Trojaner-Board - Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte (https://www.trojaner-board.de/98608-trojaner-kazy-mekml-kein-zugriff-mehr-festplatte.html)

Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte

Hallo,

ich habe mir den Kazy Trojaner auf meinem Laptop eingefangen. Der Dektophintergrund ist schwarz, alle Icons sind verschwunden bis auf den Browser und den Papierkorb, Antivir hat mir den Trojaner gemeldet und ein löschen blieb erfolglos.
Es kam eine Meldung das meine Festplatte beschädigt sei und ein Zugriff auf die Daten war auch nicht mehr möglich.

Ich habe dann Malwarebytes installiert und einen Vollscan durchgeführt. Dabei ist der Rechner einmal abgestürtzt. Ich habe dann nach dem ersten Fund abgebrochen und den Fund löschen lassen und den Scan erneut durchgeführt. Es wurden weitereInfizierte Objekte gefunden welche dann gelöscht wurden.

Der Desktop ist immer noch schwarz und es ist kein Zugriff auf meine Daten möglich.

Ich bitte um Hilfe und bedanke mich schonmal!!

(edit: Ich habe Windows Vista als Betreibssystem)

Hier die Malware Logs:

Erstes

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
c:\programdata\vkecjcxhfiqs.exe (Trojan.FakeAlert) -> 3572 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vKECjCxHfiQS (Trojan.FakeAlert) -> Value: vKECjCxHfiQS -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\vkecjcxhfiqs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Zweites (mit unkenntlich gemachtem Namen):

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 602190
Laufzeit: 5 Stunde(n), 23 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\Z48TH845\contacts[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\Desktop\papierkorb\unbekannte dateien\refog_setup_free_kl_520.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
c:\Users\***\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\spyware protection .lnk (Malware.Trace) -> Quarantined and deleted successfully.

Warum postest du die Logs unvollstöndig?? :balla:
Der Kopf der Logs von Malwarebytes mit den Versions- und Datumsangaben fehlt!

Hopla :stirn:
Hier dann nochmal komplett

Erstes:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6447

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

26.04.2011 18:15:25
mbam-log-2011-04-26 (18-15-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 3073
Laufzeit: 5 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
c:\programdata\vkecjcxhfiqs.exe (Trojan.FakeAlert) -> 3572 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vKECjCxHfiQS (Trojan.FakeAlert) -> Value: vKECjCxHfiQS -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\vkecjcxhfiqs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Zweites:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6447

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

26.04.2011 18:24:51
mbam-log-2011-04-26 (18-24-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 602190
Laufzeit: 5 Stunde(n), 23 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\Z48TH845\contacts[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\Desktop\papierkorb\unbekannte dateien\refog_setup_free_kl_520.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
c:\Users\***\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\spyware protection .lnk (Malware.Trace) -> Quarantined and deleted successfully.

Zitat:

Datenbank Version: 6447

Scheint ein bisschen älter zu sein. Wir sind bei Version 6497.
Bitte Malwarebytes updaten und einen Vollscan machen.

Hey, schonmal vielen Dank für deine Antwort, hab aktualisiert und den Vollscan durchgeführt, es wurde diesmal nichts gefunden:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6499

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

04.05.2011 01:54:43
mbam-log-2011-05-04 (01-54-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 603533
Laufzeit: 5 Stunde(n), 59 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Ich habe jetzt noch einen Scan mit OTL gemacht:

Extras Log:
OTL Logfile:

Code:

OTL Extras logfile created on: 04.05.2011 13:29:57 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 179,07 Gb Total Space | 13,36 Gb Free Space | 7,46% Space Free | Partition Type: NTFS

 

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{3300517A-18CA-4C49-A8F6-22C64CBB10D5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{37931F2E-5E5B-4179-A324-27522094BD99}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{38CA6172-9A3C-42C1-80A8-C8F241A48482}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{66F5A17C-FCCC-4615-8068-93BAE605B294}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{69E717C6-D0B8-469D-A090-52900169C48A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{6DFF8E62-72FA-4F9E-9FD4-726915A79094}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{777A0447-8911-4CA1-AB8F-4024E030BE85}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{7E8A69E3-D36F-417C-A867-A30C11FDA8F8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{97F9A59A-745C-4987-8417-D5312C694D4B}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 

"{C683BD32-19CB-4FF7-BA15-548A29B8D4D0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{C88D3E50-6DBC-4464-A6A9-4DB4F56FC154}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{ECD9D5EB-C038-4852-AD61-E4273E6E9191}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 

"{F1593094-AD4C-4CE4-B4B7-AEA744C3E4DE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{F42A058F-ECCE-4BDC-8394-D3D2BDF1C901}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{F73A1C7B-C154-4851-8E5A-25FD8E0AED4D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{FF31A69A-502C-43F4-923C-61DA6E545832}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"TCP Query User{721B2824-BD89-44C1-889F-CCA626A7A37E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 

"UDP Query User{6A2ADD78-24DE-40AA-B510-74B31AE4898A}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0

"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library

"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23

"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder

"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper

"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360

"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet

"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4

"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23

"{374F03BB-9C09-4DB3-9C9B-C71E63292950}" = Google Earth

"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon

"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector

"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360

"{46008F4B-A8C3-4282-ACE3-73821F860911}" = OpenOffice.org 2.4

"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component

"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works

"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox

"{4FE315B7-4634-4587-80FF-D40BF0989567}" = Wolfram Notebook Indexer 2.0

"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0

"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0

"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool

"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0

"{59061D20-CFC3-4C2E-8B41-9243678ACE8D}" = 54M Wireless

"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer  VAIO Content Exporter

"{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}" = VAIO Content Metadata XML Interface Library

"{6110F38A-5BE6-4199-AC96-D2DD6B4A3ADE}" = VAIO Content Metadata Intelligent Analyzing Manager

"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio

"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter

"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform

"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data

"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit

"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8CD925C9-BA3C-4955-9FC8-B1AB729AF874}" = Symantec Real Time Storage Protection Component

"{8FC56444-161D-43B4-A662-F18F2E4A2A32}" = VAIO Content Metadata Manager Setting

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls

"{92F8615C-43B7-4925-8457-B6D004E8D478}" = VAIO Content Metadata XML Interface Library

"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper

"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper

"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music

"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins

"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO

"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting

"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series

"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.1 - Deutsch

"{AD6ACA58-30FE-4336-A5B0-461FD60AF727}" = FileOpen Client

"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0

"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" = 

"{B0255743-165B-4BD5-8DA8-37DFB993B201}" = Norton Save and Restore

"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290

"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story

"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home

"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda Standard V5.7.1

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{DBC658BB-C766-4852-8DBA-7E1DBFBC9D36}" = Wolfram Mathematica 6

"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter

"{E4D96ABB-E0D8-4CA4-856E-A2703F5490F0}" = VAIO Content Metadata Intelligent Analyzing Manager

"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio

"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00

"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool

"{EBE55E74-AF94-47BB-849B-C79F236C65F4}" = VAIO Movie Story

"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore

"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV

"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager

"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Age of Empires 2.0" = Microsoft Age of Empires II

"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus

"Atlantis - Sky Patrol" = Atlantis - Sky Patrol (remove only)

"Big Fish Games Center" = Big Fish Games Center

"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"Cave Story" = Cave Story

"Celestia_is1" = Celestia 1.5.1

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP

"Command & Conquer 95" = Command & Conquer Windows 95

"DAEMON Tools Lite" = DAEMON Tools Lite

"DPP" = Canon Utilities Digital Photo Professional 3.9

"dt icon module" = 

"eBay HTML" = 

"EOS Utility" = Canon Utilities EOS Utility

"Funkyplot_is1" = Funkyplot 1.1.0-pre1

"Google Desktop" = Google Desktop

"gtfirstboot Setting Request" = 

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

"InstallShield_{DBC658BB-C766-4852-8DBA-7E1DBFBC9D36}" = Wolfram Mathematica 6

"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)

