|
Plagegeister aller Art und deren Bekämpfung: Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.11.2011, 22:38 | #1 |
| Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe Hallo liebe Trojaner-Board Community Seit kurzen bemerkte ich das meine Systemleistung stark zunahm und dabei bemerkte ich im Taskmanager das die Datei: csrss.exe (Größe: 444 KB) dafür verantwortlich ist. Bei meiner Recherche in Google fand ich heraus das diese Datei normalerweise nur in Windows Systemordner nur vorkommen darf ansonsten handelt es sich sehr wahrscheinlich um einen Trojaner. Die Datei versucht auch sich mit dem Internet, zu verbinden dies habe ich aber mit meiner Firewall bereits unterbunden. Beim Löschen der Datei wird sie einfach wieder hergestellt mit Ordner. Mein Virusprogramm schlägt nicht Alarm und sonstige Sicherheitsprogramme erkennen dieses Programm nicht. Kann mir irgendjemand bei diesem Problem weiterhelfen? Ich bin kein Experte bezogen auf Viren. Alles, was ich bis jetzt wusste und fand an Informationen, suchte ich bei Google. Danke für die Hilfe in voraus. Mit freundlichen Grüßen Chesspower88 P.S. Darf man diese Datei per Anhang hochladen zur Analyse? |
26.11.2011, 05:46 | #2 |
| Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe Der Trojaner ist sehr aggressiv zuletzt verbarg er meine Systemfirewall, um ungehindert ins Internet zu funken. Eine Neuinstallation der Firewall wurde verhindert und bei einer anderen Version der gleichen Firewall gab es ein Bluescreen.
__________________Nach dem Bluescreen startete ich in den abgesicherten Modus von Windows und entfernte den immer wieder installierenden Ordner. Bei dem darauf folgenden Neustart wurde das Programm nicht mehr ausgeführt und die Autostarteinträge waren inaktiv und konnten gelöscht werden. Ich bin mir jetzt nicht sicher, ob das bereits alles war. Der Trojaner war äußerst aggressiv und ich habe etwas bange, dass dieses Programm immer noch auf meinem System läuft und dies nur ein Unterprogramm war, das von eigentlichen Trojaner initialisiert wurde. |
26.11.2011, 12:26 | #3 |
/// Malware-holic | Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________
__________________ |
27.11.2011, 11:25 | #4 |
| Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.11.2011 11:39:28 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Gerd\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 55,10% Memory free 9,72 Gb Paging File | 7,66 Gb Available in Paging File | 78,85% Paging File free Paging file location(s): c:\pagefile.sys 6000 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454,63 Gb Total Space | 200,39 Gb Free Space | 44,08% Space Free | Partition Type: NTFS Drive J: | 7,45 Gb Total Space | 0,77 Gb Free Space | 10,32% Space Free | Partition Type: FAT32 Computer Name: CHESSPOWER-VAIO | User Name: Gerd | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Gerd\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Users\Gerd\Logox für alle Anwendungen\Logox. für alles.exe () PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - c:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\avformat-53.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\avcodec-53.dll () MOD - C:\Users\Gerd\Logox für alle Anwendungen\Logox. für alles.exe () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () ========== Win32 Services (SafeList) ========== SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation) SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV:64bit: - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation) SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (VAIO Event Service) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (PMBDeviceInfoProvider) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TVICHW64) -- C:\Windows\SysNative\drivers\TVicHW64.sys (EnTech Taiwan) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (bcfsrm) -- C:\Windows\SysNative\drivers\bcfsrm.sys (Jetico, Inc.) DRV:64bit: - (bcftdi) -- C:\Windows\SysNative\drivers\bcftdi.sys (Jetico, Inc.) DRV:64bit: - (BcfilterMP) -- C:\Windows\SysNative\drivers\bcfilter.sys (Jetico, Inc.) DRV:64bit: - (Bcfilter) -- C:\Windows\SysNative\drivers\bcfilter.sys (Jetico, Inc.) DRV:64bit: - (bc_ngn) -- C:\Windows\SysNative\drivers\bc_ngn.sys (Jetico, Inc.) DRV:64bit: - (bc_tdi_f) -- C:\Windows\SysNative\drivers\bc_tdi_f.sys (Jetico, Inc.) DRV:64bit: - (bc_prt_f) -- C:\Windows\SysNative\drivers\bc_prt_f.sys (Jetico, Inc.) DRV:64bit: - (bc_pat_f) -- C:\Windows\SysNative\drivers\bc_pat_f.sys (Jetico, Inc.) DRV:64bit: - (bc_ip_f) -- C:\Windows\SysNative\drivers\bc_ip_f.sys (Jetico, Inc.) DRV:64bit: - (bc_hash_f) -- C:\Windows\SysNative\drivers\bc_hash_f.sys (Jetico, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (OXUDIDRV) -- C:\Windows\SysNative\drivers\OXUDIDRV_x64.sys () DRV:64bit: - (CPen) -- C:\Windows\SysNative\drivers\CPen.sys () DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (AVerAF35) -- C:\Windows\SysNative\drivers\AVerAF35.sys (AVerMedia TECHNOLOGIES, Inc.) DRV:64bit: - (VaneFltr) -- C:\Windows\SysNative\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd) DRV:64bit: - (OXSDIDRV_x64) Oxford Semi eSATA Filter (x64) -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys () DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo) DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys () DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesschau.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 48 A7 5D 3A B5 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search the Web" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/|hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite|hxxp://www.youtube.com/|hxxp://www.allmystery.de/" FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011.11.15 07:57:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.11.15 07:57:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.16 07:24:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.14 14:41:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.16 07:24:24 | 000,000,000 | ---D | M] [2011.10.31 20:52:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Extensions [2011.11.15 07:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\uxc6fp4v.default\extensions [2011.11.07 07:01:18 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\uxc6fp4v.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2011.11.15 07:57:16 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\uxc6fp4v.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2011.11.02 15:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.11.02 15:46:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.16 07:24:28 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 () (No name found) -- C:\USERS\GERD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UXC6FP4V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.14 14:41:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.17 19:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml [2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: ICQ Search (Enabled) CHR - default_search_provider: search_url = hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Gerd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll CHR - plugin: getPlusPlus for Adobe 16299 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Skype Click to Call = C:\Users\Gerd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Gerd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2011.10.30 21:31:18 | 000,437,957 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15062 more lines... O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Program Files (x86)\Microsoft\csrss.exe O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Program Files (x86)\Microsoft\csrss.exe O8:64bit: - Extra context menu item: Add to &Evernote - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to &Evernote - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ 7.5\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ 7.5\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: matheboard.de ([www] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: youtube.