|
Log-Analyse und Auswertung: Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.05.2010, 12:34 | #1 |
| Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert? Hallo, im Nachhinein habe ich festgestellt, dass die Datei dhm.scr, die ich mit Rechtsklick - "Testen" - ausgeführt habe, Bifrose / Bifrost enthalten könnte. Norton SONAR hat zwar die Ausführung mit der Meldung "Verdächtige Aktivität" gestoppt und die Datei gelöscht, ich weiss aber nicht, ob doch eine Infektion passiert ist. Mein Rechner zeigt erst mal kein verdächtiges Verhalten, meine Frage: Welche Anzeichen würde mein Rechner zeigen, wenn er infiziert wäre? Hier auf alle Fälle mal das Hijack-Log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:19:57, on 23.05.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Program Files\Apoint\Apoint.exe C:\Windows\System32\rundll32.exe C:\Windows\Philips\SPC230NC\Monitor.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Apoint\Apntex.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\user\Documents\RST-root\2-Operations\Software\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.club-vaio.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Qbyrd Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll O3 - Toolbar: Qbyrd Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [DRCU] "C:\Program Files\Sony\DRCU\DRCU.exe" O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\Windows\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SPC230NC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe O4 - HKLM\..\Run: [SPC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: An PDF Genie 4 senden - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\DATA BECKER\PDF Genie 4\pdfshell.dll O9 - Extra 'Tools' menuitem: An PDF Genie 4 senden - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\DATA BECKER\PDF Genie 4\pdfshell.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - h**p://download.sopcast.cn/download/SOPCORE.CAB O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: 4G USB-Plug Service - 4G Systems GmbH & Co. KG - C:\Windows\service4g.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NetDrive Service (ndsvc) - SolutionBox - C:\Program Files\Netdrive\ndsvc.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (h**p) (VAIOMediaPlatform-IntegratedServer-h**p) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_h**pd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (h**p) (VAIOMediaPlatform-UCLS-h**p) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_h**pd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Unknown owner - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe (file missing) O23 - Service: soft Xpansion Print2Document (WPEServ) - soft Xpansion - C:\Program Files\Common Files\WPE\wpeserv.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe O23 - Service: WTGService - Unknown owner - C:\Program Files\XSManager\wtgservice.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 14661 bytes |
23.05.2010, 22:45 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert? Hallo und
__________________bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
24.05.2010, 10:46 | #3 |
| Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert? Malwarebytes' Anti-Malware 1.46
__________________Malwarebytes Datenbank Version: 4134 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 24.05.2010 11:37:08 mbam-log-2010-05-24 (11-37-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 383772 Laufzeit: 2 Stunde(n), 31 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\irgendwo in einem Dateiarchiv\***\keygen.exe (RiskWare.Tool.CK) -> No action taken. C:\irgendwo in einem Dateiarchiv\***\Keygen.exe (RiskWare.Tool.CK) -> No action taken. Die beiden gemeldeten Dateien wurden nicht auf diesem Rechner geöffnet, sie liegen in einem alten Archiv c:\user\documente\archive\... und werden auch von Norton, Webroot etc. als clean eingestuft. Die waren auch schon vor dem vermeintlichen Befall mit Bifrose/Bitfrost da. |
24.05.2010, 10:57 | #4 |
| Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?Code:
ATTFilter OTL logfile created on: 24.05.2010 11:49:04 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\user\Documents\RST-root\2-Operations\Software Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 158,70 Gb Total Space | 67,80 Gb Free Space | 42,72% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SONY-VAIO-SZ71M Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\user\Documents\RST-root\2-Operations\Software\OTL.exe (OldTimer Tools) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Programme\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. ) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\XSManager\WTGService.exe () PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Netdrive\ndsvc.exe (SolutionBox) PRC - C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation) PRC - C:\Programme\Common Files\WPE\wpeserv.exe (soft Xpansion) PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\user\Documents\RST-root\2-Operations\Software\OTL.exe (OldTimer Tools) MOD - C:\Programme\Norton Internet Security\Engine\17.6.0.32\asoehook.dll (Symantec Corporation) MOD - C:\Programme\Norton Internet Security\Engine\17.6.0.32\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation) MOD - C:\Programme\Norton Internet Security\Engine\17.6.0.32\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation) MOD - C:\Windows\System32\msi.