"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MatlabR2009a" = MATLAB R2009a

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mobile Partner" = Mobile Partner

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)

"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin

"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)

"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01

"Original Data Security Tools" = Canon Utilities Original Data Security Tools

"PhotoStitch" = Canon Utilities PhotoStitch

"Picasa2" = Picasa 2

"Picture Style Editor" = Canon Utilities Picture Style Editor

"R for Windows 2.12.2_is1" = R for Windows 2.12.2

"Red Alert" = Red Alert Windows 95

"scilab-5.3.0_is1" = scilab-5.3.0

"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

"Skype_is1" = Skype 3.2

"StarCraft" = StarCraft

"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)

"UT2003" = Unreal Tournament 2003

"VAIO Help and Support" = 

"VAIO MFU Module" = 

"Virtual Villagers" = Virtual Villagers (remove only)

"Warcraft III" = Warcraft III

"WFTK" = Canon Utilities WFT Utility

"WinGimp-2.0_is1" = GIMP 2.6.11

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Download Agent" = Download Agent

"TeXLive2010" = TeX Live 2010

"ubivent" = ubivent

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 26.10.2010 18:36:10 | Computer Name = ***-PC | Source = WerSvc | ID = 5007

Description = 

 

Error - 27.10.2010 05:10:54 | Computer Name = ***-PC | Source = VzCdbSvc | ID = 7

Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})

 (Fehlercode = 0x80042019)

 

Error - 27.10.2010 06:10:39 | Computer Name = ***-PC | Source = WerSvc | ID = 5007

Description = 

 

Error - 27.10.2010 18:30:47 | Computer Name = ***-PC | Source = VzCdbSvc | ID = 7

Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})

 (Fehlercode = 0x80042019)

 

Error - 28.10.2010 03:03:25 | Computer Name = ***-PC | Source = WerSvc | ID = 5007

Description = 

 

Error - 28.10.2010 04:51:44 | Computer Name = ***-PC | Source = VzCdbSvc | ID = 7

Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})

 (Fehlercode = 0x80042019)

 

Error - 28.10.2010 05:51:12 | Computer Name = ***-PC | Source = WerSvc | ID = 5007

Description = 

 

Error - 28.10.2010 19:09:09 | Computer Name = ***-PC | Source = VzCdbSvc | ID = 7

Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})

 (Fehlercode = 0x80042019)

 

Error - 28.10.2010 20:34:35 | Computer Name = ***-PC | Source = WerSvc | ID = 5007

Description = 

 

Error - 29.10.2010 10:26:11 | Computer Name = ***-PC | Source = VzCdbSvc | ID = 7

Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})

 (Fehlercode = 0x80042019)

 

[ OSession Events ]

Error - 13.03.2009 01:51:34 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 42733

 seconds with 22140 seconds of active time.  This session ended with a crash.

 

Error - 15.06.2009 17:21:15 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session 

lasted 24277 seconds with 5520 seconds of active time.  This session ended with 

a crash.

 

Error - 17.01.2011 09:31:57 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7074

 seconds with 2760 seconds of active time.  This session ended with a crash.

 

Error - 24.01.2011 19:55:11 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 

lasted 1529 seconds with 480 seconds of active time.  This session ended with a 

crash.

 

Error - 25.01.2011 14:44:19 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 

lasted 1969 seconds with 660 seconds of active time.  This session ended with a 

crash.

 

[ System Events ]

Error - 03.05.2011 16:28:23 | Computer Name = ***-PC | Source = atapi | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

 

Error - 03.05.2011 19:55:30 | Computer Name = ***-PC | Source = Server | ID = 2505

Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht

 \Device\NetBT_Tcpip_{2B918E30-8F15-45AA-9E96-DD229AFF4A79} vom Serverdienst nicht

 gebunden werden. Der Serverdienst konnte nicht gestartet werden.

 

Error - 03.05.2011 19:55:29 | Computer Name = ***-PC | Source = netbt | ID = 4321

Description = Der Name "***-PC       :0" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.100

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 03.05.2011 19:55:29 | Computer Name = ***-PC | Source = netbt | ID = 4321

Description = Der Name "***-PC       :0" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.100

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 03.05.2011 19:55:30 | Computer Name = ***-PC | Source = netbt | ID = 4321

Description = Der Name "***-PC       :20" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.100

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 03.05.2011 20:02:40 | Computer Name = ***-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 04.05.2011 05:16:09 | Computer Name = ***-PC | Source = HTTP | ID = 15016

Description = 

 

Error - 04.05.2011 05:17:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 04.05.2011 05:18:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 04.05.2011 05:18:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000

Description = 

 

 

< End of report >

--- --- ---

OTL Log:
OTL Logfile:

Code:

OTL logfile created on: 04.05.2011 13:29:56 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 179,07 Gb Total Space | 13,36 Gb Free Space | 7,46% Space Free | Partition Type: NTFS

 

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)

PRC - C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)

PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)

SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)

SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)

SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)

SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)

SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)

SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)

SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)

SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)

SRV - (Norton Save and Restore) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe (Symantec Corporation)

SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100306.004\NAVENG.SYS (Symantec Corporation)

DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20100224.001\IDSvix86.sys (Symantec Corporation)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)

DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)

DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)

DRV - (SYMIDS) -- C:\Windows\System32\Drivers\SYMIDS.SYS (Symantec Corporation)

DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)

DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (symsnap) -- C:\Windows\system32\DRIVERS\symsnap.sys (StorageCraft)

DRV - (v2imount) -- C:\Windows\System32\drivers\v2imount.sys (Symantec Corporation)

DRV - (VProEventMonitor) -- C:\Windows\System32\drivers\vproeventmonitor.sys (Symantec Corporation)

DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)

DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)

DRV - (MTOnlPktAlyX) -- C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO | Welcome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO | Welcome

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://apod.nasa.gov/apod/archivepix.html"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.04 01:56:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.04 01:56:27 | 000,000,000 | ---D | M]

 

[2011.04.13 12:37:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2011.04.13 12:37:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.05.03 18:28:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c3y38vxv.default\extensions

[2010.11.12 01:40:20 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c3y38vxv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.01.09 00:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2011.01.09 00:28:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.01.09 00:27:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.03.21 11:04:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.03.21 11:04:30 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.03.21 11:04:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.03.21 11:04:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.03.21 11:04:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)

O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Norton Save and Restore 2.0] C:\Program Files\Norton Save and Restore\Agent\VProTray.exe (Symantec Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.94.127.196

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)

O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{388501fa-094c-11e0-9129-001b77ecc0cf}\Shell - "" = AutoRun

O33 - MountPoints2\{388501fa-094c-11e0-9129-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{3885022b-094c-11e0-9129-001b77ecc0cf}\Shell - "" = AutoRun

O33 - MountPoints2\{3885022b-094c-11e0-9129-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{442fb2f5-07be-11e0-b9bc-001b77ecc0cf}\Shell - "" = AutoRun

O33 - MountPoints2\{442fb2f5-07be-11e0-b9bc-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{442fb320-07be-11e0-b9bc-001b77ecc0cf}\Shell - "" = AutoRun

O33 - MountPoints2\{442fb320-07be-11e0-b9bc-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{4b7d6751-622b-11e0-b0da-001a801eb153}\Shell - "" = AutoRun

O33 - MountPoints2\{4b7d6751-622b-11e0-b0da-001a801eb153}\Shell\AutoRun\command - "" = G:\autorun.exe

O33 - MountPoints2\{88f05cbb-b746-11de-a80f-001a801eb153}\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu

O33 - MountPoints2\{88f05cbe-b746-11de-a80f-001a801eb153}\Shell - "" = AutoRun

O33 - MountPoints2\{88f05cbe-b746-11de-a80f-001a801eb153}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{a1cdd1fd-eced-11df-acb9-001a801eb153}\Shell - "" = AutoRun

O33 - MountPoints2\{a1cdd1fd-eced-11df-acb9-001a801eb153}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{c723bf71-0df5-11e0-afb0-001b77ecc0cf}\Shell - "" = AutoRun

O33 - MountPoints2\{c723bf71-0df5-11e0-afb0-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{c723bf7a-0df5-11e0-afb0-001b77ecc0cf}\Shell - "" = AutoRun

O33 - MountPoints2\{c723bf7a-0df5-11e0-afb0-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.05.04 11:27:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2011.05.02 18:11:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2011.05.02 18:11:01 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2011.04.26 15:02:25 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2011.04.26 15:02:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.04.26 15:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.04.26 15:02:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes

[2011.04.26 15:02:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.04.26 15:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.04.25 18:09:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch

[2011.04.18 16:49:02 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\CANON_INC

[2011.04.18 16:32:40 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\ZoomBrowser EX

[2011.04.18 16:31:55 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Canon

[2011.04.18 16:23:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\ZoomBrowser

[2011.04.18 16:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities

[2011.04.18 16:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Canon

[2011.04.18 16:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon

[2011.04.17 18:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood

[2011.04.17 18:31:50 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe

[2011.04.15 11:26:22 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\In Progress

[2011.04.15 11:24:12 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Icons Programme

[2011.04.14 03:09:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.04.13 18:15:31 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011.04.13 18:15:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011.04.13 18:15:15 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2011.04.13 18:15:14 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2011.04.13 18:14:53 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2011.04.13 18:14:41 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011.04.13 18:14:35 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2011.04.13 18:14:35 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011.04.13 18:14:34 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011.04.13 18:14:33 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011.04.13 18:14:33 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011.04.13 18:14:33 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011.04.13 18:14:33 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2011.04.13 18:14:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.04.13 18:14:31 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.04.13 18:14:18 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.04.13 18:14:15 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011.04.13 18:14:14 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011.04.13 18:03:47 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\SPR

[2011.04.13 12:37:00 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Thunderbird

[2011.04.10 13:10:58 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Westwood

[2011.04.10 13:10:43 | 000,000,000 | -H-D | C] -- C:\WESTWOOD

[2011.04.10 13:01:43 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[2011.04.10 13:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite

[2011.04.10 13:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite

[2011.04.10 13:00:54 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite

[2011.04.10 13:00:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\DAEMON Tools Lite

[2011.04.10 00:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cave Story

[2011.04.10 00:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\CaveStory - Einfach

[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.05.04 13:16:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.05.04 13:16:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.05.04 11:28:33 | 000,000,120 | ---- | M] () -- C:\Users\***\Desktop\OTL.htm

[2011.05.04 11:27:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2011.05.04 11:15:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.05.04 11:15:49 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys

[2011.05.03 16:19:26 | 400,433,473 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.04.26 15:02:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.25 21:04:36 | 000,000,392 | -H-- | M] () -- C:\ProgramData\42852104

[2011.04.21 18:41:28 | 000,061,403 | -H-- | M] () -- C:\Users\***\.recently-used.xbel

[2011.04.20 00:24:44 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.04.20 00:24:43 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.04.20 00:24:43 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.04.20 00:24:43 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.04.18 23:01:08 | 000,131,072 | -H-- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.04.15 16:00:59 | 000,570,634 | -H-- | M] () -- C:\Users\***\11.pdf

[2011.04.14 03:45:29 | 000,369,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.04.12 15:07:28 | 000,000,584 | -H-- | M] () -- C:\Users\***\Documents\grstyles.stl

[2011.04.12 13:29:02 | 000,000,009 | -H-- | M] () -- C:\Users\***\Documents\LastLab.sk

[2011.04.12 13:23:18 | 000,000,203 | -H-- | M] () -- C:\Users\***\Documents\BasicLab.sk

[2011.04.12 13:23:18 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\UserLab.sk

[2011.04.10 13:05:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2011.04.10 13:05:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2011.04.10 13:01:43 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[2011.04.10 00:17:43 | 000,101,668 | ---- | M] () -- C:\Program Files\Cave Story - Deinstaller.exe

[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.05.04 11:28:31 | 000,000,120 | ---- | C] () -- C:\Users\***\Desktop\OTL.htm

[2011.04.30 15:01:27 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys

[2011.04.26 15:02:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.25 20:46:02 | 000,000,392 | -H-- | C] () -- C:\ProgramData\42852104

[2011.04.21 18:41:28 | 000,061,403 | -H-- | C] () -- C:\Users\***\.recently-used.xbel

[2011.04.17 18:32:28 | 000,069,632 | ---- | C] () -- C:\Windows\UNINSTCC.EXE

[2011.04.15 16:00:59 | 000,570,634 | -H-- | C] () -- C:\Users\***\11.pdf

[2011.04.12 13:23:18 | 000,000,203 | -H-- | C] () -- C:\Users\***\Documents\BasicLab.sk

[2011.04.12 13:23:18 | 000,000,009 | -H-- | C] () -- C:\Users\***\Documents\LastLab.sk

[2011.04.12 13:23:18 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\UserLab.sk

[2011.04.10 13:10:58 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE

[2011.04.10 13:05:36 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2011.04.10 13:05:36 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2011.04.10 00:17:40 | 000,101,668 | ---- | C] () -- C:\Program Files\Cave Story - Deinstaller.exe

[2011.01.16 02:00:28 | 000,000,961 | -H-- | C] () -- C:\Users\***\AppData\Roaming\gnuplot_history

[2010.11.11 04:19:08 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010.11.11 04:19:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010.03.23 14:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

[2009.11.15 01:18:52 | 000,023,677 | ---- | C] () -- C:\Windows\War3Unin.dat

[2008.12.26 14:18:08 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2008.01.05 19:24:56 | 000,131,072 | -H-- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.01.05 19:24:53 | 000,000,680 | -H-- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat

[2007.08.23 07:05:00 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI

[2007.08.23 06:47:51 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll

[2007.08.23 06:40:53 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll

[2007.08.04 00:35:23 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007.08.04 00:35:23 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2007.08.04 00:35:23 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll

[2007.08.03 16:24:46 | 000,000,032 | ---- | C] () -- C:\Windows\System32\elcric.dat

[2007.07.12 22:02:46 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2007.07.12 21:59:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2007.06.11 13:09:39 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2007.06.11 13:09:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2007.06.11 13:08:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006.11.02 17:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 17:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,369,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2009.10.30 22:57:39 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Advanced Chemistry Development

[2011.04.18 16:31:55 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Canon

[2011.04.10 13:04:53 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite

[2011.01.15 16:15:24 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\FileOpen

[2011.04.21 18:41:13 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2011.04.25 16:42:16 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\ICQ

[2008.02.05 23:01:11 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\InterVideo

[2011.02.12 02:46:55 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Scilab

[2008.10.05 16:17:28 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\T-Online

[2011.04.13 12:37:00 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Thunderbird

[2011.05.04 02:02:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

Zitat:

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)

Wieso gurkst du noch mit dem SP1 und IE7 herum? :balla:
Es ist oberste Priorität, rechtzeitig die wichtigen Updates zu installieren! Kümmern wirs uns später drum, wenn wir hier durch sind!