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0bc67ad5-218e-11e0-9067-f07bcbcb1074}\Shell - "" = AutoRun O33 - MountPoints2\{0bc67ad5-218e-11e0-9067-f07bcbcb1074}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{0bc67ad8-218e-11e0-9067-f07bcbcb1074}\Shell - "" = AutoRun O33 - MountPoints2\{0bc67ad8-218e-11e0-9067-f07bcbcb1074}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{16326ab5-0f6f-11e0-ba74-5442491305ab}\Shell - "" = AutoRun O33 - MountPoints2\{16326ab5-0f6f-11e0-ba74-5442491305ab}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{16326ad2-0f6f-11e0-ba74-5442491305ab}\Shell - "" = AutoRun O33 - MountPoints2\{16326ad2-0f6f-11e0-ba74-5442491305ab}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{16326adf-0f6f-11e0-ba74-5442491305ab}\Shell - "" = AutoRun O33 - MountPoints2\{16326adf-0f6f-11e0-ba74-5442491305ab}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{27cd5678-23f8-11e0-a35c-f07bcbcb1074}\Shell - "" = AutoRun O33 - MountPoints2\{27cd5678-23f8-11e0-a35c-f07bcbcb1074}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{2811343e-2b0d-11e0-bbc8-5442491305ab}\Shell - "" = AutoRun O33 - MountPoints2\{2811343e-2b0d-11e0-bbc8-5442491305ab}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4b0a1493-90c4-11e0-bfe3-5442491305ab}\Shell - "" = AutoRun O33 - MountPoints2\{4b0a1493-90c4-11e0-bfe3-5442491305ab}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{63179e35-7d3d-11e0-af9d-5442491305ab}\Shell - "" = AutoRun O33 - MountPoints2\{63179e35-7d3d-11e0-af9d-5442491305ab}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{7a112029-7d84-11e0-aa37-f07bcbcb1074}\Shell - "" = AutoRun O33 - MountPoints2\{7a112029-7d84-11e0-aa37-f07bcbcb1074}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\DudenKorrektor.msi O33 - MountPoints2\{85dc2b8a-1d98-11e0-8d51-5442491305ab}\Shell - "" = AutoRun O33 - MountPoints2\{85dc2b8a-1d98-11e0-8d51-5442491305ab}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{b0a2ba91-91dd-11e0-a0a0-5442491305ab}\Shell - "" = AutoRun O33 - MountPoints2\{b0a2ba91-91dd-11e0-a0a0-5442491305ab}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{cb7ac48c-4b53-11e0-8d53-5442491305ab}\Shell - "" = AutoRun O33 - MountPoints2\{cb7ac48c-4b53-11e0-8d53-5442491305ab}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{e95e49ea-7d24-11e0-92aa-f07bcbcb1074}\Shell - "" = AutoRun O33 - MountPoints2\{e95e49ea-7d24-11e0-92aa-f07bcbcb1074}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f57886be-2ceb-11e0-ad86-5442491305ab}\Shell - "" = AutoRun O33 - MountPoints2\{f57886be-2ceb-11e0-ad86-5442491305ab}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.27 11:07:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Gerd\Desktop\OTL.exe [2011.11.26 04:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs [2011.11.26 04:59:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Zonelabs [2011.11.25 22:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011.11.25 22:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2011.11.25 22:41:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2011.11.22 05:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.19 09:40:36 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{874BBEB4-3E67-4CF1-88E5-D1B0D7C4C672} [2011.11.19 09:40:25 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{BADD5A4B-B317-458C-8068-D39F896E6ABA} [2011.11.18 16:33:39 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\ASCOMP Software [2011.11.18 16:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASCOMP Software [2011.11.18 16:33:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASCOMP Software [2011.11.17 11:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.11.16 21:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster [2011.11.16 21:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster [2011.11.16 13:01:27 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Alte Daten [2011.11.16 07:28:22 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\DDMSettings [2011.11.15 07:57:52 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011.11.15 07:57:10 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\Conduit [2011.11.15 07:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2011.11.15 07:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint [2011.11.14 07:21:44 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{EEF212CC-2BFB-42D3-84CF-F63A3AFD4776} [2011.11.14 07:21:23 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{084CE115-4D43-40E2-B988-347DB677A5A2} [2011.11.13 08:41:03 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Documents\MAGIX Downloads [2011.11.11 06:57:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IEAdblock [2011.11.10 10:00:19 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{EA6798C9-C80D-4717-AD59-3579F6E3F437} [2011.11.10 09:59:57 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{1154314C-1210-4AB4-BD10-189B86E09434} [2011.11.09 16:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum [2011.11.09 16:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Agnitum [2011.11.07 07:01:37 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\adaware [2011.11.07 07:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2011.11.07 07:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2011.11.07 07:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2011.11.05 17:52:37 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Documents\Löschen empfindlicher Informationen [2011.11.05 14:55:07 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{6BB1AF9D-5455-4663-ADE0-A46478FB7225} [2011.11.05 14:54:41 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{5FA6FCB9-0B82-41FD-8B84-7D32744F67B5} [2011.11.05 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Tracing [2011.11.03 18:45:48 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Avira [2011.11.03 18:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.11.03 18:45:14 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.11.03 18:45:14 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.11.03 18:45:14 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.11.03 18:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.11.03 18:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.11.03 12:31:58 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Logox für alle Anwendungen [2011.11.02 15:46:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.11.02 15:45:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.11.02 15:45:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.11.02 15:45:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.11.02 15:45:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011.10.31 20:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011.10.30 20:54:19 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{AAA9A15D-8AC4-457A-A243-D0F0B25BB4BE} [2011.10.30 20:54:09 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{E493FB12-375A-476B-A118-083C92285E99} [2011.10.30 06:55:57 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{07FDDCBC-CC24-44A3-9DE7-9B4319D7AEC7} [2011.10.30 06:55:35 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\{5334246E-22A0-4E77-B449-BCD9EC0FC3BA} [2011.10.28 13:26:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.27 11:07:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gerd\Desktop\OTL.exe [2011.11.26 08:22:53 | 001,507,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.26 08:22:53 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.26 08:22:53 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.26 08:22:53 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.26 08:22:53 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.26 08:21:16 | 000,001,039 | ---- | M] () -- C:\Users\Gerd\Desktop\Trillian.lnk [2011.11.26 05:21:55 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.26 05:21:55 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.26 05:13:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.26 05:13:46 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys [2011.11.26 04:55:16 | 563,853,270 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.11.26 04:45:50 | 000,086,114 | -H-- | M] () -- C:\Users\Gerd\AppData\Roaming\Gerdv1.18.0 - Trial versionlog.dat [2011.11.23 10:01:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.11.22 05:58:27 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.20 19:59:36 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.11.20 16:40:45 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2011.11.20 16:40:45 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2011.11.19 19:20:03 | 000,000,132 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.11.18 16:33:36 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Secure Eraser.lnk [2011.11.16 07:24:31 | 000,001,615 | ---- | M] () -- C:\Users\Gerd\Desktop\DivX Movies.lnk [2011.11.16 07:24:07 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2011.11.15 07:58:01 | 000,415,915 