-----w-        c:\program files\DivX
2010-07-09 05:41 . 2009-12-13 15:19        --------        d-----w-        c:\program files\Common Files\PX Storage Engine
2010-07-04 14:18 . 2010-03-15 19:00        --------        d-----w-        c:\program files\Opera
2010-07-03 19:01 . 2007-07-06 13:51        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-06-30 17:03 . 2009-12-13 15:19        --------        d-----w-        c:\program files\Common Files\DivX Shared
2010-06-30 17:02 . 2009-12-13 15:39        --------        d-----w-        c:\users\meyer\AppData\Roaming\DivX
2010-06-26 06:05 . 2010-08-11 07:14        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 07:14        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 07:14        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 07:14        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2006-05-03 10:06 . 2009-03-01 10:58        163328        --sh--r-        c:\windows\System32\flvDX.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-02-10 01:34        750256        ----a-w-        c:\program files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2009-03-04 17:19        612920        ----a-w-        c:\windows\System32\PGPfsshl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-09-15 14:25        4233480        ----a-w-        c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-09-15 14:25        4233480        ----a-w-        c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-11-05 262144]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-09 118784]
"DRCU"="c:\program files\Sony\DRCU\DRCU.exe" [2007-06-18 73728]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-02-07 411768]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-05-14 321656]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-09-15 49928]
"WWAN_reminder"="c:\program files\Sony\WWAN\WWAN_reminder.exe" [2007-04-19 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-24 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-24 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-24 81920]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-11 710000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-18 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-18 133912]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"UMonit"="c:\windows\system32\UMonit.exe" [2007-06-18 200704]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-10 1190632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MFFSum_Pro_LL2"="c:\program files\Companion Suite Pro LL2\MFFSUM.exe" [2008-11-29 24576]
"MFPrintServer_Pro_LL2"="c:\program files\Companion Suite Pro LL2\MFPrintServer.exe" [2008-11-29 73728]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-11-13 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-11-13 46368]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\users\meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SmartClock.exe - Verknpfung.lnk - c:\program files\uhr\smclk13\SmartClock.exe [2001-6-3 60928]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-15 809488]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2009-4-21 1757184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-09-15 14:12        96520        ----a-w-        c:\program files\Protector Suite QL\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 13:19        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\PGPmapih.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli PGPpwflt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57        153136        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfWinStartInfo]
2008-12-12 11:03        120192        ----a-w-        c:\program files\Sfirm32\sfWinStartupInfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 08:17        434176        ----a-w-        c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 07:21        648072        ----a-w-        c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):82,0a,33,ca,14,33,cb,01

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-06-19 13224]
R3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-08-23 37120]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2008-01-18 21504]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [2007-04-27 575064]
R3 TTNDSBDA_VISTA;Virtual BDA DVB Network Adapter;c:\windows\system32\DRIVERS\ttndsbda_vista.sys [2008-06-18 24064]
R3 TTUSB2BDA;TTUSB2BDA USB 2.0 Driver;c:\windows\system32\DRIVERS\ttusb2bda.sys [2009-07-17 572800]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-12-09 2799808]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [2009-03-04 135736]
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2007-05-31 14720]
S2 FUSServices;Session Launcher Service;c:\windows\system32\FUSServices.exe [2008-11-29 10752]
S2 GPVPNService;gateProtect VPN Service;c:\program files\gateProtect\VPN Client\bin\GPVPNService.exe [2008-10-07 86016]
S2 gtdetectsc;GtDetectSc Service;c:\windows\system32\gtdetectsc.exe [2007-04-24 123208]
S2 GtFlashSwitch;GtFlashSwitch;c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 176128]
S2 LiveUpdateInstaller;LiveUpdateInstaller;c:\program files\Common Files\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe [2006-04-19 659456]
S2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2009-05-27 202584]
S2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2008-11-03 299008]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 Registry;Sage Registrierungsdienst;c:\program files\Common Files\Sage KHK Shared\Registry.exe [2007-04-16 94208]
S2 SageDeploymentService;Sage Verteilungsdienst;c:\program files\Common Files\Sage Software Shared\Deploymentservice.exe [2008-05-26 412304]
S2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-05-08 247320]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2009-09-30 225808]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreFlt.sys [2009-09-30 36368]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-03-05 5189992]
S3 R5U870FLx86;R5U870 UVC Lower Filter  ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-04-23 75392]
S3 R5U870FUx86;R5U870 UVC Upper Filter  ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-04-23 43904]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 31104]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2006-10-05 33792]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-03-19 807424]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2007-04-20 307984]
S3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [2007-04-04 943696]
S3 VUAgent;VUAgent;c:\program files\sony\VAIO Update 5\VUAgent.exe [2010-04-09 722288]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
bthsvcs        REG_MULTI_SZ          BthServ
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
PeerDist        REG_MULTI_SZ          PeerDistSvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{D5C02A60-3CCE-471A-AB8F-C08B2B88ACE5}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = <local>
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe



**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  UMonit = c:\windows\system32\UMonit.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="1A4981043AE4AF9564B40FD70F1E58AD33164849B6B3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CBA7FD869164D67949F413C35352D6611B51B6DBA599E8CE71EBC94BB826795AE779390BAD1AE4FA709A837E4325B2541642DAD0684FD49AD20DDD4C8DB1CE3CB992646C7D0C3D45FD0A6D56BDA6D889CCAF6379D413459FA09CCA0499B56816292DF0828DC0F1C2208A9EEE873B2BEB747743A97772E936AAA341E67E8BF0D33C534983C0097AFF242947C0E07AF5BFBC2140A98D00DB16BDBAF9ADDADB78DD09A0E5C728299FAA919BB1B22E11E5224A4371B5E3B2656BC77CD847E1A4F6AA17D495C51788550F3A86A0E7F94E8FE44DAB68BB4E78482F4DB14712BA1CDEFE0DCB7C3F1337DE5CE125EBA137531213E585C1882CEE39E00EBFA985FF92E4E1D2D1E6502CC59538F7AC92A619C4C594C12E8A43DA9B7F5980EEBD4A49E1D9A38E6B436C120A597DD89D10CFEE7C1AFF9010EB7EFF52437D3ACC9A79CCFFECCE983294E88CDA014B46B123196774E8C2A24F2FBBB76037694B7E6347B90EAC0BC041DEBBCB93E0CE5D2160F66B1E2408F7B32C05130612C941F8CC289A6A9B78FEBA46DDD0DA62C13F163C0C0BFA37CB40E5CF9F8EE8131645D75BEA29E3AD694C3C9597CB2B37FB4046C038C8DE857F46573BB0F40D8C6E2E9523837C74FA4541508583DDB777896449DB843CCBFCB808EED4382F5901048C4C6E24B33CF0F27F1D1B8DAFAB2EB587254E673F367B7DE9B386FD4A586149C706B17F7BAD5E43DEB0C68214A5F13EE54E1383FB957DDE5A130411FAB4CBEBE734CD0E8F7AFDC991C8E7F72C5A70C20338DF9DD1EB4E345B92A628C23A65E5E58E9305FCA608C131EA73443ABEBD709DA901F97DF5E55FA84EA9ADBF090A7842EB5772D559EF2D29098E41D01BD5C991B1ABB4D05639F5DA02FDBDFB836B188089A103D7F54EED89894121E0F66E115CAC90CEED6091614B4A53781677977987B74868AF39FC479DBC6E0766162971441376B04E2C76F9D6A72633A29F0D7B7A21188A523541E57864A9A6B475F0D005A6D5EA6F84CC349EEAABC9A706397BA1FB66CB33E7986714A322B57D541B81B786808843077943C765AC045F352DD4B8F9CA8EABDC6EE15598224A6E49FF3787E1B35615FDB41EF320193F02E6B35E69EED58995DAD2BE36A333A5A90467B0057EBD191A54413B05F8FFA6ADB178DDFF24CBD1F9ACE73553A334608B9B3F1ECECB47001E22CB11F3A70E28F806DBB5CBE4A3B6F3A01E4350961C45A831EDBCEB143C5AC3DC4ADAF85FA59D4E1BBF3D5B271D892C15080A11994D70D56E9A28A9A59AD271EF1F8AB840112C08884D31A85BCC2277D79A80D3316"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'Explorer.exe'(824)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\PGPfsshl.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\applaun.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\biokmd.dll
c:\program files\Protector Suite QL\bioset.dll
c:\program files\Protector Suite QL\calibset.dll
c:\program files\Protector Suite QL\capikey.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\devinsp.dll
c:\program files\Protector Suite QL\enrset.dll
c:\program files\Protector Suite QL\fdhome.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\infcore.dll
c:\program files\Protector Suite QL\lgnset.dll
c:\program files\Protector Suite QL\ms2fs.dll
c:\program files\Protector Suite QL\navset.dll
c:\program files\Protector Suite QL\ntrucore.dll
c:\program files\Protector Suite QL\otp.dll
c:\program files\Protector Suite QL\otprsa.dll
c:\program files\Protector Suite QL\provider.dll
c:\program files\Protector Suite QL\psqltray.dll
c:\program files\Protector Suite QL\psuiteax.dll
c:\program files\Protector Suite QL\pwdbank.dll
c:\program files\Protector Suite QL\pwdkmd.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\program files\Protector Suite QL\secuset.dll
c:\program files\Protector Suite QL\sndset.dll
c:\program files\Protector Suite QL\sysset.dll
c:\program files\Protector Suite QL\tbxset.dll
c:\program files\Protector Suite QL\tpminit.dll
c:\program files\Protector Suite QL\tpmkey.dll
c:\program files\Protector Suite QL\tsscore.dll
c:\program files\Protector Suite QL\vtapipql.dll
c:\program files\PGP Corporation\PGP Desktop\PGPwipe.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\system32\LF2GPPOW.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PGPserv.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\stacsv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\sony\VAIO Event Service\VESMgr.exe
c:\program files\sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\TEMP\PSD7A3.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe
c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\windows\system32\conime.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Companion Suite Pro LL2\MFServices.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-26  07:58:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-26 05:58