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{388501fa-094c-11e0-9129-001b77ecc0cf}\Shell - "" = AutoRun

O33 - MountPoints2\{388501fa-094c-11e0-9129-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{3885022b-094c-11e0-9129-001b77ecc0cf}\Shell - "" = AutoRun

O33 - MountPoints2\{3885022b-094c-11e0-9129-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{442fb2f5-07be-11e0-b9bc-001b77ecc0cf}\Shell - "" = AutoRun

O33 - MountPoints2\{442fb2f5-07be-11e0-b9bc-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{442fb320-07be-11e0-b9bc-001b77ecc0cf}\Shell - "" = AutoRun

O33 - MountPoints2\{442fb320-07be-11e0-b9bc-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{4b7d6751-622b-11e0-b0da-001a801eb153}\Shell - "" = AutoRun

O33 - MountPoints2\{4b7d6751-622b-11e0-b0da-001a801eb153}\Shell\AutoRun\command - "" = G:\autorun.exe

O33 - MountPoints2\{88f05cbb-b746-11de-a80f-001a801eb153}\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu

O33 - MountPoints2\{88f05cbe-b746-11de-a80f-001a801eb153}\Shell - "" = AutoRun

O33 - MountPoints2\{88f05cbe-b746-11de-a80f-001a801eb153}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{a1cdd1fd-eced-11df-acb9-001a801eb153}\Shell - "" = AutoRun

O33 - MountPoints2\{a1cdd1fd-eced-11df-acb9-001a801eb153}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{c723bf71-0df5-11e0-afb0-001b77ecc0cf}\Shell - "" = AutoRun

O33 - MountPoints2\{c723bf71-0df5-11e0-afb0-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{c723bf7a-0df5-11e0-afb0-001b77ecc0cf}\Shell - "" = AutoRun

O33 - MountPoints2\{c723bf7a-0df5-11e0-afb0-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danke!

Ich habe alles deaktiviert und das script ausgeführt. Nach ein paar Minuten kam dann die Meldung das OTL nicht mehr funktioniert und das Programm wurde beendet. Es gab kein Log File und ich musste den Rechner neu hochfahren. Ich sehe jetzt auf meinem Desktop die Datein die vorher dort ware aber als transparente Icons.

Soll ich den Fix nochmal ausführen?

Ja wiederholen bitte

Alles klar, hab es nochmal ausgeführt und diesmal lief alles ohne Probleme.
Der Desktop ist allerdings wieder leer.

Hier das Log file:

Zitat:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{388501fa-094c-11e0-9129-001b77ecc0cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{388501fa-094c-11e0-9129-001b77ecc0cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{388501fa-094c-11e0-9129-001b77ecc0cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{388501fa-094c-11e0-9129-001b77ecc0cf}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3885022b-094c-11e0-9129-001b77ecc0cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3885022b-094c-11e0-9129-001b77ecc0cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3885022b-094c-11e0-9129-001b77ecc0cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3885022b-094c-11e0-9129-001b77ecc0cf}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{442fb2f5-07be-11e0-b9bc-001b77ecc0cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{442fb2f5-07be-11e0-b9bc-001b77ecc0cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{442fb2f5-07be-11e0-b9bc-001b77ecc0cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{442fb2f5-07be-11e0-b9bc-001b77ecc0cf}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{442fb320-07be-11e0-b9bc-001b77ecc0cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{442fb320-07be-11e0-b9bc-001b77ecc0cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{442fb320-07be-11e0-b9bc-001b77ecc0cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{442fb320-07be-11e0-b9bc-001b77ecc0cf}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b7d6751-622b-11e0-b0da-001a801eb153}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b7d6751-622b-11e0-b0da-001a801eb153}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b7d6751-622b-11e0-b0da-001a801eb153}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b7d6751-622b-11e0-b0da-001a801eb153}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88f05cbb-b746-11de-a80f-001a801eb153}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88f05cbb-b746-11de-a80f-001a801eb153}\ not found.
File G:\wubi.exe --cdmenu not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88f05cbe-b746-11de-a80f-001a801eb153}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88f05cbe-b746-11de-a80f-001a801eb153}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88f05cbe-b746-11de-a80f-001a801eb153}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88f05cbe-b746-11de-a80f-001a801eb153}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1cdd1fd-eced-11df-acb9-001a801eb153}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1cdd1fd-eced-11df-acb9-001a801eb153}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1cdd1fd-eced-11df-acb9-001a801eb153}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1cdd1fd-eced-11df-acb9-001a801eb153}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c723bf71-0df5-11e0-afb0-001b77ecc0cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c723bf71-0df5-11e0-afb0-001b77ecc0cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c723bf71-0df5-11e0-afb0-001b77ecc0cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c723bf71-0df5-11e0-afb0-001b77ecc0cf}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c723bf7a-0df5-11e0-afb0-001b77ecc0cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c723bf7a-0df5-11e0-afb0-001b77ecc0cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c723bf7a-0df5-11e0-afb0-001b77ecc0cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c723bf7a-0df5-11e0-afb0-001b77ecc0cf}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\LaunchU3.exe -a not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User

User: Public

User: ***
->Temp folder emptied: 92253 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17292522 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65476990 bytes
RecycleBin emptied: 846041820 bytes

Total Files Cleaned = 886,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05042011_160321

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JET50E.tmp not found!
File\Folder C:\Windows\temp\JET6F2.tmp not found!

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hab das Tool und unhide ausgeführt.

Das Tool hat mir nichts angezeigt was entfernt werden müsste.

Meine Ordner und Dateien sind wieder da :)
Vielen Dank!

Kann ich meine Daten in Ruhe sichern oder muss ich mir Sorgen machen das mein Datenträger infiziert werden könnte?

Hier das log file:

Zitat:

2011/05/04 17:18:47.0312 4948 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/04 17:18:47.0525 4948 ================================================================================
2011/05/04 17:18:47.0525 4948 SystemInfo:
2011/05/04 17:18:47.0525 4948
2011/05/04 17:18:47.0525 4948 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/04 17:18:47.0525 4948 Product type: Workstation
2011/05/04 17:18:47.0525 4948 ComputerName: ***-PC
2011/05/04 17:18:47.0526 4948 UserName: ***
2011/05/04 17:18:47.0526 4948 Windows directory: C:\Windows
2011/05/04 17:18:47.0526 4948 System windows directory: C:\Windows
2011/05/04 17:18:47.0526 4948 Processor architecture: Intel x86
2011/05/04 17:18:47.0526 4948 Number of processors: 2
2011/05/04 17:18:47.0526 4948 Page size: 0x1000
2011/05/04 17:18:47.0526 4948 Boot type: Normal boot
2011/05/04 17:18:47.0526 4948 ================================================================================
2011/05/04 17:19:04.0937 4948 Initialize success
2011/05/04 17:19:09.0040 5120 ================================================================================
2011/05/04 17:19:09.0040 5120 Scan started
2011/05/04 17:19:09.0040 5120 Mode: Manual;
2011/05/04 17:19:09.0040 5120 ================================================================================
2011/05/04 17:19:11.0520 5120 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/04 17:19:12.0128 5120 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/04 17:19:12.0799 5120 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/04 17:19:13.0408 5120 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/04 17:19:13.0829 5120 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/04 17:19:14.0219 5120 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/04 17:19:14.0531 5120 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/04 17:19:14.0874 5120 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/04 17:19:14.0968 5120 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/04 17:19:15.0420 5120 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/04 17:19:15.0451 5120 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/04 17:19:15.0638 5120 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/04 17:19:15.0748 5120 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/04 17:19:16.0013 5120 ApfiltrService (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/05/04 17:19:16.0231 5120 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/04 17:19:16.0309 5120 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/04 17:19:16.0387 5120 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/04 17:19:16.0715 5120 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/04 17:19:17.0354 5120 athr (42a781b795b36a7182ded8b55c245153) C:\Windows\system32\DRIVERS\athr.sys
2011/05/04 17:19:18.0010 5120 avgio (87828ecd657f81503465ac705e845076) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
2011/05/04 17:19:18.0166 5120 avgntflt (fcb30820bed1d3feb55e3dd55a3f947f) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
2011/05/04 17:19:18.0961 5120 avipbb (0b09df022250fb7ba91fb932eac6ea9b) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/04 17:19:19.0289 5120 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/04 17:19:19.0429 5120 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/04 17:19:19.0648 5120 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/04 17:19:19.0710 5120 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/04 17:19:19.0944 5120 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/04 17:19:20.0225 5120 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/04 17:19:20.0287 5120 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/04 17:19:20.0474 5120 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/04 17:19:20.0584 5120 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/04 17:19:20.0802 5120 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/04 17:19:21.0161 5120 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/04 17:19:21.0239 5120 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/04 17:19:21.0457 5120 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/05/04 17:19:21.0925 5120 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/04 17:19:22.0861 5120 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/04 17:19:23.0173 5120 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/04 17:19:23.0657 5120 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/04 17:19:23.0750 5120 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/04 17:19:24.0016 5120 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2011/05/04 17:19:24.0156 5120 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/05/04 17:19:24.0421 5120 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/04 17:19:24.0718 5120 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/04 17:19:24.0952 5120 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2011/05/04 17:19:25.0108 5120 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
2011/05/04 17:19:25.0326 5120 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/04 17:19:25.0435 5120 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/05/04 17:19:25.0747 5120 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/04 17:19:26.0075 5120 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/04 17:19:26.0340 5120 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/04 17:19:26.0527 5120 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/04 17:19:26.0917 5120 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/04 17:19:27.0136 5120 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/04 17:19:27.0416 5120 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/04 17:19:27.0635 5120 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/04 17:19:27.0822 5120 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/04 17:19:27.0978 5120 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/04 17:19:28.0040 5120 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/04 17:19:28.0118 5120 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/04 17:19:28.0321 5120 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/04 17:19:28.0602 5120 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/04 17:19:28.0774 5120 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/04 17:19:28.0930 5120 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/04 17:19:29.0429 5120 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/04 17:19:29.0647 5120 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/04 17:19:29.0694 5120 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/04 17:19:29.0756 5120 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/04 17:19:29.0912 5120 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/04 17:19:30.0209 5120 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/04 17:19:30.0349 5120 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/04 17:19:30.0458 5120 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/04 17:19:30.0536 5120 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/04 17:19:30.0677 5120 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/05/04 17:19:30.0817 5120 hwdatacard (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/05/04 17:19:31.0020 5120 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/04 17:19:31.0145 5120 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/04 17:19:31.0270 5120 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/04 17:19:31.0457 5120 IDSvix86 (bbbc8b3f0db98ef2494327694222d658) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20100224.001\IDSvix86.sys
2011/05/04 17:19:31.0628 5120 igfx (1b954f2bcb244596da704dc8c7729930) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/04 17:19:31.0784 5120 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/04 17:19:32.0112 5120 IntcAzAudAddService (7bd4e0428776d11c8e8e26f9f5508690) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/04 17:19:32.0284 5120 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/04 17:19:32.0346 5120 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/04 17:19:32.0424 5120 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/04 17:19:32.0580 5120 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/04 17:19:32.0642 5120 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/04 17:19:32.0705 5120 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/04 17:19:32.0830 5120 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/04 17:19:32.0923 5120 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/04 17:19:32.0970 5120 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/04 17:19:33.0235 5120 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/04 17:19:33.0282 5120 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/04 17:19:33.0438 5120 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/04 17:19:33.0516 5120 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/04 17:19:33.0719 5120 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/04 17:19:33.0828 5120 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/04 17:19:33.0937 5120 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/04 17:19:34.0015 5120 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/04 17:19:34.0124 5120 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/04 17:19:34.0358 5120 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/04 17:19:34.0436 5120 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/04 17:19:34.0499 5120 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/04 17:19:34.0608 5120 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/04 17:19:34.0686 5120 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/04 17:19:34.0733 5120 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/04 17:19:34.0826 5120 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/04 17:19:34.0889 5120 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/04 17:19:34.0998 5120 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/04 17:19:35.0092 5120 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/04 17:19:35.0591 5120 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/04 17:19:35.0669 5120 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/04 17:19:35.0716 5120 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/04 17:19:35.0762 5120 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/04 17:19:35.0887 5120 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/04 17:19:35.0950 5120 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/04 17:19:36.0028 5120 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/04 17:19:36.0121 5120 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/04 17:19:36.0199 5120 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/04 17:19:36.0262 5120 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/04 17:19:36.0340 5120 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/04 17:19:36.0402 5120 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/04 17:19:36.0574 5120 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/04 17:19:36.0667 5120 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/04 17:19:36.0808 5120 MTOnlPktAlyX (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
2011/05/04 17:19:36.0932 5120 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/04 17:19:37.0010 5120 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/04 17:19:37.0166 5120 NAVENG (7eea0e2634fde3c645c9a6d424825261) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100306.004\NAVENG.SYS
2011/05/04 17:19:37.0338 5120 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/05/04 17:19:37.0478 5120 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/04 17:19:37.0650 5120 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/04 17:19:37.0712 5120 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/04 17:19:37.0806 5120 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/04 17:19:37.0884 5120 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/04 17:19:37.0946 5120 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/04 17:19:38.0134 5120 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/05/04 17:19:38.0305 5120 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/04 17:19:38.0399 5120 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/04 17:19:38.0477 5120 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/04 17:19:38.0929 5120 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/04 17:19:39.0085 5120 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/04 17:19:39.0132 5120 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/04 17:19:39.0179 5120 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/04 17:19:39.0226 5120 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/04 17:19:39.0350 5120 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/04 17:19:39.0491 5120 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/04 17:19:39.0647 5120 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/04 17:19:39.0694 5120 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/04 17:19:39.0787 5120 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/04 17:19:40.0271 5120 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/04 17:19:40.0567 5120 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/05/04 17:19:41.0144 5120 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/04 17:19:41.0503 5120 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/04 17:19:41.0815 5120 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/04 17:19:42.0002 5120 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/04 17:19:42.0236 5120 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/04 17:19:42.0392 5120 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/04 17:19:42.0517 5120 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/04 17:19:42.0704 5120 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/04 17:19:42.0814 5120 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/04 17:19:42.0892 5120 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/04 17:19:43.0250 5120 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/04 17:19:43.0328 5120 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/04 17:19:43.0438 5120 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/04 17:19:43.0516 5120 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/04 17:19:43.0594 5120 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/04 17:19:43.0718 5120 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/04 17:19:43.0765 5120 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/04 17:19:43.0843 5120 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/04 17:19:43.0937 5120 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/04 17:19:44.0062 5120 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/04 17:19:44.0171 5120 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/04 17:19:44.0233 5120 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/04 17:19:44.0296 5120 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/04 17:19:44.0420 5120 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/04 17:19:44.0514 5120 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/04 17:19:44.0561 5120 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/04 17:19:44.0608 5120 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/04 17:19:44.0732 5120 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/04 17:19:44.0795 5120 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/04 17:19:44.0873 5120 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/04 17:19:44.0935 5120 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/04 17:19:45.0091 5120 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/04 17:19:45.0154 5120 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
2011/05/04 17:19:45.0294 5120 SPBBCDrv (cdea9a0a0e547fef4c44ccae35a9b09c) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/05/04 17:19:45.0434 5120 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/04 17:19:45.0497 5120 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
2011/05/04 17:19:45.0793 5120 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/05/04 17:19:45.0918 5120 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/05/04 17:19:46.0012 5120 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/05/04 17:19:46.0090 5120 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/04 17:19:46.0246 5120 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/04 17:19:46.0324 5120 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/04 17:19:46.0495 5120 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/04 17:19:46.0542 5120 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/04 17:19:46.0636 5120 SYMDNS (a16d76baa5d2cbe45c57fa582c1208e5) C:\Windows\System32\Drivers\SYMDNS.SYS
2011/05/04 17:19:46.0792 5120 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/05/04 17:19:46.0823 5120 SYMFW (c64d200569a18ea6c676266dee3ac158) C:\Windows\System32\Drivers\SYMFW.SYS
2011/05/04 17:19:46.0870 5120 SYMIDS (7764d3d7a3c858f04ced3c1f16410d89) C:\Windows\System32\Drivers\SYMIDS.SYS
2011/05/04 17:19:46.0916 5120 SYMNDISV (d193684004658fe4f3f143ca6dd9ef8b) C:\Windows\System32\Drivers\SYMNDISV.SYS
2011/05/04 17:19:47.0041 5120 SYMREDRV (829830a3ca1c5e329d68e26c9cd2de8d) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/05/04 17:19:47.0104 5120 symsnap (5c66e6aa29dad1875cc74662dd13c87e) C:\Windows\system32\DRIVERS\symsnap.sys
2011/05/04 17:19:47.0150 5120 SYMTDI (b1aa9704124b494c34e8d372e6654196) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/05/04 17:19:47.0400 5120 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/04 17:19:47.0462 5120 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/04 17:19:47.0650 5120 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/05/04 17:19:47.0743 5120 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/04 17:19:47.0821 5120 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/04 17:19:47.0946 5120 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/04 17:19:47.0993 5120 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/04 17:19:48.0071 5120 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/04 17:19:48.0133 5120 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/04 17:19:48.0289 5120 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
2011/05/04 17:19:48.0398 5120 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/04 17:19:48.0508 5120 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/04 17:19:48.0554 5120 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/04 17:19:48.0617 5120 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/04 17:19:48.0695 5120 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/04 17:19:48.0913 5120 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/04 17:19:48.0960 5120 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/04 17:19:49.0038 5120 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/04 17:19:49.0147 5120 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/04 17:19:49.0256 5120 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/04 17:19:49.0350 5120 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/04 17:19:49.0553 5120 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/04 17:19:49.0631 5120 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/04 17:19:49.0787 5120 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/04 17:19:49.0849 5120 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/04 17:19:49.0912 5120 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/04 17:19:50.0036 5120 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/04 17:19:50.0099 5120 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/04 17:19:50.0161 5120 v2imount (16662738e1ab857fb91ed2d4065440b0) C:\Windows\system32\DRIVERS\v2imount.sys
2011/05/04 17:19:50.0395 5120 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/04 17:19:50.0473 5120 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/04 17:19:50.0536 5120 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/04 17:19:50.0692 5120 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/04 17:19:50.0738 5120 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/04 17:19:50.0816 5120 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/04 17:19:50.0894 5120 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/04 17:19:51.0035 5120 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/04 17:19:51.0097 5120 VProEventMonitor (6666a8ddcf315635fc3c13f18c944b19) C:\Windows\system32\DRIVERS\vproeventmonitor.sys
2011/05/04 17:19:51.0160 5120 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/04 17:19:51.0253 5120 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/04 17:19:51.0362 5120 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/04 17:19:51.0378 5120 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/04 17:19:51.0440 5120 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/04 17:19:51.0581 5120 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/04 17:19:51.0706 5120 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/05/04 17:19:51.0830 5120 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/04 17:19:52.0018 5120 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/04 17:19:52.0142 5120 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/04 17:19:52.0236 5120 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/04 17:19:52.0408 5120 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/04 17:19:52.0486 5120 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/04 17:19:52.0673 5120 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/04 17:19:52.0782 5120 ================================================================================
2011/05/04 17:19:52.0782 5120 Scan finished
2011/05/04 17:19:52.0782 5120 ================================================================================