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011.11.10 06:21:49 | 005,121,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.09 20:03:30 | 000,003,882 | ---- | M] () -- C:\Users\Gerd\Desktop\Logox. für alles.lnk [2011.11.07 07:02:28 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [2011.11.07 07:00:47 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.11.04 06:38:41 | 000,001,520 | ---- | M] () -- C:\Users\Gerd\Desktop\Config-Laschsis.lnk [2011.11.03 18:53:56 | 000,001,260 | ---- | M] () -- C:\Users\Gerd\Desktop\Eigene Dateien.lnk [2011.11.03 12:45:12 | 000,001,150 | ---- | M] () -- C:\Users\Gerd\Desktop\Mozilla Firefox.lnk [2011.11.03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011.11.02 15:45:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.11.02 15:45:29 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.11.02 15:45:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.11.02 15:45:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.10.31 20:52:17 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.10.30 21:31:18 | 000,437,957 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111106-205809.backup [2011.10.30 21:31:18 | 000,437,957 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111123-155624.backup [2011.10.30 21:31:18 | 000,437,957 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111106-210521.backup [2011.10.30 21:31:18 | 000,437,957 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.26 08:21:16 | 000,001,069 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk [2011.11.26 08:21:16 | 000,001,039 | ---- | C] () -- C:\Users\Gerd\Desktop\Trillian.lnk [2011.11.26 04:55:16 | 563,853,270 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.11.22 05:58:27 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.19 18:41:37 | 000,000,132 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.11.18 16:33:36 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Secure Eraser.lnk [2011.11.16 07:24:31 | 000,001,615 | ---- | C] () -- C:\Users\Gerd\Desktop\DivX Movies.lnk [2011.11.16 07:24:07 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2011.11.15 07:57:36 | 000,415,915 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011.11.09 20:03:30 | 000,003,882 | ---- | C] () -- C:\Users\Gerd\Desktop\Logox. für alles.lnk [2011.11.04 06:38:41 | 000,001,520 | ---- | C] () -- C:\Users\Gerd\Desktop\Config-Laschsis.lnk [2011.11.03 18:53:56 | 000,001,260 | ---- | C] () -- C:\Users\Gerd\Desktop\Eigene Dateien.lnk [2011.11.03 12:45:12 | 000,001,150 | ---- | C] () -- C:\Users\Gerd\Desktop\Mozilla Firefox.lnk [2011.11.01 13:54:21 | 000,000,886 | ---- | C] () -- C:\Users\Gerd\Desktop\Logox 4 SpeechBox.lnk [2011.10.31 20:52:17 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.10.31 20:52:17 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.10.13 21:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2011.10.10 20:39:36 | 000,000,000 | ---- | C] () -- C:\Users\Gerd\AppData\Local\{1F300D96-ED2C-4AE4-8A3D-FDB27F659553} [2011.08.31 00:41:11 | 000,005,632 | ---- | C] () -- C:\Users\Gerd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.21 20:05:29 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2011.05.25 18:53:57 | 000,000,082 | ---- | C] () -- C:\Users\Gerd\AppData\Local\X-Plane Installer.prf [2011.05.13 09:45:16 | 000,000,000 | ---- | C] () -- C:\Users\Gerd\AppData\Local\{F7E4046D-9E44-44A3-9208-F3746DD86739} [2011.05.02 23:30:50 | 001,144,147 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll [2011.05.02 23:27:54 | 003,935,545 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll [2011.05.02 21:23:46 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll [2011.05.02 21:19:34 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll [2011.05.02 21:19:20 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.04.26 18:29:07 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.04.26 18:29:07 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.04.25 09:01:02 | 000,007,625 | ---- | C] () -- C:\Users\Gerd\AppData\Local\Resmon.ResmonCfg [2011.04.19 21:58:22 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.22 08:04:09 | 000,211,056 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL [2011.03.22 07:57:01 | 000,000,032 | ---- | C] () -- C:\Windows\install.INI [2011.03.18 22:32:44 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll [2011.03.18 22:29:56 | 000,181,248 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll [2011.03.18 22:28:30 | 001,557,504 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll [2011.03.18 22:27:08 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll [2011.03.18 22:26:44 | 000,484,864 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll [2011.03.18 22:25:38 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll [2011.03.18 22:25:24 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll [2011.03.04 04:20:23 | 000,000,844 | ---- | C] () -- C:\Windows\eReg.dat [2011.03.03 12:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll [2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll [2011.03.03 12:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll [2011.03.03 12:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll [2011.03.03 12:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe [2011.03.03 12:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll [2011.03.03 12:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll [2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll [2011.03.03 12:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe [2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll [2011.03.03 12:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe [2011.03.03 12:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll [2011.03.03 12:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll [2011.03.01 19:32:32 | 000,000,184 | ---- | C] () -- C:\Windows\pdf2word.INI [2011.02.22 20:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.02.22 20:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.02.20 07:17:03 | 000,000,184 | ---- | C] () -- C:\Windows\ZoneLib-DisplayNames.ini [2011.02.20 01:11:36 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\jesterss.dll [2011.02.19 06:00:27 | 000,001,782 | ---- | C] () -- C:\Windows\SymmTime.ini [2011.01.29 03:24:27 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.20 05:55:10 | 000,033,040 | ---- | C] () -- C:\ProgramData\dudenbib.wav [2010.12.29 14:23:41 | 000,000,159 | ---- | C] () -- C:\Windows\AVerText.ini [2010.12.23 19:58:38 | 000,000,309 | ---- | C] () -- C:\Windows\game.ini [2010.12.23 10:09:30 | 000,000,000 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\wklnhst.dat [2010.12.18 14:53:33 | 000,000,479 | ---- | C] () -- C:\Windows\wininit.ini [2010.12.12 20:34:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.12.12 15:43:19 | 000,002,623 | ---- | C] () -- C:\Windows\Irremote.ini [2010.10.08 07:55:10 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.09.02 19:03:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.09.02 18:12:16 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.08.29 07:01:45 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.08.25 22:00:24 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.08.21 20:39:24 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.08.18 20:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini [2010.08.06 16:30:59 | 000,002,119 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat [2010.05.19 23:08:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.05.19 22:45:17 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.05.19 22:45:17 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.05.19 22:45:17 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.05.19 22:45:15 | 000,050,036 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.05.19 22:45:14 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010.05.19 22:45:08 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat [2010.05.19 22:45:08 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat [2009.08.11 22:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe [2009.08.11 22:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.11.06 16:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2006.03.08 11:42:33 | 000,086,114 | -H-- | C] () -- C:\Users\Gerd\AppData\Roaming\Gerdv1.18.0 - Trial versionlog.dat [2006.03.04 05:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report > Geändert von Chesspower88 (27.11.2011 um 11:43 Uhr) Grund: Unter Extra Registry vergessen Use SafeList zu aktivieren. |
27.11.2011, 11:34 | #5 |
| Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.11.2011 11:39:28 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Gerd\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 55,10% Memory free 9,72 Gb Paging File | 7,66 Gb Available in Paging File | 78,85% Paging File free Paging file location(s): c:\pagefile.sys 6000 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454,63 Gb Total Space | 200,39 Gb Free Space | 44,08% Space Free | Partition Type: NTFS Drive J: | 7,45 Gb Total Space | 0,77 Gb Free Space | 10,32% Space Free | Partition Type: FAT32 Computer Name: CHESSPOWER-VAIO | User Name: Gerd | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series" = Canon MX330 series MP Drivers "{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety "{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64 "{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit) "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{48F04AD2-77E9-45F3-8A4F-F5D38E519F02}" = BOINC "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}" = VAIO Content Metadata Intelligent Network Service Manager "{7ECD4ACB-E1B6-425B-B8AA-5761A59B77E0}" = Setup_VEP_x64_Contain_SSDB "{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8FE3CF66-4484-4D39-B47D-DEBBA173619D}" = VAIO Content Metadata Manager Settings "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{97C58294-36D8-4594-8A49-7AB4AE096504}" = VAIO Content Metadata XML Interface Library "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{A1255354-11F3-4D25-95CC-C9B1C2320761}" = VAIO Content Metadata Intelligent Analyzing Manager "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C5855017-5867-4FE3-9BEF-2E5AF57FEBF8}" = Iomega Encryption "{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBB823F3-E8BD-4578-9D16-42AF176FD777}" = VAIO Personalization Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "CD890B33C151F0A9940A3982594354969B729745" = Windows-Treiberpaket - C Technologies AB (CPen) Input Pen (02/22/2010 3.0.0.2) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2 "Recuva" = Recuva "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR "ZoneAlarm Toolbar" = ZoneAlarm Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00BD992A-D4C7-447D-8AA1-60B5759EA30D}" = SILENT HILL 4 "{0252CACB-68DA-480B-8A50-ED0422D1A7D2}" = Fritz Beginner "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform "{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = VAIO Original Funktion Einstellungen "{04FCD5DE-1662-4F99-BDA9-C57212113EF2}" = RemoteComms External Disk Access "{06C05B90-2127-4933-8ABA-61833BDE13FA}" = Einstellungen für VAIO-Inhaltsüberwachung "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{0A72194A-1E08-41CD-AEFF-3F36C51DAB3C}" = Fritz Beginner "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E5C4DE6-101B-11D6-986D-00500443CF9F}" = Sven Bømwøllen DL "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{10631C28-62E5-477C-9B40-40C5EA8219BE}" = Black & White® 2 Battle of the Gods "{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires "{134B5C7C-C390-466E-B99E-181C8C057AAA}" = C-Pen Core "{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3 "{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish "{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11 WM Edition "{1AD2EC5E-9A73-452B-8C87-43D2E32C3831}" = Fritz11 WM Edition "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1C0A1883-3A46-4416-A225-99BFF203462A}" = Deep Fritz 12 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = PMB VAIO Edition Plug-in "{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29 "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3 "{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security "{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide "{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool "{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French "{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3 "{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE "{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access "{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen "{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian "{6A79665E-2B6A-4BDF-BEC9-22BE4CA41B15}" = ChessBase Reader "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D2BBFC7-C0B7-4991-926F-BFC30013512C}" = GEOgraf System Runtime Components "{6E554A6F-7BA1-4FCE-ABFA-430A24631111}" = Duden Korrektor Patch 022010 "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2 "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{85EB0F56-3DB3-42CC-9384-A665C5FC5D08}" = Fritz 13 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing "{89173B88-384A-459B-B687-9C0BBC934EF4}" = Die*Sims™*3 Erstelle einen Sim "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus "{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{932247E9-A3C1-11D4-80B0-00A0D21817C9}" = Blair Witch II "{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{935B5086-C002-0FBC-0723-5741D2478EE7}" = Catalyst Control Center InstallProxy "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = "{971853BB-F530-442A-B780-F7E3A8EE13AD}" = Deep Fritz 12 "{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library "{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}" = Duden Korrektor "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall "{A39DAD32-3515-438D-8617-F8AE2A301031}" = Nero 8 "{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer "{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista "{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean "{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth "{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish "{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D3C80E77-E549-4F76-BC07-61DDBD950345}" = Silent Hill 2 - Directors Cut "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents "{D6330700-4083-48DD-A03C-E209674E7836}" = ChessBase Reader "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2 "{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9 "{DBE79C99-F6CA-42B4-A37F-8BCA3BD086F8}" = Logox 4 Professional "{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3 "{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}" = Lock On: Air Combat Simulation "{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish "{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai "{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT: SOVIET ASSAULT "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All "{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote "{F7955AEF-6249-4662-9D6B-DABB8531D83A}" = Blair Witch Vol. III - Die Elly Kedward Sage "{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FF895069-BD9A-11D5-986D-00500443CF9F}" = Moorhuhn 3 DL "adawaretb" = Ad-Aware Security Toolbar "Adobe AIR" = Adobe AIR "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira Free Antivirus "Blair Witch Volume One - Rustin Parr" = Blair Witch Volume One - Rustin Parr "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "DivX Setup" = DivX-Setup "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free Audio Converter_is1" = Free Audio Converter version 2.2.16.324 "Free Studio_is1" = Free Studio version 5.1.7 "Free Video Dub_is1" = Free Video Dub version 1.8.10 "Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.7.718 "Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923 "Freemake Video Converter_is1" = Freemake Video Converter Version 2.3.4 "Google Chrome" = Google Chrome "Homeworld2" = Homeworld2 "HyperCam 3" = HyperCam 3 "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "InstallShield_{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3 "InstallShield_{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = VAIO - PMB VAIO Edition Plug-in "InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide "InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "JDownloader" = JDownloader "KEBau" = KEBau "lgx4.lgx.server" = G DATA Logox 4 Speechengine "LogMeIn Hamachi" = LogMeIn Hamachi "MAGIX 3D Maker D" = MAGIX 3D Maker (embeded) "MAGIX Screenshare D" = MAGIX Screenshare "MAGIX Speed burnR D" = MAGIX Speed burnR "MAGIX Video deluxe 16 Premium D" = MAGIX Video deluxe 16 Premium 9.0.0.54 (D) "MarketingTools" = VAIO Marketing Tools "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Moorhuhn-Sushi" = Moorhuhn-Sushi "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "Opera 11.50.1074" = Opera 11.50 "PictureIt_v9" = Microsoft Picture It! Foto Premium 9 "Secure Eraser_is1" = Secure Eraser