| |
| |||||||
Log-Analyse und Auswertung: mehrere Trojaner (Spy Banker, Stolen Data, Malware Gen/Trace, Trojan Passwords, Zbot)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.11.2011, 00:54
| #1 |
 |  mehrere Trojaner (Spy Banker, Stolen Data, Malware Gen/Trace, Trojan Passwords, Zbot) Hallo, ich helfe hier einer Freundin die mehrere Trojaner auf ihrem Rechner hat.  Vor eingen Tagen rief sie mich an, weil ihr PC nicht mehr startete (laut Telefon der Bundeskriminalamt-Trojaner). Ich riet ihr im abgesichterten Modus zu starten und die Systemwiederherstellung zu benutzen, danach sollte sie ihren installierten Avira Virenscanner drüberlaufen lassen (davon habe ich leider keinen Log) und danach Malwarebytes zu benutzen (Log im Anhang). Ich hab ihr noch dringend nahegelegt an einem anderen "sauberen" Pc all ihre benutzten Passwörter zu ändern. Dann sollte sie mit OTL einen Scan machen (die OTL im Text, die OTL Extras im Anhang) Zuletzt hat sie nochmal mit Avira einen Scan gemacht (Log im Anhang) Jetzt die Frage: Kann man das System noch retten oder muss sie alles neu installieren? (was aufgrund einiger Software aus Amerika ein größeres Problem für sie wäre) Viele Grüße, Frank Code:
ATTFilter OTL logfile created on: 24.11.2011 17:37:58 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\***\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 73,58% Memory free 4,84 Gb Paging File | 4,09 Gb Available in Paging File | 84,54% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 225,88 Gb Total Space | 6,32 Gb Free Space | 2,80% Space Free | Partition Type: NTFS Computer Name: VALUED-C47410C8 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe () PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Common Files\aol\1231712899\ee\aolsoftware.exe (AOL LLC) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation) PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Program Files\intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) PRC - C:\Program Files\intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\AOL 9.1\waol.exe (AOL, LLC.) PRC - C:\Program Files\AOL 9.1\shellmon.exe (AOL, LLC.) PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe () MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\SSOle.dll () MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\NetModule.dll () MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\IMFilter.dll () MOD - C:\Program Files\intel\WiFi\bin\iWMSProv.dll () MOD - C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll () MOD - C:\Program Files\AOL 9.1\xmltok.dll () MOD - C:\Program Files\AOL 9.1\xmlparse.dll () MOD - C:\Program Files\AOL 9.1\zlib.dll () MOD - C:\WINDOWS\system32\sst1cl3.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (EvtEng) -- C:\Program Files\intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (S24EventMonitor) -- C:\Program Files\intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC) SRV - (WmcCds) Windows Media Connect (WMC) -- c:\Program Files\Windows Media Connect\mswmccds.exe (Microsoft Corporation) SRV - (WmcCdsLs) Windows Media Connect (WMC) -- C:\Program Files\Windows Media Connect\mswmcls.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys (ATI Research Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (shpf) -- C:\WINDOWS\system32\DRIVERS\shpf.sys (Sony Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (5U875UVC) -- C:\WINDOWS\system32\drivers\5U875.sys (Ricoh co.,Ltd.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) DRV - (MemAlloc) -- C:\WINDOWS\system32\drivers\MemAlloc.sys (Pinnacle Systems GmbH) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople IE - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.comodo.com/search/ IE - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5047 [2011.11.22 21:36:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.14 10:25:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.10 23:42:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5047 [2011.11.22 21:36:48 | 000,000,000 | ---D | M] [2009.01.11 22:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Application Data\Mozilla\Extensions [2011.11.14 10:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.05.15 11:32:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.11.22 21:36:48 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5047 [2011.11.14 10:25:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.20 16:25:12 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll [2010.01.20 16:25:12 | 000,185,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll [2010.01.20 16:25:23 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll [2008.08.16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2008.08.16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2008.08.16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2010.01.20 16:25:27 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll [2008.05.21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll [2008.05.21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll [2008.05.21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll [2010.01.20 16:25:09 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2008.08.16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2008.08.16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2011.10.11 20:47:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.11 20:47:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.11 20:47:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.11 20:47:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.11 20:47:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.11 20:47:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.11.13 07:56:08 | 000,287,274 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com O1 - Hosts: 9902 more lines... O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O4 - HKLM..