Vor Suchlauf: 18 Verzeichnis(se), 72.334.917.632 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 72.037.392.384 Bytes frei

- - End Of File - - 08C2A1F2C3ECFFA3A3434EE550C6E661
--- --- ---


Ich habe den Eindruck, einige Prozesse laufen jetzt etwas schneller und vor allem merkt sich Windows jetzt die letzten Einstellung für den Hauptmonitor bei angeschlossenem externen Bildschirm.

Falls Du Ernst machst und mein Problem nicht weiter bearbeitest - vielen Dank für die Hilfe bis hierher und weiter so!

:dankeschoen:

Gruß
Thomas

cosinus 26.08.2010 13:00
Nun können wir auch weitermachen, ich hasse halbe Sachen :D

Zitat:
FW: Trend Micro Personal Firewall
Würde ich deinstallieren, sind üble Systembremsen und PFWs haben sonst auch viele Nachteile. Nutze die Windows-Firewall.

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Seebär 26.08.2010 23:43
Hallo Arne,

schön von Dir zu hören. Ich hatte schon befürchtet, jetzt wieder allein im Wald zu stehen.

Als erstes habe ich heute Abend eine Vollsichrung angefertigt, damit nichts anbrennt. Trend Micro wurde vom Systemadministrator installiert und unterliegt wohl einer Gruppenrichtlinie. Da komme ich nicht ran. Ich müsste höchstens nach jedem Start die Dienste beenden.

Die drei Scanns liefen ohen Probleme. Hier sind die Ergebnisse:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:30:24 on 27.08.2010

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "PGP Corporation" - C:\Windows\System32\PGPmapih.dll