v4.0 "Security Task Manager" = Security Task Manager 1.8d "splashtop" = VAIO Quick Web Access "SpywareBlaster_is1" = SpywareBlaster 4.4 "ST6UNST #1" = BEWERBUNGS-MASTER "Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 21970" = R.U.S.E "Steam App 240" = Counter-Strike: Source "Steam App 500" = Left 4 Dead "Steam App 550" = Left 4 Dead 2 "Steam App 57900" = Duke Nukem Forever "TeamViewer 6" = TeamViewer 6 "Trillian" = Trillian "TrueCrypt" = TrueCrypt "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "VAIO Help and Support" = "VAIO Premium Partners" = VAIO Premium Partners "VAIO screensaver" = VAIO screensaver "VeryPDF PDF2Word v3.0_is1" = VeryPDF PDF2Word v3.0 "VLC media player" = VLC media player 1.1.11 "webmmf" = WebM Media Foundation Components "Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.1.0 "WinLiveSuite" = Windows Live Essentials "Works2004Setup" = Setup-Start von Microsoft Works 2004 "ws4.webspeech" = G DATA WebSpeech 4 "Xfire" = Xfire (remove only) "ZoneAlarm Free" = ZoneAlarm Free "ZoneAlarm-Sicherheit Toolbar" = ZoneAlarm-Sicherheit Toolbar ========== Last 10 Event Log Errors ========== [ AKG_DGMNet Events ] Error - 22.06.2011 05:08:09 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0 Description = ---------------------------------- Name: Ohne ID: EMPTY Pfad: Aktiv: nein ---------------------------------- Name: Ohne ID: 45;D06E39D24D628187 Pfad: C:\Users\Gerd\Desktop\Ordner von xxxxxxx\EigenerName\Geografanwendung\projekt.vestra\DGM\Urgelände.dgm Aktiv: ja Error - 22.06.2011 05:08:11 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0 Description = Beim Generieren des XML-Dokuments ist ein Fehler aufgetreten. Error - 22.06.2011 05:08:11 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0 Description = bei System.Xml.Serialization.XmlSerializer.Serialize(XmlWriter xmlWriter, Object o, XmlSerializerNamespaces namespaces, String encodingStyle, String id) bei System.Xml.Serialization.XmlSerializer.Serialize(TextWriter textWriter, Object o, XmlSerializerNamespaces namespaces) bei System.Xml.Serialization.XmlSerializer.Serialize(TextWriter textWriter, Object o) bei AKG_DGMNet.DGMVerwaltung.UCVerwaltung.Serialize(String FileName) Error - 22.06.2011 05:08:11 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0 Description = ---------------------------------- Name: Ohne ID: EMPTY Pfad: Aktiv: nein ---------------------------------- Name: Urgelände ID: 45;D06E39D24D628187 Pfad: C:\Users\Gerd\Desktop\Ordner von xxxxxxx\EigenerName\Geografanwendung\projekt.vestra\DGM\Urgelände.dgm Aktiv: ja Error - 22.06.2011 05:08:11 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0 Description = Beim Generieren des XML-Dokuments ist ein Fehler aufgetreten. Error - 22.06.2011 05:08:11 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0 Description = bei System.Xml.Serialization.XmlSerializer.Serialize(XmlWriter xmlWriter, Object o, XmlSerializerNamespaces namespaces, String encodingStyle, String id) bei System.Xml.Serialization.XmlSerializer.Serialize(TextWriter textWriter, Object o, XmlSerializerNamespaces namespaces) bei System.Xml.Serialization.XmlSerializer.Serialize(TextWriter textWriter, Object o) bei AKG_DGMNet.DGMVerwaltung.UCVerwaltung.Serialize(String FileName) Error - 22.06.2011 05:08:11 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0 Description = ---------------------------------- Name: Ohne ID: EMPTY Pfad: Aktiv: nein ---------------------------------- Name: Urgelände ID: 45;D06E39D24D628187 Pfad: C:\Users\Gerd\Desktop\Ordner von xxxxxxx\EigenerName\Geografanwendung\projekt.vestra\DGM\Urgelände.dgm Aktiv: ja Error - 22.06.2011 05:08:13 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0 Description = Beim Generieren des XML-Dokuments ist ein Fehler aufgetreten. Error - 22.06.2011 05:08:13 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0 Description = bei System.Xml.Serialization.XmlSerializer.Serialize(XmlWriter xmlWriter, Object o, XmlSerializerNamespaces namespaces, String encodingStyle, String id) bei System.Xml.Serialization.XmlSerializer.Serialize(TextWriter textWriter, Object o, XmlSerializerNamespaces namespaces) bei System.Xml.Serialization.XmlSerializer.Serialize(TextWriter textWriter, Object o) bei AKG_DGMNet.DGMVerwaltung.UCVerwaltung.Serialize(String FileName) Error - 22.06.2011 05:08:13 | Computer Name = Chesspower-VAIO | Source = AKG_DGMNet | ID = 0 Description = ---------------------------------- Name: Ohne ID: EMPTY Pfad: Aktiv: nein ---------------------------------- Name: Urgelände ID: 45;D06E39D24D628187 Pfad: C:\Users\Gerd\Desktop\Ordner von xxxxxxx\EigenerName\Geografanwendung\projekt.vestra\DGM\Urgelände.dgm Aktiv: ja ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Geändert von Chesspower88 (27.11.2011 um 11:45 Uhr) Grund: Unter Extra Registry vergessen Use SafeList zu aktivieren. |
27.11.2011, 11:47 | #6 |
/// Malware-holic | Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe hiho achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Program Files (x86)\Microsoft\csrss.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Program Files (x86)\Microsoft\csrss.exe :Files C:\Program Files (x86)\Microsoft\csrss.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html
__________________ --> Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe |
27.11.2011, 12:13 | #7 |
| Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully. File C:\Program Files (x86)\Microsoft\csrss.exe not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully. File C:\Program Files (x86)\Microsoft\csrss.exe not found. ========== FILES ========== File\Folder C:\Program Files (x86)\Microsoft\csrss.exe not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: AppData User: Default ->Flash cache emptied: 56502 bytes User: Default User ->Flash cache emptied: 0 bytes User: Gerd ->Flash cache emptied: 2849396 bytes User: Public Total Flash Files Cleaned = 3,00 mb [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gerd ->Temp folder emptied: 23047325 bytes ->Temporary Internet Files folder emptied: 10326768 bytes ->Java cache emptied: 23982234 bytes ->FireFox cache emptied: 37783493 bytes ->Google Chrome cache emptied: 107703375 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 3229792 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1269362 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 149826 bytes RecycleBin emptied: 407896 bytes Total Files Cleaned = 198,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 11272011_120311 Files\Folders moved on Reboot... C:\Users\Gerd\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Gerd\AppData\Local\Temp\~DFBDDD84DE1C29FE66.TMP moved successfully. File\Folder C:\Windows\temp\ZLT025b9.TMP not found! Registry entries deleted on Reboot... |
27.11.2011, 12:19 | #8 |
/// Malware-holic | Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe ok, dann gehts hiermit weiter. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.11.2011, 13:16 | #9 |
| Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe Combofix Logfile: Code:
ATTFilter ComboFix 11-11-26.04 - Gerd 27.11.2011 12:51:47.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3950.2448 [GMT 1:00] ausgeführt von:: c:\users\Gerd\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Gerd\AppData\Roaming\.# c:\windows\IsUn0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2011-10-27 bis 2011-11-27 )))))))))))))))))))))))))))))) . . 2011-11-27 12:06 . 2011-11-27 12:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-27 11:08 . 2011-11-27 11:08 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B96C2C7-F320-44A0-9607-24CE4F9E919E}\offreg.dll 2011-11-26 08:27 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B96C2C7-F320-44A0-9607-24CE4F9E919E}\mpengine.dll 2011-11-26 03:59 . 2011-11-26 03:59 -------- d-----w- c:\program files (x86)\Zone Labs 2011-11-26 03:59 . 2011-11-26 03:59 -------- d-----w- c:\windows\SysWow64\Zonelabs 2011-11-25 21:41 . 2011-11-26 05:10 -------- d-----w- c:\programdata\SecTaskMan 2011-11-25 21:41 . 2011-11-25 21:41 -------- d-----w- c:\program files (x86)\Security Task Manager 2011-11-22 04:39 . 2011-11-22 04:39 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2011-11-18 15:33 . 2011-11-18 15:33 -------- d-----w- c:\users\Gerd\AppData\Roaming\ASCOMP Software 2011-11-18 15:33 . 2011-11-18 15:33 -------- d-----w- c:\program files (x86)\ASCOMP Software 2011-11-16 20:45 . 2011-11-26 09:25 -------- d-----w- c:\program files (x86)\SpywareBlaster 2011-11-16 12:01 . 2011-11-23 20:35 -------- d-----w- c:\users\Gerd\Alte Daten 2011-11-16 06:28 . 