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sfc_os.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\System32\sfc.dll (Microsoft Corporation) MOD - C:\Windows\System32\msiltcfg.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WDFNet) -- File not found SRV - (SeaPort) -- File not found SRV - (gusvc) -- File not found SRV - (CLTNetCnService) -- File not found SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation) SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. ) SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe () SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (ndsvc) -- C:\Program Files\Netdrive\ndsvc.exe (SolutionBox) SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation) SRV - (WPEServ) -- C:\Programme\Common Files\WPE\wpeserv.exe (soft Xpansion) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (4G USB-Plug Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (VzFw) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.) SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-h**p) VAIO Media Content Collection (h**p) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_h**pd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-h**p) VAIO Media Integrated Server (h**p) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_h**pd.exe (Sony Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (MSCSPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100522.003\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100522.003\NAVENG.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx86.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1106000.020\Ironx86.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1106000.020\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1106000.020\SRTSPX.SYS (Symantec Corporation) DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1106000.020\ccHPx86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1106000.020\SYMTDIV.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1106000.020\SYMEFA.SYS (Symantec Corporation) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\system32\DRIVERS\tdrpm258.sys (Acronis) DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis) DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100513.002\IDSvix86.sys (Symantec Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1106000.020\SYMDS.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis) DRV - (ndfs) -- C:\Programme\Netdrive\ndfs.sys (SolutionBox) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (cm_ser) -- C:\Windows\System32\drivers\cm_ser.sys (C-motech Co.,Ltd.) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (SPC230NC) -- C:\Windows\System32\drivers\SPC230NC.SYS (PixArt Imaging Inc.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (shpf) -- C:\Windows\system32\DRIVERS\shpf.sys (Sony Corporation) DRV - (PAEAFLT.sys) -- C:\Windows\System32\drivers\PAEAFLT.sys (PixArt Imaging Incorporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (SPI) -- C:\Windows\System32\drivers\SonyPI.sys (Sony Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (HPFXFAX) -- C:\Windows\System32\drivers\hpfxfax.sys (Hewlett Packard) DRV - (HPFXBULK) -- C:\Windows\System32\drivers\hpfxbulk.sys (Hewlett Packard) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh) DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (UPATC) -- C:\Windows\System32\drivers\upatc.sys (SCM Microsystems Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.club-vaio.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "h**p://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009.11.15 13:17:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.05.01 13:25:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.02.24 19:30:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Users\user\Portable Ralf\PortableApps\FirefoxPortable\App\firefox\components [2010.05.01 13:32:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Users\user\Portable Ralf\PortableApps\FirefoxPortable\App\firefox\plugins [2010.05.11 19:12:53 | 000,000,000 | ---D | M] [2010.01.16 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2010.05.13 12:39:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ihnixyl6.default\extensions [2010.01.16 11:56:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ihnixyl6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.24 13:40:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ihnixyl6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} O1 HOSTS File: ([2010.02.23 20:43:23 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [DRCU] C:\Program Files\Sony\DRCU\DRCU.exe (Sony