[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "O&O Software GmbH" - C:\Windows\system32\OODBS.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"GtmNicApp.cpl" - ? - C:\Windows\system32\GtmNicApp.cpl
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl
"odbccp32.cpl" - "Microsoft Corporation" - C:\Windows\system32\odbccp32.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\Windows\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\Windows\System32\DRIVERS\tifsfilt.sys
"catchme" (catchme) - ? - C:\CoFi\catchme.sys  (File not found)
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kxldrpob" (kxldrpob) - ? - C:\Users\meyer\AppData\Local\Temp\kxldrpob.sys  (Hidden registry entry, rootkit activity | File not found)
"PCASp50 NDIS Protocol Driver" (PCASp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\System32\drivers\PCASp50.sys
"PCTINDIS5 NDIS Protocol Driver" (PCTINDIS5) - ? - C:\Windows\system32\PCTINDIS5.SYS  (File not found)
"PGP File Sharing" (pgpfs) - "PGP Corporation" - C:\Windows\System32\Drivers\PGPfsfd.sys
"PGPdisk" (PGPdisk) - "PGP Corporation" - C:\Windows\system32\drivers\PGPdisk.sys
"PGPsdkDriver" (PGPsdkDriver) - "PGP Corporation" - C:\Windows\System32\Drivers\PGPsdk.sys
"PGPwded Storage Filter Service" (PGPwded) - "PGP Corporation" - C:\Windows\system32\drivers\PGPwded.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys
"Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys
"Sony HDD Protection Filter Driver" (shpf) - "Sony Corporation" - C:\Windows\System32\DRIVERS\shpf.sys
"Sony Image Conversion Filter Driver" (SonyImgF) - "Sony Corporation" - C:\Windows\System32\DRIVERS\SonyImgF.sys
"swmsflt" (swmsflt) - ? - C:\Windows\System32\drivers\swmsflt.sys
"tmcomm" (tmcomm) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmcomm.sys
"Trend Micro Filter" (TmFilter) - "Trend Micro Inc." - C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
"Trend Micro PreFilter" (TmPreFilter) - "Trend Micro Inc." - C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
"Trend Micro VSAPI NT" (VSApiNt) - "Trend Micro Inc." - C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
"TTUSB2BDA USB 2.0 Driver" (TTUSB2BDA) - "TechnoTrend GmbH" - C:\Windows\System32\DRIVERS\ttusb2bda.sys
"Virtual BDA DVB Network Adapter" (TTNDSBDA_VISTA) - "TechnoTrend" - C:\Windows\System32\DRIVERS\ttndsbda_vista.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Windows\system32\TosBtExt.dll
{89eaee46-ddee-4fef-88b7-d76b9aba8206} "PGP Shredder" - "PGP Corporation" - C:\Program Files\PGP Corporation\PGP Desktop\PGPwipe.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - ? - C:\Program Files\7-Zip\7-zip.dll
{055EF591-5C38-49a0-9BDA-51B1D69D0BF4} "@C:\Program Files\Protector Suite QL\farchns.dll,-4263" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Windows\system32\TosBtExt.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\NAMEEXT.DLL
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{EBD410E6-AC4A-4162-ABFA-33A6D37EC0DF} "PGP Filesharing CopyHook" - "PGP Corporation" - C:\Windows\system32\PGPfsshl.dll
{969223c0-26aa-11d0-90ee-444553540000} "PGP Shell Extension" - "PGP Corporation" - C:\Windows\system32\PGPmn.dll
{9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "Safearchive ContextMenu Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} "Safearchive ExtractIcon Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{66C99756-1C92-4d3e-BA69-9400A6F731F5} "Safearchive PropertySheetHandler Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{E6BB2089-163F-466B-812A-748096614DFD} "CAScanner Control" - "CA" - C:\Windows\DOWNLO~1\CASCAN~1.OCX / hxxp://cainternetsecurity.net/scanner/cascanner.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "Eset" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{E601996F-E400-41CA-804B-CD6373A7EEE2} "ClsidExtension" - "kikin" - C:\Program Files\kikin\ie_kikin.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{77BF5300-1474-4EC7-9980-D32B190E9B07} "ClsidExtension" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle" - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{E601996F-E400-41CA-804B-CD6373A7EEE2} "kikin Plugin" - "kikin" - C:\Program Files\kikin\ie_kikin.dll
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - C:\Windows\system32\relog_ap.dll
"Notification packages" - "PGP Corporation" - C:\Windows\system32\PGPpwflt.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"SmartClock.exe - Verknüpfung.lnk" - "Pavel Chmelař" - C:\Program Files\uhr\smclk13\SmartClock.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
"ScanSnap Manager.lnk" - "PFU LIMITED" - C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe"
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"Shockwave Updater" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30618)" -"hxxp://www.k�chen-quelle.de/onlineplaner/Quelle_Kuechenplaner_neu.php?session_id=fb33b8f22ed1e095b37f43b591d06d2a"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"DRCU" - "Sony Corporation" - "C:\Program Files\Sony\DRCU\DRCU.exe"
"IndexSearch" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
"ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"MFFSum_Pro_LL2" - ? - "C:\Program Files\Companion Suite Pro LL2\MFFSUM.exe"
"MFPrintServer_Pro_LL2" - ? - "C:\Program Files\Companion Suite Pro LL2\MFPrintServer.exe"
"OfficeScanNT Monitor" - "Trend Micro Inc." - "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
"OODefragTray" - "O&O Software GmbH" - C:\Windows\system32\oodtray.exe
"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
"PSQLLauncher" - "UPEK Inc." - "C:\Program Files\Protector Suite QL\launcher.exe" /startup
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TrueImageMonitor.exe" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
"UMonit" - ? - C:\Windows\system32\UMonit.exe
"VAIOCameraUtility" - "Sony Corporation" - "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
"WWAN_reminder" - "NSCE" - C:\Program Files\Sony\WWAN\WWAN_reminder.exe