2011-11-16 06:28 -------- d-----w- c:\users\Gerd\AppData\Local\DDMSettings 2011-11-15 06:57 . 2011-11-27 10:05 -------- d-----w- c:\windows\Internet Logs 2011-11-15 06:57 . 2011-11-15 06:57 -------- d-----w- c:\users\Gerd\AppData\Local\Conduit 2011-11-15 06:44 . 2011-11-15 06:56 -------- d-----w- c:\program files (x86)\CheckPoint 2011-11-11 05:57 . 2011-11-11 05:57 -------- d-----w- c:\program files (x86)\IEAdblock 2011-11-09 18:37 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 18:37 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 18:37 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 18:37 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-09 15:46 . 2011-11-09 15:46 -------- d-----w- c:\program files\Agnitum 2011-11-09 15:42 . 2011-11-09 15:42 -------- d-----w- c:\programdata\Agnitum 2011-11-07 06:01 . 2011-11-07 06:01 -------- d-----w- c:\users\Gerd\AppData\Local\adaware 2011-11-07 06:01 . 2011-11-27 11:09 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2011-11-07 06:01 . 2011-11-07 06:01 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2011-11-07 06:01 . 2011-11-07 06:01 -------- d-----w- c:\program files (x86)\adawaretb 2011-11-05 13:54 . 2011-11-26 02:59 -------- d-----w- c:\users\Gerd\Tracing 2011-11-03 17:45 . 2011-11-03 17:45 -------- d-----w- c:\users\Gerd\AppData\Roaming\Avira 2011-11-03 17:45 . 2011-10-11 14:00 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-11-03 17:45 . 2011-10-11 14:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2011-11-03 17:45 . 2011-10-11 14:00 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-11-03 17:45 . 2011-11-03 17:45 -------- d-----w- c:\programdata\Avira 2011-11-03 17:45 . 2011-11-03 17:45 -------- d-----w- c:\program files (x86)\Avira 2011-11-03 11:31 . 2011-11-09 19:03 -------- d-----w- c:\users\Gerd\Logox für alle Anwendungen 2011-11-02 14:46 . 2011-11-02 14:46 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-11-02 14:45 . 2011-11-02 14:45 -------- d-----w- c:\program files (x86)\Java 2011-10-28 12:26 . 2011-10-28 12:26 -------- d-----w- c:\windows\system32\Macromed . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 09:01 . 2011-05-21 08:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-07 06:02 . 2011-09-10 23:25 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-11-03 11:06 . 2011-08-30 23:56 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-11-02 14:45 . 2010-08-20 14:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\SysWow64\dpl100.dll 2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll 2011-10-13 20:29 . 2011-10-13 20:29 28056 ----a-w- c:\windows\system32\xfcodec64.dll 2011-10-01 06:24 . 2011-10-01 06:24 73728 ----a-r- c:\users\Gerd\AppData\Roaming\Microsoft\Installer\{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}\NewShortcut5_D216F3B2761946D6B253BD0528BFB287.exe 2011-10-01 06:24 . 2011-10-01 06:24 69632 ----a-r- c:\users\Gerd\AppData\Roaming\Microsoft\Installer\{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}\NewShortcut7_D216F3B2761946D6B253BD0528BFB287.exe 2011-10-01 06:24 . 2011-10-01 06:24 65536 ----a-r- c:\users\Gerd\AppData\Roaming\Microsoft\Installer\{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}\NewShortcut1_D216F3B2761946D6B253BD0528BFB287.exe 2011-10-01 06:24 . 2011-10-01 06:24 65536 ----a-r- c:\users\Gerd\AppData\Roaming\Microsoft\Installer\{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}\ARPPRODUCTICON.exe 2011-10-01 06:24 . 2011-10-01 06:24 335872 ----a-r- c:\users\Gerd\AppData\Roaming\Microsoft\Installer\{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}\NewShortcut2_D216F3B2761946D6B253BD0528BFB287.exe 2011-09-10 15:18 . 2010-08-29 05:26 230864 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2011-09-08 20:57 . 2010-08-21 09:34 163840 ----a-w- c:\windows\LgxSetup.exe 2011-09-06 18:14 . 2011-04-21 19:30 253952 ------w- c:\windows\Setup1.exe 2011-09-06 18:14 . 2011-04-21 19:30 74752 ----a-w- c:\windows\ST6UNST.EXE 2011-09-01 05:24 . 2011-10-12 20:31 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 05:17 . 2011-10-12 20:31 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 05:12 . 2011-10-12 20:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-01 02:35 . 2011-10-12 20:31 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-09-01 02:28 . 2011-10-12 20:31 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-09-01 02:22 . 2011-10-12 20:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184] . [HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] 2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2010-04-27 09:08 2393184 ----a-w- c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440] . [HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-12-01 20:03 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "PMBVolumeWatcher"=c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe "IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe "Microsoft Works Update Detection"=c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "boincmgr"="c:\program files\BOINC\boincmgr.exe" /a /s "boinctray"="c:\program files\BOINC\boinctray.exe" "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "TrayServer"=c:\program files (x86)\MAGIX\Video_deluxe_16_Premium\TrayServer.exe "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin "SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 135664] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; [x] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992] R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\Drivers\AVerAF35.sys [x] R3 Bcfilter;Jetico Personal Firewall Network Monitor;c:\windows\system32\DRIVERS\bcfilter.sys [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 CPen;C-Pen;c:\windows\system32\Drivers\CPen.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 135664] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\DRIVERS\OXSDIDRV_x64.sys [x] R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X64.sys [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [x] R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248] R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 1021840] R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 bc_hash_f;BC_HASH_Filter; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224] S2 bcfsrm;Jetico Personal Firewall filesystem filter;c:\windows\system32\drivers\bcfsrm.sys [x] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336] S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672] S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 regi;regi;c:\windows\system32\drivers\regi.sys [x] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-12-09 1394504] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x] S3 BcfilterMP;BcfilterMP;c:\windows\system32\DRIVERS\bcfilter.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - Lavasoft Kernexplorer . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{07e84f41-11d5-4615-aaf6-368df0762b41}] 2011-07-01 09:38 153232 ---ha-w- c:\programdata\Duden\DKReg.exe . Inhalt des "geplante Tasks" Ordners . 2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 14:38] . 2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 14:38] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-08-06 171520] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.tagesschau.de/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to &Evernote - c:\program files (x86)\Evernote\Evernote3.5\enbar.dll/2000 IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube Download - c:\users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000 IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ 7.5\ICQ7.5\ICQ.exe IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - c:\progra~2\COMMON~1\WEBSPE~1.0\LgxIEBar.dll Trusted Zone: matheboard.de\www Trusted Zone: youtube.com\www TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\uxc6fp4v.default\ FF - prefs.js: browser.search.selectedEngine - Search the Web FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/|hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite|hxxp://www.youtube.com/|hxxp://www.allmystery.de/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-mcmscsvc SafeBoot-MCODS WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file) HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe HKLM-Run-ISW - (no file) AddRemove-Blair Witch Volume One - Rustin Parr - c:\windows\IsUn0407.exe AddRemove-Moorhuhn-Sushi - c:\windows\system32\MOORHU~1.SCR . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2011-11-27 13:12:59 ComboFix-quarantined-files.txt 2011-11-27 12:12 . Vor Suchlauf: 7 Verzeichnis(se), 215.172.706.304 Bytes frei Nach Suchlauf: 9 Verzeichnis(se), 214.645.305.344 Bytes frei . - - End Of File - - 709E53DE972059EBA5EE3834A99E3694 |