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hi Arne,

habe alles gemacht wie in der Anleitung beschrieben, hier das Combofix log:

Combofix Logfile:

Code:

ComboFix 11-05-04.02 - *** 04.05.2011  23:29:02.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.2038.1041 [GMT 2:00]

ausgeführt von:: c:\users\***\Desktop\cofi.exe

AV: Avira AntiVir PersonalEdition *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\audiograbber\Audiograbber.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-04-04 bis 2011-05-04  ))))))))))))))))))))))))))))))

.

.

2011-05-04 21:44 . 2011-05-04 21:44        --------        d-----w-        c:\users\***\AppData\Local\temp

2011-05-04 21:44 . 2011-05-04 21:44        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-05-04 21:13 . 2011-05-04 21:13        --------        d-----w-        c:\program files\CCleaner

2011-05-04 13:18 . 2011-05-04 13:18        --------        d-----w-        C:\_OTL

2011-05-03 10:21 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E0945CA-17B6-4950-B707-CD157C7D9084}\mpengine.dll

2011-05-02 16:11 . 2011-03-03 14:56        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll

2011-05-02 16:11 . 2011-03-03 13:01        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll

2011-04-26 13:02 . 2011-04-26 13:02        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes

2011-04-26 13:02 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-26 13:02 . 2011-04-26 13:02        --------        d-----w-        c:\programdata\Malwarebytes

2011-04-26 13:02 . 2011-04-26 13:02        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-04-26 13:02 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-04-25 16:09 . 2011-04-25 16:09        --------        d-----w-        c:\programdata\WindowsSearch

2011-04-18 14:49 . 2011-04-18 14:49        --------        d-----w-        c:\users\***\AppData\Local\CANON_INC

2011-04-18 14:32 . 2011-04-18 14:32        --------        d-----w-        c:\users\***\AppData\Roaming\ZoomBrowser EX

2011-04-18 14:31 . 2011-04-18 14:31        --------        d-----w-        c:\users\***\AppData\Roaming\Canon

2011-04-18 14:23 . 2011-04-18 14:23        --------        d-----w-        c:\programdata\ZoomBrowser

2011-04-18 14:21 . 2011-04-18 14:25        --------        d-----w-        c:\program files\Canon

2011-04-18 14:20 . 2011-04-18 14:20        --------        d-----w-        c:\program files\Common Files\Canon

2011-04-17 16:32 . 1996-12-11 10:22        69632        ----a-w-        c:\windows\UNINSTCC.EXE

2011-04-17 16:31 . 1997-04-08 18:08        299520        ----a-w-        c:\windows\uninst.exe

2011-04-13 16:15 . 2011-02-16 13:24        292864        ----a-w-        c:\windows\system32\atmfd.dll

2011-04-13 16:15 . 2011-02-16 15:29        34304        ----a-w-        c:\windows\system32\atmlib.dll

2011-04-13 16:15 . 2011-02-22 12:52        213504        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-04-13 16:15 . 2011-02-22 12:52        79360        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys

2011-04-13 16:15 . 2011-02-22 12:51        105984        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys

2011-04-13 16:15 . 2011-02-22 12:51        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys

2011-04-13 16:15 . 2011-03-10 16:12        1136640        ----a-w-        c:\windows\system32\mfc42.dll

2011-04-13 16:15 . 2011-03-10 16:12        1161728        ----a-w-        c:\windows\system32\mfc42u.dll

2011-04-13 16:15 . 2011-02-18 13:31        304640        ----a-w-        c:\windows\system32\drivers\srv.sys

2011-04-13 16:15 . 2011-02-18 13:31        146432        ----a-w-        c:\windows\system32\drivers\srv2.sys

2011-04-13 16:15 . 2011-02-18 13:31        102400        ----a-w-        c:\windows\system32\drivers\srvnet.sys

2011-04-13 16:13 . 2011-03-03 15:00        738816        ----a-w-        c:\windows\system32\inetcomm.dll

2011-04-13 10:37 . 2011-04-13 10:37        --------        d-----w-        c:\users\***\AppData\Roaming\Thunderbird

2011-04-10 12:30 . 2011-04-10 12:29        1207398        ----a-w-        c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Westwood\Red Alert\RA108USP.EXE

2011-04-10 11:10 . 1996-11-06 19:11        69632        ----a-w-        c:\windows\RAUNINST.EXE