Corporation) O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\Windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\system32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\system32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: An PDF Genie 4 senden - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Programme\DATA BECKER\PDF Genie 4\pdfshell.dll (soft Xpansion) O9 - Extra 'Tools' menuitem : An PDF Genie 4 senden - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Programme\DATA BECKER\PDF Genie 4\pdfshell.dll (soft Xpansion) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: trustcenter.de ([www] h**ps in Vertrauenswürdige Sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} h**p://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} h**p://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} h**p://download.sopcast.cn/download/SOPCORE.CAB (SopCore Control) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\h**p\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\h**p\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\h**ps\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\h**ps\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O30 - LSA: Authentication Packages - (ft Co) - File not found O30 - LSA: Security Packages - (X2嘀㬪蘁 獭ㅶた搮汬) - File not found O30 - LSA: Security Packages - (>뻯㭙娵㭙娵&) - File not found O30 - LSA: Security Packages - (껄) - File not found O30 - LSA: Security Packages - () - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{022865df-1c05-11df-abac-001e3d3aec96}\Shell - "" = AutoRun O33 - MountPoints2\{022865df-1c05-11df-abac-001e3d3aec96}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{067049e1-1a72-11df-b2b8-001e3d3aec96}\Shell - "" = AutoRun O33 - MountPoints2\{067049e1-1a72-11df-b2b8-001e3d3aec96}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{067049f8-1a72-11df-b2b8-001e3d3aec96}\Shell - "" = AutoRun O33 - MountPoints2\{067049f8-1a72-11df-b2b8-001e3d3aec96}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{455d0e56-a4cd-11dd-a877-001a805b6367}\Shell - "" = AutoRun O33 - MountPoints2\{455d0e56-a4cd-11dd-a877-001a805b6367}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{455d0e9b-a4cd-11dd-a877-001a805b6367}\Shell - "" = AutoRun O33 - MountPoints2\{455d0e9b-a4cd-11dd-a877-001a805b6367}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O33 - MountPoints2\{455d0f4c-a4cd-11dd-a877-001a805b6367}\Shell - "" = AutoRun O33 - MountPoints2\{455d0f4c-a4cd-11dd-a877-001a805b6367}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O33 - MountPoints2\{9821c3f3-f420-11dc-b142-001e3d3aec96}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found O33 - MountPoints2\{b28a9cce-6fea-11de-9ccf-001a805b6367}\Shell - "" = AutoRun O33 - MountPoints2\{b28a9cce-6fea-11de-9ccf-001a805b6367}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O33 - MountPoints2\{b8287cb8-1b3d-11df-a294-001e3d3aec96}\Shell - "" = AutoRun O33 - MountPoints2\{b8287cb8-1b3d-11df-a294-001e3d3aec96}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{cbc33751-102c-11dd-ac1e-001a805b6367}\Shell - "" = AutoRun O33 - MountPoints2\{cbc33751-102c-11dd-ac1e-001a805b6367}\Shell\AutoRun\command - "" = G:\LapNetWizard.exe -- File not found O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk /p \??\H:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{b7a07dcb-f41f-11dc-83cc-806e6f6e6963}\bootwiz\asrm.bin) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.21 18:39:35 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.05.21 18:39:33 | 000,000,000 | ---D | C] -- C:\rsit [2010.05.21 18:25:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes [2010.05.21 18:25:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.21 18:25:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.21 18:25:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.21 18:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.21 18:01:29 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.05.11 19:12:53 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.05.11 19:12:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.05.11 19:12:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.05.11 19:12:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.05.08 12:15:43 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.05.08 12:15:43 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.05.01 19:16:35 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.05.01 19:16:33 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.05.01 19:11:48 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.05.01 18:37:41 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.24 11:51:02 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.24 11:51:02 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.24 11:50:17 | 005,505,024 | ---- | M] () -- C:\Users\user\ntuser.dat [2010.05.23 20:01:33 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000E80.LCS [2010.05.23 14:52:53 | 000,020,446 | ---- | M] () -- C:\Users\user\AppData\Roaming\mainhst.zgh [2010.05.23 13:51:08 | 000,131,879 | ---- | M] () -- C:\Users\user\AppData\Roaming\nvModes.001 [2010.05.23 13:50:43 | 000,004,381 | ---- | M] () -- C:\Windows\win.ini [2010.05.23 13:50:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.23 13:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.23 13:50:22 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2010.05.23 13:48:52 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.05.23 13:48:34 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{71d2cd40-b470-11dd-8797-001a805b6367}.TMContainer00000000000000000001.regtrans-ms [2010.05.23 13:48:34 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{71d2cd40-b470-11dd-8797-001a805b6367}.TM.blf [2010.05.23 13:48:24 | 003,476,739 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db [2010.05.21 18:25:31 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.21 18:07:18 | 000,035,274 | ---- | M] () -- C:\Users\user\Documents\cc_20100521_180706.reg [2010.05.21 18:01:30 | 000,001,670 | ---- | M] () -- C:\Users\user\Desktop\CCleaner.lnk [2010.05.20 17:39:13 | 001,573,880 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.20 17:39:13 | 000,678,316 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.20 17:39:13 | 000,636,790 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.20 17:39:13 | 000,147,018 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.20 17:39:13 | 000,119,616 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.14 12:49:06 | 000,455,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.11 00:25:15 | 000,304,160 | ---- | M] () -- C:\SPC230NC.DAT [2010.05.08 12:15:41 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.05.08 12:15:40 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2010.05.07 16:40:58 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2010.05.07 16:34:46 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.05.01 19:17:31 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.05.01 18:37:47 | 000,001,020 | ---- | M] () -- C:\Users\user\Desktop\FrostWire 4.20.6.lnk [2010.05.01 18:17:52 | 000,000,752 | ---- | M] () -- C:\Users\user\Desktop\µTorrent.lnk [2010.05.01 14:27:19 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.21 18:25:30 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.21 18:07:09 | 000,035,274 | ---- | C] () -- C:\Users\user\Documents\cc_20100521_180706.reg [2010.05.21 18:01:30 | 000,001,670 | ---- | C] () -- C:\Users\user\Desktop\CCleaner.lnk [2010.05.01 19:17:31 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.05.01 18:37:46 | 000,001,020 | ---- | C] () -- C:\Users\user\Desktop\FrostWire 4.20.6.lnk [2010.05.01 18:17:51 | 000,000,752 | ---- | C] () -- C:\Users\user\Desktop\µTorrent.lnk [2010.02.25 21:44:11 | 000,000,842 | ---- | C] () -- C:\Windows\System32\SPC230NC.INI [2009.09.27 13:40:02 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini [2009.09.13 12:23:50 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.04 00:50:10 | 000,000,137 | ---- | C] () -- C:\Windows\oports.INI [2009.08.22 15:10:11 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll [2009.06.01 12:27:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.01.13 00:37:15 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys [2008.12.23 17:33:18 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2008.12.06 20:15:14 | 003,086,336 | ---- | C] () -- C:\Windows\System32\NCMedia.dll [2008.12.06 20:15:14 | 003,086,336 | ---- | C] () -- C:\Windows\System32\flvvideo.dll [2008.12.06 20:15:14 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.12.06 20:15:14 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll [2008.12.06 20:00:43 | 007,277,568 | ---- | C] () -- C:\Windows\System32\iPodmedia.dll [2008.11.22 20:15:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.08.15 19:40:59 | 000,237,568 | ---- | C] () -- C:\Windows\System32\Unlha32.dll [2008.08.15 19:40:57 | 000,473,600 | ---- | C] () -- C:\Windows\System32\Harmony.dll [2008.04.06 11:31:37 | 000,000,221 | ---- | C] () -- C:\Windows\wpd99.drv [2008.04.03 18:48:55 | 000,118,784 | ---- | C] () -- C:\Windows\System32\pdfmona.dll [2008.04.03 18:48:55 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll [2008.03.21 19:45:06 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2008.03.21 19:45:06 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2008.03.21 19:45:06 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll [2008.03.21 19:45:06 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll [2008.03.21 19:45:06 | 000,182,784 | ---- | C] () -- C:\Windows\System32\DGVorbis.dll [2008.03.21 19:45:06 | 000,175,104 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2008.03.21 19:45:06 | 000,118,784 | ---- | C] () -- C:\Windows\System32\MP3DEE.DLL [2008.03.21 19:45:06 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll [2008.03.21 19:45:05 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kwab.dll [2008.03.19 17:50:13 | 001,482,240 | ---- | C] () -- C:\Windows\System32\PDFCtrl.dll [2008.03.19 17:50:12 | 001,607,680 | ---- | C] () -- C:\Windows\System32\iPostCtl.dll [2008.03.19 17:50:11 | 001,860,096 | ---- | C] () -- C:\Windows\System32\iFaxCtrl.dll [2008.03.17 22:59:57 | 000,000,494 | ---- | C] () -- C:\Windows\ODBC.INI [2008.02.02 05:26:55 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2008.02.02 05:15:50 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2008.01.09 11:08:32 | 000,962,560 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2007.10.30 11:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2004.02.10 20:42:42 | 000,000,182 | ---- | C] () -- C:\Windows\Comcenter.ini [2003.01.07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.07.07 05:00:00 | 000,003,254 | ---- | C] () -- C:\Windows\System32\HPTCPMON.INI [2000.02.24 05:03:04 | 000,061,502 | ---- | C] () -- C:\Windows\System32\ODBCMON.DLL < End of report > |