27.11.2011, 15:52 | #10 |
/// Malware-holic | Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.11.2011, 20:18 | #11 |
| Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8252 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 27.11.2011 20:16:57 mbam-log-2011-11-27 (20-16-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|I:\|) Durchsuchte Objekte: 569895 Laufzeit: 2 Stunde(n), 32 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\sectaskman\csrss.exe.q_quarantine_1278f006_q (Spyware.Password) -> Quarantined and deleted successfully. |
27.11.2011, 20:36 | #12 |
/// Malware-holic | Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe hi, gibts irgendwelche probleme mit dem pc?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.11.2011, 22:23 | #13 |
| Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe Nein, es gibt keine Probleme. Die Datei: csrss.exe.q_quarantine_1278f006_q War dann wohl noch ein Überbleibzel? Wo wurde nochmals das Logfile von Malwarebytes' Anti-Malware gespeichert? |
28.11.2011, 11:55 | #14 |
/// Malware-holic | Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe kannst du unter malwarebytes, logdateien sehen das ist die quarantäne von prozess explorer. wenn wir fertig sind musst du alle passwörter endern lade den CCleaner standard: CCleaner Download - CCleaner 3.12.1572 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.11.2011, 14:09 | #15 |
| Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe Ad-Aware Lavasoft Limited 30.08.2011 34,1MB 9.6.0 notwendig Ad-Aware Security Toolbar Lavasoft 06.11.2011 0.9.1.8 notwendig AdblockIE af0.net 10.11.2011 9,46MB 1.2 notwendig Adobe AIR Adobe Systems Inc. 02.10.2011 2.5.1.17730 unbekannt Adobe Community Help Adobe Systems Incorporated. 02.10.2011 3.4.980 unbekannt Adobe Download Manager NOS Microsystems Ltd. 05.03.2011 1.6.2.99 unbekannt Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 22.11.2011 6,00MB 11.1.102.55 notwendig Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 16.11.2011 6,00MB 11.1.102.55 notwendig Adobe Photoshop CS5.1 Adobe Systems Incorporated 02.10.2011 3.033MB 12.1 notwendig Adobe Reader X (10.1.1) - Deutsch Adobe Systems Incorporated 17.09.2011 165,9MB 10.1.1 notwendig Alps Pointing-device for VAIO ALPS ELECTRIC CO., LTD. 05.08.2010 unbekannt Apple Application Support Apple Inc. 31.03.2011 52,8MB 1.4.1 unbekannt Apple Software Update Apple Inc. 07.07.2011 2,38MB 2.1.3.127 unbekannt ArcSoft Magic-i Visual Effects 2 ArcSoft 05.08.2010 2.0.1.85 unbekannt ArcSoft WebCam Companion 3 ArcSoft 05.08.2010 3.0.21.278 unbekannt ATI Catalyst Install Manager ATI Technologies, Inc. 18.12.2010 22,3MB 3.0.769.0 notwendig Audacity 1.2.6 08.04.2011 notwendig Avira Free Antivirus Avira 03.11.2011 104,8MB 12.0.0.861 notwendig BEWERBUNGS-MASTER 05.09.2011 notwendig Black & White® 2 Lionhead Studios 24.06.2011 1.00.0000 notwendig Black & White® 2 Battle of the Gods Lionhead Studios 24.06.2011 1.00.0000 notwendig Blair Witch II Human Head Studios 17.12.2010 931MB 1.00.0000 notwendig Blair Witch Vol. III - Die Elly Kedward Sage 17.12.2010 notwendig Blair Witch Volume One - Rustin Parr 17.12.2010 notwendig BOINC Space Sciences Laboratory, U.C. Berkeley 06.03.2011 20,0MB 6.10.58 unnötig C-Pen Core C Technologies 15.03.2011 197,8MB 1.3.00 notwendig Call of Duty: Modern Warfare 2 Infinity Ward 20.08.2010 notwendig Call of Duty: Modern Warfare 2 - Multiplayer Infinity Ward 20.08.2010 notwendig Canon MX330 series MP Drivers 23.06.2011 notwendig CCleaner Piriform 27.11.2011 3.12 notwendig ChessBase Reader ChessBase 21.04.2011 2 unnötig Command & Conquer 3 Ihr Firmenname 16.07.2011 13.500MB 1.00.0000 notwendig Command & Conquer Generals Electronic Arts 14.07.2011 1.553MB 0.50.0000 notwendig Command & Conquer™ 3: Kanes Rache Ihr Firmenname 16.07.2011 11.558MB 1.00.0000 notwendig Command & Conquer™ Alarmstufe Rot 3 Electronic Arts 20.07.2011 8.422MB 1.0.1.0 notwendig Counter-Strike: Source Valve 03.08.2011 notwendig Deep Fritz 12 ChessBase 18.09.2010 12.0.0 notwendig Die Sims™ 3 Electronic Arts 05.05.2011 1.19.44 notwendig Die Sims™ 3 Design-Garten-Accessoires Electronic Arts 06.05.2011 7.0.55 notwendig Die Sims™ 3 Gib Gas-Accessoires Electronic Arts 07.05.2011 5.0.44 notwendig Die Sims™ 3 Late Night Electronic Arts 12.05.2011 6.0.81 notwendig Die Sims™ 3 Luxus-Accessoires Electronic Arts 06.05.2011 3.0.38 notwendig Die Sims™ 3 Reiseabenteuer Electronic Arts 12.05.2011 2.0.86 notwendig Die Sims™ 3 Traumkarrieren Electronic Arts 12.05.2011 4.0.87 notwendig Die*Sims™*3 Erstelle einen Sim Electronic Arts 12.05.2011 1.0.25 notwendig DivX-Setup DivX, LLC 15.11.2011 2.6.0.34 unbekannt Dual-Core Optimizer AMD 14.06.2011 86,00KB 1.1.4.0169 notwendig Duden Korrektor Bibliographisches Institut GmbH 30.09.2011 623MB 7.00.0000 notwendig Duden Korrektor Patch 022010 Bibliographisches Institut GmbH 30.09.2011 6,03MB 7.00.0000 notwendig Duke Nukem Forever Gearbox Software 14.06.2011 notwendig DVDVideoSoftTB Toolbar 26.12.2010 unnötig Einstellungen für VAIO-Inhaltsüberwachung Sony Corporation 20.03.2011 2.6.0.11050 unbekannt Evernote Evernote Corp. 05.08.2010 53,2MB 3.5.0.545 unbekannt Firebird SQL Server - MAGIX Edition MAGIX AG 18.04.2011 10,1MB 2.1.26.0 unbekannt Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 11.04.2011 15,4MB notwendig Free Audio Converter version 2.2.16.324 DVDVideoSoft Limited. 11.04.2011 26,3MB notwendig Free Studio version 5.1.7 DVDVideoSoft Ltd. 31.08.2011 370MB notwendig Free Video Dub version 1.8.10 DVDVideoSoft Limited. 08.04.2011 25,0MB notwendig Free YouTube Download 3 version 3.0.7.718 DVDVideoSoft Limited. 20.07.2011 44,7MB notwendig Free YouTube Download version 3.0.16.923 DVDVideoSoft Ltd. 08.10.2011 39,0MB notwendig Free YouTube to MP3 Converter version 3.10.11.923 DVDVideoSoft Ltd. 27.09.2011 42,4MB notwendig Freemake Video Converter Version 2.3.4 Ellora Assets Corporation 10.09.2011 46,4MB 2.3.4 notwendig Fritz 13 ChessBase 30.10.2011 919MB 13.0.0.0 notwendig Fritz Beginner ChessBase 21.04.2011 12.0.0 notwendig Fritz11 WM Edition ChessBase 18.09.2010 1.0 notwendig G DATA Logox 4 Speechengine G DATA Software AG 21.08.2010 notwendig G DATA WebSpeech 4 G DATA Software AG 21.08.2010 notwendig Google Chrome Google Inc. 16.09.2011 15.0.874.121 notwendig Google Earth Google 27.12.2010 84,4MB 6.1.0.5001 notwendig GPGNet Gas Powered Games 20.08.2010 97,8MB 1.0.0 notwendig GRID Codemasters 02.08.2011 1.30.0000 notwendig Homeworld2 Sierra 13.07.2011 notwendig HyperCam 3 Solveig Multimedia 02.09.2011 3.0.912.18 notwendig ICQ7.5 ICQ 08.05.2011 7.5 notwendig Intel(R) Control Center Intel Corporation 19.05.2010 1.2.1.1007 unbekannt Intel(R) Management Engine Components Intel Corporation 20.08.2010 6.0.0.1179 unbekannt Intel(R) Rapid Storage Technology Intel Corporation 19.05.2010 9.5.4.1001 unbekannt Intel(R) Turbo Boost Technology Driver Intel Corporation 19.05.2010 01.00.01.1002 unbekannt Iomega Encryption Iomega an EMC Company 28.11.2010 6,98MB 1.00.0003 unbekannt Java(TM) 6 Update 16 (64-bit) Sun Microsystems, Inc. 05.08.2010 90,8MB 6.0.160 unbekannt Java(TM) 6 Update 29 Oracle 01.11.2011 95,0MB 6.0.290 unbekannt JDownloader AppWork UG (haftungsbeschränkt) 26.02.2011 notwendig KEBau 21.03.2011 notwendig Left 4 Dead Valve 07.10.2010 notwendig Left 4 Dead 2 Valve 07.10.2010 notwendig Lock On: Air Combat Simulation 23.05.2011 1.00.000 notwendig LogMeIn Hamachi LogMeIn, Inc. 09.09.2011 2.1.0.124 notwendig Logox 4 Professional 07.09.2011 notwendig MAGIX 3D Maker (embeded) MAGIX AG 18.04.2011 6.0.0.8 unbekannt MAGIX Screenshare MAGIX AG 18.04.2011 4.3.6.1987 unbekannt MAGIX Speed burnR MAGIX AG 18.04.2011 6.0.1.4 unbekannt MAGIX Video deluxe 16 Premium 9.0.0.54 (D) MAGIX AG 18.04.2011 9.0.0.54 notwendig Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 26.11.2011 13,8MB 1.51.2.1300 notenwdig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.11.2010 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.11.2010 2,94MB 4.0.30319 unbekannt Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 10.08.2011 31,3MB 3.5.88.0 unbekannt Microsoft Games for Windows Marketplace Microsoft Corporation 10.08.2011 6,04MB 3.5.50.0 unbekannt Microsoft IntelliPoint 8.2 Microsoft Corporation 10.08.2011 8.20.468.0 unbekannt Microsoft IntelliType Pro 8.2 Microsoft Corporation 10.08.2011 8.20.468.0 unbekannt Microsoft Office Professional Plus 2010 Microsoft Corporation 21.11.2011 14.0.6029.1000 notwendig Microsoft Office XP Professional mit FrontPage Microsoft Corporation 14.06.2011 378MB 10.0.6626.0 unnötig Microsoft Picture It! Foto Premium 9 Microsoft Corporation 22.12.2010 9.0.0.0000 notwendig Microsoft Silverlight Microsoft Corporation 11.10.2011 140,1MB 4.0.60831.