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"PGPpwflt" - "PGP Corporation" - C:\Windows\system32\PGPpwflt.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll
"Companion Suite Pro LL2 Fax Port Monitor" - "OEM" - C:\Windows\system32\cspll2p.dll
"Companion Suite Pro LL2 TCP/IP Monitor" - "Microsoft Corporation" - C:\Windows\system32\LF2PM.DLL
"LF2GPPJL" - ? - C:\Windows\system32\LF2GPPJL.DLL  (File signed by Microsoft | File found, but it contains no detailed information)
"PDF-XChange" - "Tracker Software" - C:\Windows\system32\pxc25pm.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
"Adobe Active File Monitor V5" (AdobeActiveFileMonitor5.0) - ? - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"gateProtect VPN Service" (GPVPNService) - ? - C:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe
"GtDetectSc Service" (gtdetectsc) - "OptionNV" - C:\Windows\system32\gtdetectsc.exe
"GtFlashSwitch" (GtFlashSwitch) - "OptionNV" - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"LiveUpdateInstaller" (LiveUpdateInstaller) - "Sage Software" - C:\Program Files\Common Files\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\sony\Network Utility\NSUService.exe
"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\Windows\system32\oodag.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"OfficeScan NT Firewall" (TmPfw) - "Trend Micro Inc." - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
"OfficeScan NT Listener" (tmlisten) - "Trend Micro Inc." - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
"OfficeScan NT Proxy Service" (TmProxy) - "Trend Micro Inc." - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
"OfficeScanNT Echtzeitsuche" (ntrtscan) - "Trend Micro Inc." - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
"PACSPTISVR" (PACSPTISVR) - ? - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
"PGPserv" (PGPserv) - "PGP Corporation" - C:\Windows\system32\PGPserv.exe
"Sage Registrierungsdienst" (Registry) - "Sage Software" - C:\Program Files\Common Files\Sage KHK Shared\Registry.exe
"Sage Verteilungsdienst" (SageDeploymentService) - "Sage Software" - C:\Program Files\Common Files\Sage Software Shared\Deploymentservice.exe
"Seagate Sync Service" (Seagate Sync Service) - "Seagate Technology LLC" - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Session Launcher Service" (FUSServices) - ? - C:\Windows\system32\FUSServices.exe  (File found, but it contains no detailed information)
"SonicStage Back-End Service" (SonicStage Back-End Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
"SonicStage SCSI Service" (SSScsiSV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
"SQL Server (MSSQLSERVER)" (MSSQLSERVER) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server Analysis Services (MSSQLSERVER)" (MSSQLServerOLAPService) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
"SQL Server Integration Services" (MsDtsServer) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Agent (MSSQLSERVER)" (SQLSERVERAGENT) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
"SQL Server-Volltextsuche (MSSQLSERVER)" (msftesql) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"Usbest Service Zero" (UTSCSI) - ? - C:\Windows\system32\UTSCSI.EXE
"VAIO Content Folder Watcher" (VCFw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
"VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
"VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
"VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
"VAIO Media Content Collection" (VAIOMediaPlatform-UCLS-AppServer) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
"VAIO Media Content Collection (HTTP)" (VAIOMediaPlatform-UCLS-HTTP) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
"VAIO Media Content Collection (UPnP)" (VAIOMediaPlatform-UCLS-UPnP) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
"VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
"VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
"VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
"VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
"VUAgent" (VUAgent) - "Sony Corporation" - C:\Program Files\sony\VAIO Update 5\VUAgent.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"GinaDLL" - ? - vrlogon.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"psfus" - "UPEK Inc." - C:\Program Files\Protector Suite QL\psqlpwd.dll
"VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"PGPlsp" - "PGP Corporation" - C:\Windows\system32\PGPlsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


GMER Logfile:
Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-27 00:17:07
Windows 6.0.6002 Service Pack 2
Running: tu6v2ce0.exe; Driver: C:\Users\meyer\AppData\Local\Temp\kxldrpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                            section is writeable [0x8C008340, 0x3441C7, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [73F57817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                [73FAA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]            [73F5BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]      [73F4F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                [73F575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [73F4E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73F88395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]    [73F5DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]            [73F4FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [73F4FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]              [73F471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]      [73FDCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [73F7C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]            [73F4D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                      [73F46853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [73F4687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]        [73F52AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device                                                                                                              Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy1                                                    snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy1                                                    timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                              tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Incorporated.)