24.05.2010, 11:00 | #5 |
| Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?Code:
ATTFilter OTL Extras logfile created on: 24.05.2010 11:49:04 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\user\Documents\RST-root\2-Operations\Software Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 158,70 Gb Total Space | 67,80 Gb Free Space | 42,72% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SONY-VAIO-SZ71M Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Users\user\Portable Ralf\PortableApps\FirefoxPortable\App\firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "UacDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "FirstRunDisabled" = 0 "UacDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-655030806-4062572646-3381737835-1003] "EnableNotifications" = 0 "EnableNotificationsRef" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09335B0C-8DFA-468C-ABF0-9A4E7949BC86}" = lport=139 | protocol=6 | dir=in | app=system | "{15100C31-53AE-4B75-9345-CF81D8D07716}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{2752F847-277C-4286-B067-5EDB2549A92F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2BC725ED-A0DD-4E4C-8706-E96D9752A33A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{427B7C73-53A9-4101-AC53-44A2B70799AB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{51BE50AC-B1B1-407C-B743-E545A7B46A2F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{525265AC-0C92-4FA3-A34A-338958F1889A}" = rport=445 | protocol=6 | dir=out | app=system | "{5508461D-453D-4500-979D-A4B401132C23}" = rport=137 | protocol=17 | dir=out | app=system | "{62F6F0EE-6F35-4464-8251-98AB3F85EBB2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{6A4AA0BE-715D-42AA-A82B-DA786AD178E0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{6BB0B237-28C1-4140-90E2-6307FD843BEB}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{6F6751C2-BE17-472C-8DB4-D1124E74861D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{7704851E-AE15-4591-B120-565D9F9CB092}" = lport=445 | protocol=6 | dir=in | app=system | "{8CAF8EBE-4776-4DA9-B71E-771A507ACDEB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8CBBA483-1DD5-4AF2-BF4A-A520D093AD01}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8E6BEC12-20B3-4B2A-87F4-1D9B53666B00}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A3287862-2F43-4365-98D8-34F3669EEBF3}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{A3F35279-570A-4BA8-97E1-C83D9E85647E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{A950FD6F-FF2C-4583-9408-3BC391E5D171}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AB6B5687-8C61-437C-A415-4956A68E8250}" = lport=2869 | protocol=6 | dir=in | app=system | "{AC07CF9B-1EB9-4143-8A53-274403F5D967}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{AF96E1E2-F312-4ABA-8BF1-2600BB7B2172}" = rport=138 | protocol=17 | dir=out | app=system | "{BB5833AA-A754-44A9-B365-DC6DF05EEE3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CD36592B-FCBB-41AE-971F-66A912274DE6}" = rport=139 | protocol=6 | dir=out | app=system | "{D27F6559-92BC-4B28-AD5B-69D400FBD77D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E6F41E3B-6120-44CC-9494-1D0BCF4B8028}" = lport=137 | protocol=17 | dir=in | app=system | "{F1981185-0D8C-4917-B6D1-30FB1046E355}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F24BEAFF-DD30-433F-89B0-F66DF169BF6C}" = lport=138 | protocol=17 | dir=in | app=system | "{F9B6F402-8463-4B7D-A667-0409CA464024}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{FAB8BC49-6C15-4323-8DAE-ADB485B9475E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{001903F2-ABDF-4BDE-809A-35B277A5685D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{03A04389-7C3E-46A7-A3BE-69BE35FCC1BE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{09AAA4C5-57DB-4F5C-8DA8-8E20C6EE88A1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{1632056A-CC75-4B50-9861-53422F8952A9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{16529536-9428-4247-9076-09304A5FC66A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2070A4E0-8707-4145-9CF1-117F6C29F75F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2A7E8E2A-757B-4E3C-A391-AB2DCF374DF7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2AF71FC3-0CED-424F-8986-63BD081A1F3B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{30B342A3-48F3-4310-9044-6792741ACE1B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3E549F01-4279-450D-92E1-8030ED4773FA}" = protocol=6 | dir=in | app=c:\program files\hp\hp color laserjet cm1312 mfp series\hppfsu_cm1312.exe | "{3E780494-4195-4154-8A42-1BF9D7DD3CD3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{47F8D613-F860-418D-A334-9882C7AF61B5}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{4E0B56AE-EF3D-448F-9481-30456CC3DFC8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{5833AC00-89C2-483F-9501-81A989E8B847}" = protocol=17 | dir=in | app=c:\program files\abelcam\abelcam.exe | "{5CAA651A-7E29-4DAA-BDE5-8AD86BB3D45B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{6AD90132-36CD-4AE8-AB18-154AE56E43D7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6E3EC88B-F909-41A9-857B-1A0E18BB0C75}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6E50FFD0-E910-42D9-8239-CAA32845FF37}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe | "{718C0C5A-9CE3-4B1C-8E71-99EA1A6634C1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7225CE02-771E-4A78-AA88-BBDA6BD1717F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{7B32A2F3-2DF8-46DC-A1FC-39BC07187C6B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7C57A760-04AF-4942-9887-EF59EC197DCD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{855F8046-3908-4D92-B70F-1FB9FEA1D41B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{86C3A258-CC68-487B-AD65-83FA9E37D6F8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{87DF37EE-7B4A-42A6-9CC1-827F54075D32}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{87EB7C91-30B7-49AA-82E5-B2FC6300F6EB}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe | "{977C4423-A59C-4616-9F02-1E3580A7B60C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{97970F1F-0E23-43D5-9DEA-97BF7712CE33}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{98B20838-61B5-4C56-8D2B-5E2952759C9B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{9E600CCF-9E00-446B-A79F-3BFAEDD48A26}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{A09021D3-6D19-4A1D-A153-E79B7623B6B7}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{A3C65399-905C-48F8-AFBC-4B24FB849CB7}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{A7C51AD6-32AF-41AF-8384-C2C7F43C9AF6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{ACCAC950-C3D7-47E2-8771-F374CB04B3A0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BE9F17E5-54B8-4758-94CE-2E342A627950}" = protocol=6 | dir=in | app=c:\program files\abelcam\abelcam.exe | "{C2F3A8C9-01F0-441E-B809-41FB9593D7FD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CC9DE5AC-3B6D-40DB-9F55-6D749ABAFC55}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CDDC9ECA-AEEA-4503-9A79-1E255B14D4A4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D5B1C37B-EDDE-4940-BB5B-DD567A3EE34A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D5EBF0BC-FD06-4DC8-B16B-2CC26E711403}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D88775FA-5B02-495B-AB37-DE589612DE61}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DB14FD30-A8F8-4039-962C-9976EDF8AE09}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{DC6B88E4-B9C8-4C07-9A27-38438D5B58F0}" = protocol=17 | dir=in | app=c:\program files\hp\hp color laserjet cm1312 mfp series\hppfsu_cm1312.exe | "{DC91F975-C1BA-4644-A1DD-6842AC3CAB02}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DCFAC61E-BD86-455D-8F43-4FF820596BA2}" = dir=in | app=c:\program files\norton internet security\engine\17.6.0.32\ccsvchst.exe | "{E6AE1690-E1B7-44CB-86B0-57D8F75021ED}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E6DADCCE-08DC-4512-884B-526F1769A258}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe | "{ECF1A494-453F-4F46-9C5F-35A9C33D563D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{F05994C2-6CA5-4D06-9E7F-1901E41CACB5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F8037FE6-5B09-49B0-B35D-BCEF9C3D640F}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe | "{F851AB4B-C1B7-43BA-B297-04AEA8959139}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FFAF6477-8285-4999-BEEF-121F06F993B3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05F350C6-FA6A-40D0-A130-FB941B39152C}" = Philips SPC230NC Webcam "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent "{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie "{133F46FF-B547-4462-AEAA-2322CA89CF67}" = VAIO Database Converter Ver 1.0 "{136E7A33-97D9-435C-BFDE-6A1327F2C235}" = MySQL Server 5.1 "{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel "{17C7703E-0B2A-4593-9CB7-E2FE14B6F8EA}" = Sony Snymsico for Vista "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{1B2626EF-067B-4A9B-9104-85BA8B43CA09}" = SafeGuard® PrivateCrypto 2.11.1 - Unlicensed Version "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0 "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24E2F70D-B287-407D-9B5C-9D8B4C388D1A}" = hppPQVideoCM1312 "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 20 "{282E3F81-CC37-44AF-8156-C35104D21033}" = Nero 7 Essentials "{28AD24E2-BC9F-49B8-A20C-31C6C2D78428}" = VAIO Database Converter 1.0 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2C2943D2-61CB-4F91-A3DA-A50FA1E93F54}" = bcWebCam "{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000 "{2E6567D5-BCDA-4A7B-855F-687480D0835C}" = Gantt Designer "{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{325D1D94-4F34-46A7-A489-737C801B931D}" = hppusgCM1312 "{3344F175-63B2-4435-8757-16613315E61C}" = Netdrive "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0 "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0 "{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312 "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0 "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5 "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc "{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6970AAC9-A97B-4F89-A887-2F0636791E10}" = VAIO Status Monitor "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility "{6DD822CC-4CDD-4949-9000-CE62C3B22B26}" = hppSendFaxCM1312 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6FAF7261-8F5F-411B-9FD1-93CBCF701DAD}" = hpzTLBXFX "{70294646-CF46-4223-A2F4-EDC6A8420B2A}" = hppFaxUtilityCM1312 "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1 "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client "{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4 "{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 3.0 "{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.3 "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials "{92E2CA49-B6B9-4FE2-A39B-F6EA18AC5405}_is1" = Auslogics Task Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9930D47E-BF88-4EED-9531-CC9EDAE1E448}" = hppscanCM1312 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A1EA13D0-40C6-4DFC-98D6-6A8AB501DA63}" = hppCLJCM1312 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{ABBACAD2-4DAF-490E-932B-E330B33FCF98}" = Softi FreeOCR "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0 "{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner "{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{C793675F-0692-4969-A9D4-C191EFBF5518}" = hppScanToCM1312 "{C88386DE-0D91-4738-9ABD-A991D118A191}" = HiNetRecorder "{C915F8C1-A885-4289-B1B0-D2E56F1B15C8}_is1" = FlowHeater® 1.1.3 "{CCA3335D-2BA0-4C31-8A90-D6B50CDE452F}" = WISO Mein Geld 2010 Professional "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CECB7782-F35F-45CE-97C0-74BBBDC51C22}" = Webcam Video Viewer "{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents "{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{D9AE5B83-86A9-4D59-9F62-104A884BDAAC}" = hppFaxDrvCM1312 "{DD074614-2EF5-4F41-9073-2769191C0CA0}" = EASY Office "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate "{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool "{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150) "{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{EF30AD3D-50DE-4C6B-9435-56C22A99F9FA}" = hppTLBXFXCM1312 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug "{F412B21E-9FEF-4FFC-ABFC-9DC9C5A69A1B}" = hppManualsCM1312 "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm "{FB1DADB7-462D-4163-B803-23EB846F3D8A}" = AbelCam "{FB557C20-AF8C-471E-AB56-0EBE5ECD007C}" = MySQL Workbench 5.1 OSS "{FF29ABB2-357B-4A0F-8CD2-ADBFF0BCFB3E}" = YearPlanner "{FFCB1B04-5B1C-4A17-AA60-CA6F00BA50F9}" = StarMoney "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "Amaya" = Amaya "CCleaner" = CCleaner "Clickster16341" = Clickster "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "CONVERT_is1" = CONVERT "CSVed_is1" = CSVed 1.4.8b "Directory Compare_is1" = Directory Compare "DiskAid_is1" = DiskAid 3.11 "dt icon module" = "Effective-Planner_is1" = Effective-Planner v1.3.0.14 "ElsterFormular ***unknown variable buildnummer***" = ElsterFormular "FastStone Capture" = FastStone Capture 5.3 "FBDBServer_2_1_is1" = Firebird 2.1.3.18185 (Win32) "FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer "FinePrint" = FinePrint "Free Download Manager_is1" = Free Download Manager 2.5 "Freez FLV to AVI/MPEG/WMV Converter 1.5_is1" = Freez FLV to AVI/MPEG/WMV Converter "Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter "Freez iPod Video Converter 1.5_is1" = Freez iPod Video Converter "Freez Screen Video Capture v1.2_is1" = Freez Screen Video Capture v1.2 "FrostWire" = FrostWire 4.20.6 "FSC External Modem Driver_is1" = FSC External Modem 2.0.1 "GMX SMS-Manager" = GMX SMS-Manager "gtfirstboot Setting Request" = "HDBPPCStd_is1" = HanDBase® for Pocket PC/Windows Mobile v3.5 "HP Document Manager" = HP Document Manager 1.0 "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "IE PassView" = IE PassView "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "ipnetinfo" = ipnetinfo "IrfanView" = IrfanView (remove only) "LiveEditor_is1" = LiveEditor 2.0.4 "Macro Mania_is1" = Macro Mania v12.5.