2011-04-10 11:10 . 2011-04-17 16:32        --------        d-----w-        C:\WESTWOOD

2011-04-10 11:01 . 2011-04-10 11:01        218688        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys

2011-04-10 11:01 . 2011-04-10 11:01        --------        d-----w-        c:\program files\DAEMON Tools Lite

2011-04-10 11:00 . 2011-04-10 11:04        --------        d-----w-        c:\users\***\AppData\Roaming\DAEMON Tools Lite

2011-04-10 11:00 . 2011-04-10 11:01        --------        d-----w-        c:\programdata\DAEMON Tools Lite

2011-04-09 22:17 . 2011-04-09 22:19        --------        d-----w-        c:\program files\CaveStory - Einfach

2011-04-09 22:17 . 2011-04-09 22:17        101668        ----a-w-        c:\program files\Cave Story - Deinstaller.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-03 14:56 . 2011-05-02 16:11        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll

2011-03-03 14:56 . 2011-05-02 16:11        459776        ----a-w-        c:\windows\apppatch\AcSpecfc.dll

2011-03-03 14:56 . 2011-05-02 16:11        541696        ----a-w-        c:\windows\apppatch\AcLayers.dll

2011-03-03 14:56 . 2011-05-02 16:11        2153984        ----a-w-        c:\windows\apppatch\AcGenral.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]

"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-06-29 258048]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-06 39408]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-30 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-30 154136]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-30 133656]

"RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 4489216]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-12 30192]

"Norton Save and Restore 2.0"="c:\program files\Norton Save and Restore\Agent\VProTray.exe" [2007-02-13 2020968]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-07-16 115816]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"Skytel"="Skytel.exe" [2007-06-26 1826816]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-1-3 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2007-07-24 17:26        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-04 136176]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-10-12 30192]

R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]

R3 Norton Save and Restore;Norton Save and Restore;c:\program files\Norton Save and Restore\Agent\VProSvc.exe [2007-02-13 2655848]

R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]

R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]

R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-05 292152]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-07-05 79736]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-10 218688]

S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20100224.001\IDSvix86.sys [2010-02-10 286768]

S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2007-06-29 200704]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-02-16 102448]

S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-07-16 38200]

S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - COMHOST

.

Inhalt des "geplante Tasks" Ordners

.

2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-04 21:11]

.

2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-04 21:11]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {F62C9266-2D49-4E80-BA10-AFA50BF2E9E0} = 192.168.2.1

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\c3y38vxv.default\

FF - prefs.js: browser.startup.homepage - hxxp://apod.nasa.gov/apod/archivepix.html

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-04 23:44

Windows 6.0.6001 Service Pack 1 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2011-05-04  23:50:45

ComboFix-quarantined-files.txt  2011-05-04 21:50

.

Vor Suchlauf: 17 Verzeichnis(se), 19.471.212.544 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 19.308.462.080 Bytes frei

.

- - End Of File - - E4490BD21A619D824610BDB3D3BAE0FC

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Ok,
GMER hat auch nach mehrmaligem probieren nicht funktioniert.

Hier das OSAM log:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 15:57:54 on 05.05.2011
 

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit

Default Browser: Mozilla Corporation Firefox 3.6.17
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[AppInit DLLs]

-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----

"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys

"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

"fglorpog" (fglorpog) - ? - C:\Users\***\AppData\Local\Temp\fglorpog.sys  (Hidden registry entry, rootkit activity | File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS

"NAVENG" (NAVENG) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100306.004\NAVENG.SYS

"NAVEX15" (NAVEX15) - ? - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100306.004\NAVEX15.SYS  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys

"Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys

"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

"SRTSP" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSP.SYS

"SRTSPL" (SRTSPL) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSPL.SYS

"SRTSPX" (SRTSPX) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSPX.SYS

"ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

"Symantec Event Monitor Driver" (VProEventMonitor) - "Symantec Corporation" - C:\Windows\System32\DRIVERS\vproeventmonitor.sys

"Symantec Intrusion Prevention Driver" (IDSvix86) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20100224.001\IDSvix86.sys

"Symantec V2i Mount Driver" (v2imount) - "Symantec Corporation" - C:\Windows\System32\DRIVERS\v2imount.sys

"Symantec Volume Snap Shot Driver" (symsnap) - "StorageCraft" - C:\Windows\System32\DRIVERS\symsnap.sys

"SYMDNS" (SYMDNS) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMDNS.SYS

"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS

"SYMFW" (SYMFW) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMFW.SYS

"SYMIDS" (SYMIDS) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMIDS.SYS

"SYMNDISV" (SYMNDISV) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMNDISV.SYS

"SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMREDRV.SYS

"SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMTDI.SYS

"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll

{ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - ? - C:\Program Files\Java\jdk1.6.0_23\bin\npjpi160_23.dll  (File not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

{90222687-F593-4738-B738-FBEE9C7B26DF} "Norton-Symbolleiste anzeigen" - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{1E8A6170-7264-4D0F-BEAE-D42A53123C75} "{1E8A6170-7264-4D0F-BEAE-D42A53123C75}" - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"OpenOffice.org 2.4.lnk" - ? - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

"NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe"

"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

"ccApp" - "Symantec Corporation" - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

"ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"Norton Save and Restore 2.0" - "Symantec Corporation" - "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"Symantec PIF AlertEng" - "Symantec Corporation" - "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Avira AntiVir Personal - Free Antivirus Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

"Avira AntiVir Personal - Free Antivirus Planer" (AntiVirScheduler) - "Avira GmbH" - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

"ccEvtMgr" (ccEvtMgr) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

"ccSetMgr" (ccSetMgr) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

"COM Host" (comHost) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

"LiveUpdate Notice Service" (LiveUpdate Notice Service) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

"LiveUpdate Notice Service Ex" (LiveUpdate Notice Ex) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Norton Save and Restore" (Norton Save and Restore) - "Symantec Corporation" - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe

"NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\Sony\Network Utility\NSUService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Symantec Core LC" (Symantec Core LC) - ? - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

"Symantec Lic NetConnect service" (CLTNetCnService) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

"VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

"VAIO Content Metadata XML Interface" (VcmXmlIfHelper) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe

"VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

"VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

"VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

"VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

"VAIO Media Content Collection" (VAIOMediaPlatform-UCLS-AppServer) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe

"VAIO Media Content Collection (HTTP)" (VAIOMediaPlatform-UCLS-HTTP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

"VAIO Media Content Collection (UPnP)" (VAIOMediaPlatform-UCLS-UPnP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

"VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

"VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

"VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

"VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
 

[Winlogon]

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

und das MBRCheck log:

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Sony Corporation
System Product Name: VGN-NR11Z_T
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 166):
0x82218000 \SystemRoot\system32\ntkrnlpa.exe
0x825D1000 \SystemRoot\system32\hal.dll
0x8060C000 \SystemRoot\system32\kdcom.dll
0x80614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80674000 \SystemRoot\system32\PSHED.dll
0x80685000 \SystemRoot\system32\BOOTVID.dll
0x8068D000 \SystemRoot\system32\CLFS.SYS
0x806CE000 \SystemRoot\system32\CI.dll
0x82C05000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82C81000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82C8E000 \SystemRoot\system32\drivers\acpi.sys
0x82CD4000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82CDD000 \SystemRoot\system32\drivers\msisadrv.sys
0x82CE5000 \SystemRoot\system32\drivers\pci.sys
0x82D0C000 \SystemRoot\System32\drivers\partmgr.sys
0x82D1B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82D1E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82D28000 \SystemRoot\system32\drivers\volmgr.sys
0x82D37000 \SystemRoot\System32\drivers\volmgrx.sys
0x82D81000 \SystemRoot\system32\drivers\intelide.sys
0x82D88000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82D96000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x82DC3000 \SystemRoot\System32\drivers\mountmgr.sys
0x82DD3000 \SystemRoot\system32\drivers\atapi.sys
0x82DDB000 \SystemRoot\system32\drivers\ataport.SYS
0x807AE000 \SystemRoot\system32\drivers\msahci.sys
0x807B8000 \SystemRoot\system32\drivers\fltmgr.sys
0x807EA000 \SystemRoot\system32\drivers\fileinfo.sys
0x80600000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82E0A000 \SystemRoot\system32\DRIVERS\symsnap.sys
0x82E29000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E9A000 \SystemRoot\system32\drivers\ndis.sys
0x82FA5000 \SystemRoot\system32\drivers\msrpc.sys
0x8800F000 \SystemRoot\system32\drivers\NETIO.SYS
0x88049000 \SystemRoot\System32\drivers\tcpip.sys
0x88132000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88208000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88317000 \SystemRoot\system32\drivers\volsnap.sys
0x88350000 \SystemRoot\System32\Drivers\spldr.sys
0x88358000 \SystemRoot\System32\Drivers\mup.sys
0x88367000 \SystemRoot\System32\drivers\ecache.sys
0x8838E000 \SystemRoot\system32\drivers\disk.sys
0x8839F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x883C0000 \SystemRoot\system32\drivers\crcdisk.sys
0x883EB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x883F6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8814D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88200000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C007000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8815C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C5ED000 \SystemRoot\System32\drivers\watchdog.sys
0x88000000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C802000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C840000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C84F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C861000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8CA0C000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8CC34000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8CC44000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8CC52000 \SystemRoot\system32\drivers\ti21sony.sys
0x8CD1E000 \SystemRoot\System32\Drivers\SonyNC.sys
0x8CD25000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CD38000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CD43000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8CD6C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CD77000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CD8F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8CD92000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8CDB1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C8A0000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CDDF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C8E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CDEA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C8F8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C91B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C92A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C93E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C953000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CDF5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C963000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C98D000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C9C8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F408000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F43C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F44D000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x82FD0000 \SystemRoot\system32\drivers\portcls.sys
0x8C9D5000 \SystemRoot\system32\drivers\drmk.sys
0x8F606000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F643000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F746000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F804000 \SystemRoot\system32\drivers\modem.sys
0x8F811000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F81A000 \SystemRoot\System32\Drivers\Null.SYS
0x8F821000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F831000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F838000 \SystemRoot\System32\drivers\vga.sys
0x8F844000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F865000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F86D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F875000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F880000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F88E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F897000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F8AD000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x8F8DB000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8F900000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F914000 \SystemRoot\system32\drivers\afd.sys
0x8F95C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F98E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F9A4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F9B2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F9C5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F9CB000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x90006000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x9006F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x900AB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x900B5000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20100224.001\IDSvix86.sys
0x900FF000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9015D000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9017A000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x9017B000 \SystemRoot\System32\Drivers\dfsc.sys
0x90192000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x901A3000 \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
0x901A5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x901B2000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x901BD000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x98E20000 \SystemRoot\System32\win32k.sys
0x901C7000 \SystemRoot\System32\drivers\Dxapi.sys
0x901D1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99040000 \SystemRoot\System32\TSDDD.dll
0x99060000 \SystemRoot\System32\cdd.dll
0x901E0000 \SystemRoot\system32\drivers\luafv.sys
0xAC40D000 \SystemRoot\system32\drivers\spsys.sys
0xAC4BC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAC4CC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAC4F6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAC500000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAC513000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xAC519000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0xAC51B000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
0xAC526000 \SystemRoot\System32\Drivers\SYMFW.SYS
0xAC548000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0xAC551000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAC567000 \SystemRoot\system32\drivers\HTTP.sys
0xAC5D4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8F9DD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x883C9000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAD80C000 \SystemRoot\system32\drivers\mrxdav.sys
0xAD82C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAD84B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAD884000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAD89C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAD8C4000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD92B000 \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
0xAD93F000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xAD9CF000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAEE0A000 \SystemRoot\system32\drivers\peauth.sys
0xAEEE8000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAEEF2000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAEEFE000 \SystemRoot\system32\DRIVERS\v2imount.sys
0xAEF06000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xAEF1B000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xAEF2D000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAEF49000 \??\C:\Users\***\AppData\Local\Temp\fglorpog.sys
0x77170000 \Windows\System32\ntdll.dll

Processes (total 76):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
588 csrss.exe
632 C:\Windows\System32\wininit.exe
640 csrss.exe
680 C:\Windows\System32\winlogon.exe
712 C:\Windows\System32\services.exe
724 C:\Windows\System32\lsass.exe
732 C:\Windows\System32\lsm.exe
892 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\audiodg.exe
1272 C:\Windows\System32\SLsvc.exe
1308 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\svchost.exe
1632 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1840 C:\Windows\System32\spoolsv.exe
1864 C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
1876 C:\Windows\System32\svchost.exe
196 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
308 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
1456 C:\Program Files\Sony\Network Utility\NSUService.exe
268 C:\Windows\System32\svchost.exe
1412 C:\Windows\System32\svchost.exe
2160 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
2212 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
2316 C:\Windows\System32\svchost.exe
2348 C:\Windows\System32\SearchIndexer.exe
2412 C:\Windows\System32\drivers\XAudio.exe
2472 WUDFHost.exe
2500 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
2548 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
2612 igfxext.exe
2644 igfxsrvc.exe
2768 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
3000 igfxext.exe
3024 igfxsrvc.exe
3148 C:\Windows\System32\taskeng.exe
3196 C:\Windows\System32\dwm.exe
3276 C:\Windows\System32\taskeng.exe
3304 C:\Windows\explorer.exe
3472 C:\Windows\System32\taskeng.exe
3504 C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
3512 C:\Windows\System32\hkcmd.exe
3524 C:\Windows\System32\igfxpers.exe
3540 C:\Windows\System32\igfxsrvc.exe
3580 C:\Program Files\Apoint\Apoint.exe
3596 C:\Program Files\Sony\ISB Utility\ISBMgr.exe
3628 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
3640 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
3752 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3924 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
4048 C:\Program Files\Sony\Network Utility\LANUtil.exe
4068 C:\Windows\ehome\ehtray.exe
2436 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
784 C:\Program Files\Windows Media Player\wmpnscfg.exe
1652 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
1208 C:\Program Files\Windows Media Player\wmpnetwk.exe
3796 C:\Windows\ehome\ehmsas.exe
4912 C:\Program Files\Apoint\ApMsgFwd.exe
5400 C:\Program Files\Apoint\ApntEx.exe
5464 C:\Windows\System32\conime.exe
5824 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
1232 C:\Windows\System32\SearchProtocolHost.exe
5492 C:\Windows\System32\wuauclt.exe
5696 C:\Windows\System32\mobsync.exe
3976 C:\Users\***\Desktop\osam_autorun_manager_5_0_portable\osam.exe
4980 C:\Windows\System32\notepad.exe
3068 C:\Program Files\Mozilla Firefox\firefox.exe
4324 C:\Windows\System32\SearchFilterHost.exe
5456 C:\Users\***\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`cf300000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2035GSS, Rev: DK022A

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Yaaaaaaeehhh ! :singsing:

Schonmal vielen vielen VIELEN Dank für deine schnelle und freundliche Hilfe!

SASW hat nichts gefunden, Malwarebytes lass ich gleich noch drüber laufen.

Nochmals :dankeschoen:

SASW Log:

Zitat:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/06/2011 at 01:56 AM

Application Version : 4.51.1000

Core Rules Database Version : 6996
Trace Rules Database Version: 4808

Scan type : Complete Scan
Total Scan Time : 05:27:45

Memory items scanned : 782
Memory threats detected : 0
Registry items scanned : 9474
Registry threats detected : 0
File items scanned : 453962
File threats detected : 0