Device                                                                                                              rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                              timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                              timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                              timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                              timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                              timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\tdx \Device\Udp                                                                              tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Incorporated.)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                               
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION                1A4981043AE4AF9564B40FD70F1E58AD33164849B6B3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CBA7FD869164D67949F413C35352D6611B51B6DBA599E8CE71EBC94BB826795AE779390BAD1AE4FA709A837E4325B2541642DAD0684FD49AD20DDD4C8DB1CE3CB992646C7D0C3D45FD0A6D56BDA6D889CCAF6379D413459FA09CCA0499B56816292DF0828DC0F1C2208A9EEE873B2BEB747743A97772E936AAA341E67E8BF0D33C534983C0097AFF242947C0E07AF5BFBC2140A98D00DB16BDBAF9ADDADB78DD09A0E5C728299FAA919BB1B22E11E5224A4371B5E3B2656BC77CD847E1A4F6AA17D495C51788550F3A86A0E7F94E8FE44DAB68BB4E78482F4DB14712BA1CDEFE0DCB7C3F1337DE5CE125EBA137531213E585C1882CEE39E00EBFA985FF92E4E1D2D1E6502CC59538F7AC92A619C4C594C12E8A43DA9B7F5980EEBD4A49E1D9A38E6B436C120A597DD89D10CFEE7C1AFF9010EB7EFF52437D3ACC9A79CCFFECCE983294E88CDA014B46B123196774E8C2A24F2FBBB76037694B7E6347B90EAC0BC041DEBBCB93E0CE5D2160F66B1E2408F7B32C05130612C941F8CC289A6A9B78FEBA46DDD0DA62C13F163C0C0BFA37CB40E5CF9F8EE8131645D75BEA29E3AD694C3C

---- EOF - GMER 1.0.15 ----
--- --- ---


Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows Vista Business Edition Service Pack 2 (build 6002)
, 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`54100000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...


Gruß
Thomas

cosinus 27.08.2010 10:19
Scheint ok zu sein.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Seebär 27.08.2010 20:39
Hallo Arne,

Scan ausgeführt. Ich habe jetzt 3x versucht, die Dateien mit copy and paste einzufügen. Sie waren aber zu lang. Darum muss ich sie als zip hochladen.

Anhang 8487

Gruß
Thomas

cosinus 27.08.2010 21:38
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Seebär 28.08.2010 23:30
Hallo Arne,

tut gut, zu hören, dass alles wieder sauber aussieht. Und wenn dann der Rechner auch noch den Eindruck macht, dass er problemlos läuft - noch viel besser.

Ich habe die Scanns gemacht hänge hier die Logs an.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4495

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

28.08.2010 20:01:57
mbam-log-2010-08-28 (20-01-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 370403
Laufzeit: 1 Stunde(n), 19 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\gugii.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.


und

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/28/2010 at 11:28 PM

Application Version : 4.42.1000

Core Rules Database Version : 5424
Trace Rules Database Version: 3236

Scan type : Complete Scan
Total Scan Time : 01:11:50

Memory items scanned : 1016
Memory threats detected : 0
Registry items scanned : 15195
Registry threats detected : 0
File items scanned : 45246
File threats detected : 227