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MarketingTools" = Vaio Marketing Tools "MessageGroups 1.0" = MessageGroups 1.0 "MFU Module" = "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Money2005b" = Microsoft Money 2005 "Moo0 SystemMonitor" = Moo0 SystemMonitor 1.38 "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7) "Mp3 Audio Editor" = Mp3 Audio Editor "NIS" = Norton Internet Security "NVIDIA Drivers" = NVIDIA Drivers "Open Ports Scanner_is1" = Open Ports Scanner 2.4 "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01 "Orbit_is1" = Orbit Downloader "PapierZuPDF" = PapierZuPDF "PDF Genie 4_is1" = DATA BECKER PDF Genie 4 "Pdf995" = Pdf995 "PdfEdit995" = PdfEdit995 "pdfFactory Pro" = pdfFactory Pro "Philips Intelligent Agent_is1" = Philips Intelligent Agent "Picasa2" = Picasa 2 "ProInst" = Intel(R) PROSet/Wireless Software "ProMa5_FREE" = ProMa FREEWARE "Protect Disc License Helper" = Protect Disc License Helper 1.0.118 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PTS Waterfall Charter_is1" = PTS Waterfall Charter 1.11 "Q1" = QTime GmbH Q1 "RedBox_is1" = RedBox 7.0 "RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts) "Run BASIC v1.01 Free Edition" = Run BASIC v1.01 Free Edition "s25atonce_is1" = s25atonce 3.6.8 "Security Task Manager" = Security Task Manager 1.7f "Shop for HP Supplies" = Shop for HP Supplies "Siemens DCA-140/540 USB Treiber_is1" = Siemens DCA-140/540 USB Treiber 1.0.7 "Signature995" = Signature995 "SopCast" = SopCast 2.0.4 "Surf & E-Mail-Stick" = Surf & E-Mail-Stick "TeamViewer 5" = TeamViewer 5 "Total Organizer_is1" = Total Organizer "TuneUp Utilities" = TuneUp Utilities "URLSnooper 2_is1" = URL Snooper v2.23.01 "VAIO Help and Support" = "VAIO_My Club VAIO" = My Club VAIO "VAIO_Photoshop" = "VAIO_Standard" = "Web Page Maker_is1" = Web Page Maker V3.12 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1 beta5 "WISO Mein Geld 2010 Professional" = WISO Mein Geld 2010 Professional "WYSIWYG_Web_Builder_5" = WYSIWYG Web Builder 5.0 "XSManager" = XSManager "Yahoo! Messenger" = Yahoo! Messenger "yEd Graph Editor 3.4.0.2" = yEd Graph Editor 3.4.0.2 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "H2" = H2 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
24.05.2010, 12:14 | #6 |
| Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert? Und für alle Fälle das Ergebnis von Virus Total für die von Malwarescan gemeldeten Files: Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.50 2010.05.10 Win32.SuspectCrc!IK AhnLab-V3 2010.05.23.00 2010.05.22 - AntiVir 8.2.1.242 2010.05.23 - Antiy-AVL 2.0.3.7 2010.05.24 - Authentium 5.2.0.5 2010.05.23 - Avast 4.8.1351.0 2010.05.23 - Avast5 5.0.332.0 2010.05.23 - AVG 9.0.0.787 2010.05.23 - BitDefender 7.2 2010.05.24 - CAT-QuickHeal 10.00 2010.05.24 - ClamAV 0.96.0.3-git 2010.05.22 - Comodo 4930 2010.05.24 - DrWeb 5.0.2.03300 2010.05.24 - eSafe 7.0.17.0 2010.05.23 - eTrust-Vet 35.2.7506 2010.05.24 - F-Prot 4.6.0.103 2010.05.23 - F-Secure 9.0.15370.0 2010.05.24 - Fortinet 4.1.133.0 2010.05.23 - GData 21 2010.05.24 - Ikarus T3.1.1.84.0 2010.05.24 Win32.SuspectCrc Jiangmin 13.0.900 2010.05.22 - Kaspersky 7.0.0.125 2010.05.24 - McAfee 5.400.0.1158 2010.05.24 - McAfee-GW-Edition 2010.1 2010.05.23 - Microsoft 1.5802 2010.05.24 - NOD32 5139 2010.05.23 - Norman 6.04.12 2010.05.23 - nProtect 2010-05-23.01 2010.05.23 - Panda 10.0.2.7 2010.05.23 Generic Malware PCTools 7.0.3.5 2010.05.24 - Prevx 3.0 2010.05.24 - Rising 22.49.00.03 2010.05.24 - Sophos 4.53.0 2010.05.24 - Sunbelt 6346 2010.05.24 - Symantec 20101.1.0.89 2010.05.24 - TheHacker 6.5.2.0.286 2010.05.24 - TrendMicro 9.120.0.1004 2010.05.24 CRCK_FPRINT.A TrendMicro-HouseCall 9.120.0.1004 2010.05.24 CRCK_FPRINT.A VBA32 3.12.12.5 2010.05.22 - ViRobot 2010.5.20.2326 2010.05.24 - VirusBuster 5.0.27.0 2010.05.23 - weitere Informationen File size: 64000 bytes MD5...: fad32224a5cd23ecf23e6e135bfd2228 SHA1..: a00e8313ef227c545b66a3631a88d89516c7c3bf SHA256: 4ec2a023dcac06eb9e491919a25f283abd8f29f69f3f547588df617fdeed93ae ssdeep: 1536:H1yTfeQpqZgEYklWga+shtEO8WXWLlq1++VZ:VyjdpggEjWgHEeO8Ww3+VZ PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x33e40 timedatestamp.....: 0x44d4ceac (Sat Aug 05 17:00:28 2006) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x24000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x25000 0xf000 0xf000 7.92 199d65c066fa70419b733a3805e2a6a3 .rsrc 0x34000 0x1000 0x600 1.91 e44c66aa8f1cad7dbf167a4a32323421 ( 3 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess > GDI32.dll: CreateSolidBrush > USER32.dll: EndDialog ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: UPX compressed Win32 Executable (39.5%) Win32 EXE Yoda's Crypter (34.3%) Win32 Executable Generic (11.0%) Win32 Dynamic Link Library (generic) (9.8%) Generic Win/DOS Executable (2.5%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned packers (Kaspersky): UPX packers (F-Prot): UPX |
24.05.2010, 14:19 | #7 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?Zitat:
Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert? |
adobe, ask.com, becker, bho, bifrose, bifrost, bonjour, browser, datei gelöscht, desktop, downloader, error, excel, explorer, frage, free download, google, hijackthis, hkus\s-1-5-18, infiziert?, internet, internet explorer, intrusion prevention, pc infiziert, photoshop, picasa, plug-in, registry, rundll, scr file, security, server, software, symantec, system, vista, webroot, windows |