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 05.08.2010 1,72MB 3.1.0000 unbekannt Microsoft SQL Server Compact 3.5 SP1 English Microsoft Corporation 05.08.2010 2,59MB 3.5.5692.0 unbekannt Microsoft SQL Server Compact 3.5 SP1 x64 English Microsoft Corporation 05.08.2010 3,69MB 3.5.5692.0 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 21.08.2010 0,25MB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 21.08.2010 0,24MB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10.08.2011 2,37MB 8.0.59193 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 05.08.2010 0,69MB 8.0.61000 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 18.04.2011 0,57MB 8.0.51011 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 05.11.2010 0,19MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 18.04.2011 0,77MB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 18.04.2011 0,58MB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 20.12.2010 0,24MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 18.12.2010 0,77MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 14.06.2011 0,77MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 18.01.2011 4,32MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 18.12.2010 0,58MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 29.10.2010 0,57MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.01.2011 0,57MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14.06.2011 0,59MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 03.11.2011 4,56MB 10.0.40219 unbekannt Microsoft Visual J# 2.0 Redistributable Package Microsoft Corporation 20.08.2010 unbekannt Microsoft Works Microsoft Corporation 22.12.2010 247MB 07.03.0512 unnötig Microsoft WSE 3.0 Runtime Microsoft Corp. 05.05.2011 0,92MB 3.0.5305.0 unbekannt Moorhuhn 3 DL 19.02.2011 notwendig Moorhuhn-Sushi 19.02.2011 notwendig Mozilla Firefox 8.0 (x86 de) Mozilla 13.11.2011 34,9MB 8.0 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 21.08.2010 1,28MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 21.08.2010 1,33MB 4.20.9876.0 unbekannt Need for Speed™ Most Wanted 29.07.2011 notwendig Nero 8 Nero AG 11.12.2010 3.594MB 8.0.293 notwendig Office-Bibliothek Bibliographisches Institut & F.A. Brockhaus AG 28.08.2010 643MB 5.00.3 notwendig OpenAL 10.08.2011 unbekannt Opera 11.50 Opera Software ASA 09.08.2011 11.50.1074 notwendig PDFCreator Frank Heindörfer, Philip Chinery 18.01.2011 0.9.5 notwendig PMB Sony Corporation 05.08.2010 258MB 5.0.00.10260 unbekannt R.U.S.E Ubisoft 17.09.2011 notwendig Razer Lachesis Razer USA Ltd. 15.09.2011 1.10.0000 notwendig Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 05.08.2010 6.0.1.5992 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 05.08.2010 6.0.1.5992 notwendig Recuva Piriform 07.09.2011 1.40 notwendig RemoteComms External Disk Access PLX Technology 28.11.2010 5,55MB 1.25.0003 unbekannt Roxio Easy Media Creator 10 LJ Roxio 05.08.2010 125,0MB 10.3 unbekannt Secure Eraser v4.0 ASCOMP Software GmbH 17.11.2011 10,5MB notwendig Security Task Manager 1.8d Neuber Software 24.11.2011 1.8d unnötig Setting Utility Series Sony Corporation 05.08.2010 5.1.0.11200 unbekannt Setup-Start von Microsoft Works 2004 22.12.2010 unbekannt Silent Hill 2 - Directors Cut 14.05.2011 notwendig SILENT HILL 3 Konami Computer Entertainment Tokyo, Inc. 15.05.2011 4.971MB 1.00.0000 notwendig SILENT HILL 4 14.05.2011 1.00.000 notwendig Skype Click to Call Skype Technologies S.A. 24.10.2011 15,1MB 5.6.8442 notwendig Skype™ 5.5 Skype Technologies S.A. 24.10.2011 33,6MB 5.5.124 notwendig Sony Home Network Library Sony Corporation 20.03.2011 2.2.0.11240 unbekannt Spybot - Search & Destroy Safer Networking Limited 30.08.2010 1.6.2 notwendig SpywareBlaster 4.4 Javacool Software LLC 15.11.2011 4.4.0 notwendig Star Wars Battlefront II LucasArts 16.07.2011 1.0 notwendig Star Wars Empire at War LucasArts 16.07.2011 1.0 notwendig Star Wars Empire at War Forces of Corruption LucasArts 16.07.2011 1.0 notwendig Star Wars: The Force Unleashed Activision 05.10.2010 notwendig 1.1 Steam Valve Corporation 20.08.2010 42,3MB 1.0.0.0 notwendig Supreme Commander - Forged Alliance Gas Powered Games 20.08.2010 notwendig 1.00.0000 Sven Bømwøllen DL 19.02.2011 notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 01.05.2011 notwendig TeamViewer 6 TeamViewer GmbH 27.08.2011 6.0.11052 notwendig Trillian Cerulean Studios, LLC 27.08.2011 notwendig TrueCrypt TrueCrypt Foundation 09.09.2011 7.1 notwendig TuneUp Utilities TuneUp Software 20.08.2010 9.0.3000.52 notwendig Uninstall 1.0.0.1 30.04.2011 11,2MB unbekannt VAIO - PMB VAIO Edition Guide Sony Corporation 11.07.2011 72,4MB 1.5.00.03020 unbekannt VAIO - PMB VAIO Edition Plug-in Sony Corporation 18.08.2011 181,4MB 1.5.10.06150 unbekannt VAIO Content Metadata Intelligent Analyzing Manager Sony Corporation 20.03.2011 29,4MB 3.9.0.11260 unbekannt VAIO Content Metadata Intelligent Network Service Manager Sony Corporation 20.03.2011 12,3MB 3.9.0.11180 unbekannt VAIO Content Metadata Manager Settings Sony Corporation 20.03.2011 20,3MB 3.9.0.11180 unbekannt VAIO Content Metadata XML Interface Library Sony Corporation 20.03.2011 7,60MB 3.9.0.11180 unbekannt VAIO Control Center Sony Corporation 27.08.2010 4.1.1.07160 unbekannt VAIO Data Restore Tool Sony Corporation 05.08.2010 1.2.0.09150 unbekannt VAIO DVD Menu Data Sony Corporation 05.08.2010 2.4.00.05300 unbekannt VAIO Energie Verwaltung Sony Corporation 05.08.2010 5.0.0.11300 unbekannt VAIO Entertainment Platform Sony Corporation 20.03.2011 3.9.0.11160 unbekannt VAIO Event Service Sony Corporation 05.08.2010 5.1.0.12010 unbekannt VAIO Gate Sony Corporation 18.08.2011 2.4.0.06210 unbekannt VAIO Gate Default Sony Corporation 05.08.2010 1.0.0.10290 unbekannt VAIO Marketing Tools Sony Corporation 05.08.2010 unbekannt VAIO Media plus Sony Corporation 05.08.2010 2.0.1.10160 unbekannt VAIO Media plus Opening Movie Sony Corporation 05.08.2010 1.2.0.09100 unbekannt VAIO Movie Story Template Data Sony Corporation 05.08.2010 439MB 2.5.00.05300 unbekannt VAIO Original Funktion Einstellungen Sony Corporation 20.03.2011 2.3.0.11240 unbekannt VAIO Personalization Manager Sony Corporation 20.03.2011 59,6MB 3.0.0.11160 unbekannt VAIO Premium Partners Sony Europe 05.08.2010 1.0 unbekannt VAIO Quick Web Access Sony Corporation 27.08.2010 303MB 1.3.1.7 unbekannt VAIO screensaver Sony Europe 05.08.2010 1.0.0.0 unbekannt VAIO Smart Network Sony Corporation 18.12.2010 3.3.1.08110 unbekannt VAIO Update Sony Corporation 14.06.2011 5.4.1.04200 unbekannt VAIO Wallpaper Contents Sony Corporation 05.08.2010 2.0.0.06010 unbekannt VAIO-Support für Übertragungen Sony Corporation 27.08.2010 1.1.2.06030 unbekannt VeryPDF PDF2Word v3.0 VeryPDF.com Inc 28.02.2011 notwendig VLC media player 1.1.11 VideoLAN 27.07.2011 1.1.11 notwendig WebM Media Foundation Components WebM Project 06.10.2011 0.25.0.0 unbekannt WIDCOMM Bluetooth Software Broadcom Corporation 18.05.2010 144,4MB 6.2.1.500 unbekannt Windows 7 Codec Pack 3.1.0 Windows 7 Codec Pack 27.07.2011 notwendig Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) Broadcom 05.08.2010 09/09/2009 6.2.0.9405 unbekannt Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Broadcom 05.08.2010 07/28/2009 6.2.0.9800 unbekannt Windows Live Essentials Microsoft Corporation 07.08.2011 15.4.3538.0513 unbekannt Windows Live Sync Microsoft Corporation 01.09.2010 2,79MB 14.0.8117.416 unbekannt Windows-Treiberpaket - C Technologies AB (CPen) Input Pen (02/22/2010 3.0.0.2) C Technologies AB 15.03.2011 notwendig 02/22/2010 3.0.0.2 WinRAR 18.09.2010 notwendig WORLD IN CONFLICT: SOVIET ASSAULT Ubisoft Entertainment 16.07.2011 1.0.1.0 notwendig Xfire (remove only) 20.08.2010 notwendig ZoneAlarm Free Check Point 14.11.2011 60,0MB 10.1.056.000 notwendig ZoneAlarm-Sicherheit Toolbar ZoneAlarm-Sicherheit 14.11.2011 notwendig |
Themen zu Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe |
alarm, analyse, anhang, csrss.exe, datei, einfach, erkennen, files, firewall, google, interne, internet, kurze, löschen, microsoft, problem, schlägt, stark, systemleistung, taskmanager, tjojaner, trojaner, trojaner-board, unbekannter, virus, virusprogramm, wahrscheinlich, windows |