Adware.Tracking Cookie
C:\Users\meyer\AppData\Roaming\Microsoft\Windows\Cookies\meyer@atdmt[2].txt
C:\Users\meyer\AppData\Roaming\Microsoft\Windows\Cookies\meyer@doubleclick[1].txt
imagesrv.adition.com [ C:\Users\meyer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LQ79PG5T ]
C:\Users\meyer\AppData\Roaming\Microsoft\Windows\Cookies\meyer@atdmt[1].txt
.hitbox.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.ehg.hitbox.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.hitbox.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.specificclick.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
1at.cqcounter.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.adtech.de [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.clickbank.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
ad.adserver01.de [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.2o7.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
track.webtrekk.de [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.adfarm1.adition.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
ad2.adfarm1.adition.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
ad3.adfarm1.adition.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.atdmt.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.atdmt.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.zanox.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.adbrite.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.adbrite.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.adbrite.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.adbrite.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.adecn.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
ad.zanox.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
tracking.mlsat02.de [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.specificclick.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.specificclick.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.specificclick.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.specificclick.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.specificclick.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.specificclick.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.adviva.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.collective-media.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.collective-media.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.apmebf.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.collective-media.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.collective-media.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.revsci.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.revsci.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.revsci.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.revsci.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.fastclick.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.fastclick.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.revsci.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.revsci.net [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
adx.chip.de [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
adfarm1.adition.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.unitymedia.de [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.unitymedia.de [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.zanox-affiliate.de [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\bt7h9ath.default\cookies.sqlite ]
cdn5.specificclick.net [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2VEL8LL3 ]
hottraffic.nl [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2VEL8LL3 ]
imagesrv.adition.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2VEL8LL3 ]
media.mtvnservices.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2VEL8LL3 ]
pornme.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2VEL8LL3 ]
secure-us.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2VEL8LL3 ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxcenter[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@a.revenuemax[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@im.banner.t-online[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@exoclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[10].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[11].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartadserver[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartadserver[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[9].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[8].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[7].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[6].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking1.aleadpay[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[9].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[8].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[7].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[6].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adc-serv[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.immobilienscout24[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adcloudmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@track.effiliation[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adcloudmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@track.effiliation[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[10].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxcenter[7].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxcenter[6].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxcenter[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxcenter[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxcenter[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[11].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.etracker[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@server.iad.liveperson[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad-hoc-news[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yadro[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad-hoc-news[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[9].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[8].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[6].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[9].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liveperson[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[8].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[7].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[6].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.hannoversche[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.glispa[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ww251.smartadserver[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ww251.smartadserver[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[7].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.quisma[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.quisma[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.zanox-affiliate[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[7].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statse.webtrendslive[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.brandwire[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.ad-srv[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[10].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffictrack[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffictrack[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox-affiliate[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox-affiliate[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffictrack[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffictrack[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffictrack[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@unitymedia[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.searchmirror[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@unitymedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[1].txt

Trojan.Agent/Gen-ZBot
C:\USERS\DEFAULT\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\UXOLEL.EXE

Gruß
Thomas

cosinus 29.08.2010 10:21
Mir ist vorhin ein kleiner Fehler unterlaufen. Mach nochmal bitte einen Customscan, ich hatte da vorhin eine Zeile vergessen:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Seebär 30.08.2010 19:32
Hallo Arne,

hier die Log-Files des letzten Scanns:

Anhang 8539

Wegen der Textlänge musste ich Sie wieder zippen.


Gruß
Thomas

cosinus 30.08.2010 19:44
Sieht ok aus.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Seebär 01.09.2010 12:19
Ne, nix Neues. Nur das Problem mit denTastaturanschlägen ist noch vorhanden. Ich hatte es glaube in meiner ersten Meldung schon mal angesprochen. Hin und wieder werden Tastenanschläge sinnlos oft wiederholt. Es kann aber nicht an der Tastatur liegen, da der Effekt sowohl mit der internen als auch mit verschiedenen externen Tastaruen auftritt.

Ansonsten sieht es wieder richtig gut aus. Keine Host-Meldungen oder Explorer-Abbrüche mehr. Herzlichen Dank für die tolle Hilfe!:party:

Mal abgesehen von dem ComboFix, vor dessen Anwendung durch Ungelernte ja ausdrücklich gewarnt wurde; kann ich die anderen Scanner, die wir bis hierher benutzt haben, eigentlich auch so für regelmäßige Scanns verwenden? Die meisten haben die gefundenen Viren oder Würmer ja auch entfernt.

Gruß
Thomas

cosinus 01.09.2010 13:52
Zitat:
Nur das Problem mit denTastaturanschlägen ist noch vorhanden.
Andere Tastatur nochmal getestet?

Zitat:
kann ich die anderen Scanner, die wir bis hierher benutzt haben, eigentlich auch so für regelmäßige Scanns verwenden? Die meisten haben die gefundenen Viren oder Würmer ja auch entfernt.
Würd ich nur mit Malwarebytes machen...


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:34 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131