\Run: [3170 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe () O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc) O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation) O4 - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.) O4 - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.fotokasten.de/javaapplet/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FE964C-593E-48BC-A6E0-9151928C1B5F}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - File not found O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVDIdle Pro\DVDShell.dll (Fengtao Software Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.29 10:54:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{93648f4e-b02b-11dd-9986-00215d83ecf8}\Shell - "" = AutoRun O33 - MountPoints2\{93648f4e-b02b-11dd-9986-00215d83ecf8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{93648f4e-b02b-11dd-9986-00215d83ecf8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\Shell - "" = AutoRun O33 - MountPoints2\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\Shell - "" = AutoRun O33 - MountPoints2\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.22 21:36:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5047 [2011.11.22 21:32:35 | 002,123,536 | ---- | C] (SANDBOXIE L.T.D) -- C:\Documents and Settings\***\Desktop\SandboxieInstall360.exe [2011.11.22 21:25:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\***\Desktop\OTL.exe [2011.11.22 19:35:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\components [2011.11.21 22:11:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5045 [2011.11.19 14:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2011.11.19 14:00:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5043 [2011.11.16 21:29:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5041 [2011.11.16 21:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock [2011.11.10 23:42:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2011.11.10 23:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011.11.10 23:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2011.11.10 23:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.11.10 23:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.11.10 23:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.11.10 23:35:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2004.11.24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.24 08:12:45 | 000,053,391 | ---- | M] () -- C:\VETlog.dmp [2011.11.24 08:11:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.11.24 08:10:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.11.23 18:31:31 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.23 18:15:01 | 000,000,212 | RHS- | M] () -- C:\boot.ini [2011.11.23 07:23:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.11.22 23:56:53 | 018,199,202 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Hochzeit_ (432)_.jpg [2011.11.22 23:25:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.22 21:32:36 | 002,123,536 | ---- | M] (SANDBOXIE L.T.D) -- C:\Documents and Settings\***\Desktop\SandboxieInstall360.exe [2011.11.22 21:25:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\***\Desktop\OTL.exe [2011.11.22 21:16:43 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res [2011.11.17 23:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011.11.15 12:30:32 | 004,812,929 | ---- | M] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (1068).jpg [2011.11.15 12:27:30 | 003,657,677 | ---- | M] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (958).jpg [2011.11.15 12:24:36 | 003,529,865 | ---- | M] () -- C:\Documents and Settings\***\T+S Hochzeit Fotograf (971).jpg [2011.11.15 12:21:58 | 003,696,815 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Hochzeit_ (432).jpg [2011.11.15 11:37:40 | 002,096,133 | ---- | M] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (629)_20x25.jpg [2011.11.15 09:25:55 | 002,143,335 | ---- | M] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (616)_20x25.jpg [2011.11.10 23:42:08 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2011.11.10 23:40:44 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2011.11.10 23:40:44 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011.11.10 23:39:40 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011.11.10 19:56:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.11.07 23:29:24 | 000,000,067 | ---- | M] () -- C:\WINDOWS\DVDIdlePro.INI [2011.11.07 19:15:45 | 002,640,719 | ---- | M] () -- C:\Documents and Settings\***\Desktop\UNKNOWN_PARAMETER_VALUE.pdf [2011.11.07 19:13:03 | 002,640,719 | ---- | M] () -- C:\Documents and Settings\***\Desktop\UNKNOWN_PARAMETER_VALUE [2011.11.01 23:00:37 | 000,444,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.11.01 23:00:37 | 000,072,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.22 23:48:25 | 018,199,202 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Hochzeit_ (432)_.jpg [2011.11.16 21:28:41 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res [2011.11.15 12:10:31 | 004,812,929 | ---- | C] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (1068).jpg [2011.11.15 12:01:52 | 003,529,865 | ---- | C] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (971).jpg [2011.11.15 11:54:29 | 003,696,815 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Hochzeit_ (432).jpg [2011.11.15 11:52:03 | 003,657,677 | ---- | C] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (958).jpg [2011.11.15 09:32:06 | 002,096,133 | ---- | C] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (629)_20x25.jpg [2011.11.15 09:25:52 | 002,143,335 | ---- | C] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (616)_20x25.jpg [2011.11.10 23:42:08 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2011.11.10 23:39:40 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011.11.10 19:56:06 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011.11.07 19:15:19 | 002,640,719 | ---- | C] () -- C:\Documents and Settings\***\Desktop\UNKNOWN_PARAMETER_VALUE.pdf [2011.11.07 19:12:39 | 002,640,719 | ---- | C] () -- C:\Documents and Settings\***\Desktop\UNKNOWN_PARAMETER_VALUE [2010.08.08 17:04:43 | 000,113,768 | ---- | C] () -- C:\WINDOWS\Wiainst.exe [2010.08.08 17:04:36 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2010.08.08 17:04:36 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll [2010.08.08 17:04:36 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2010.08.08 17:04:36 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll [2010.08.08 17:04:36 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll [2010.08.08 17:03:17 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2010.08.08 17:02:44 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sst1cl3.dll [2010.06.28 21:56:02 | 000,743,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010.06.22 23:12:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.05.13 20:56:00 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010.04.08 19:44:02 | 000,085,464 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.02.09 21:21:22 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI [2009.12.24 14:51:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2009.09.02 21:20:08 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe [2009.08.16 11:38:13 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5a.DLL [2009.08.15 13:57:31 | 000,001,171 | ---- | C] () -- C:\WINDOWS\Stars.ini [2009.07.27 18:11:34 | 000,128,000 | ---- | C] () -- C:\Program Files\UNWISE.EXE [2009.07.27 18:11:34 | 000,006,006 | ---- | C] () -- C:\Program Files\UNWISE.INI [2009.06.28 23:43:47 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\PUTTY.RND [2009.04.29 21:23:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.02.07 16:05:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL [2009.01.11 23:36:28 | 000,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009.01.11 22:26:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.01.11 20:52:34 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDIdlePro.INI [2009.01.11 20:46:36 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.26 11:35:32 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat [2008.12.19 15:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008.12.17 17:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008.12.17 17:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 17:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.12.17 17:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008.12.17 16:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008.11.12 07:04:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.11.11 22:02:15 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\fusioncache.dat [2008.07.29 15:23:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.07.29 13:59:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2008.07.29 13:22:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008.07.29 13:22:08 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008.07.29 13:22:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008.07.29 13:22:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008.07.29 13:22:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008.07.29 13:22:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008.07.29 11:29:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008.07.29 11:26:52 | 001,991,464 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2008.07.29 11:26:50 | 000,432,400 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2008.07.29 11:26:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll [2008.07.29 11:12:04 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe [2008.07.29 11:11:43 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2008.07.29 11:11:43 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2008.07.29 11:11:43 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2008.07.29 11:11:42 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2008.07.29 11:09:34 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat [2008.07.29 10:59:30 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini [2008.07.29 10:56:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.07.29 10:53:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.07.29 10:43:34 | 000,000,764 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008.07.29 10:43:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008.07.29 10:43:23 | 000,444,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008.07.29 10:43:23 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008.07.29 10:43:23 | 000,072,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008.07.29 10:43:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008.07.29 10:43:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN [2008.07.29 10:43:22 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT [2008.07.29 10:43:22 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2008.07.29 10:43:20 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008.07.29 10:43:20 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008.07.29 10:43:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008.07.29 10:43:15 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2008.07.29 03:50:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.07.29 03:50:12 | 002,372,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.07.28 23:55:21 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe [2007.12.06 18:55:12 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2006.11.02 16:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2004.10.03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2003.01.07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002.06.12 20:21:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\winchip.dll [2001.11.14 20:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2010.08.08 17:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2010.03.07 21:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle [2010.03.07 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus [2009.12.25 23:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate [2009.06.03 21:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc [2010.03.07 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14 [2008.07.29 13:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB [2008.07.29 13:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2009.09.05 12:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2008.07.29 13:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2010.04.05 20:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.09.19 12:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2011.08.02 21:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Cisco [2010.08.04 20:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Crossword Compiler Deutsch 8 [2011.11.23 22:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Dropbox [2009.02.02 21:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\FinalBurner Video DVD [2010.04.18 08:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ICAClient [2008.12.26 11:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\InterVideo [2009.09.05 18:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Viewpoint [2010.01.20 16:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\webex [2008.11.11 22:02:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job [2008.11.11 22:02:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job [2008.11.11 22:02:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job ========== Purity Check ========== < End of report > |
| Themen zu mehrere Trojaner (Spy Banker, Stolen Data, Malware Gen/Trace, Trojan Passwords, Zbot) |
| amerika, antivir, avira, bho, bonjour, browser, dringend, error, excel, explorer, fast start, firefox, fontcache, format, frage, helper, hängen, logfile, malware, monitor, mozilla, plug-in, problem, realtek, registry, safer networking, scan, sched.exe, software, starten, stolen data, studio, trojaner, version=1.0 |
Baum-Darstellung