Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
cmd.exe und mahmud.exe - Bundespolizei Trojaner

cmd.exe und mahmud.exe - Bundespolizei Trojaner


Plagegeister aller Art und deren Bekämpfung: cmd.exe und mahmud.exe - Bundespolizei Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.11.2011, 23:22   #1
martin2und3
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner


Hallo,

ich habe leider folgendes Problem bzw. Auffälligkeit:

ich hatte vor ungefähr zwei Wochen den Bundespolizei-Trojaner (das ucash-Ding) auf meinem Laptop. Eigentlich dachte ich, ich hätte das ganz gut in den Griff bekommen bzw. hab Antiviren/Malware-Programme drüberlaufen lassen (AntiVir, Malewarebytes und AdAware).

Seit dem hatte ich kein Problem mehr damit, allerdings startet in regelmäßigen Abständen jetzt immer die cmd.exe (windows/system32/cmd.exe) bzw. das Fenster blinkt für einen ganz kurzen Moment auf und verschwindet wieder (scheint aber nichts auszuführen, soweit ich das erkennen kann ist Fenster schwarz)

Bin mir jetzt aber nicht sicher ob ich nicht das gleich wie hier:

http://www.trojaner-board.de/105278-...r-ucash-2.html

habe (was dann wohl der trojan.banker wäre, wenn ich das richtig verstanden habe). Online-Banking habe ich seit längerer Zeit nicht mehr gemacht, allerdings letztens was bei amazon bestellt...


Vielen Dank für die Hilfe!!


PS: Habe die cmd.exe bei VirusTotal hochgeladen, wurde aber nicht als Maleware erkannt

Alt 01.12.2011, 07:43   #2
Chris4You
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner


Hi,

schonmal geprüft ob da eine Task im Aufgabenmanager angelegt ist...?

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

chris
__________________

__________________
Alt 01.12.2011, 09:07   #3
martin2und3
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner


erst mal vielen dank für die schnelle Antwort.

Bei dem OTL Scan kommt folgendes raus


Extra.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.12.2011 08:57:00 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Mock\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 54,19% Memory free
6,07 Gb Paging File | 4,65 Gb Available in Paging File | 76,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179,48 Gb Total Space | 39,93 Gb Free Space | 22,25% Space Free | Partition Type: NTFS
 
Computer Name: MOCK | User Name: Mock | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\PROGRAM FILES\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DB227C9-27B1-4C6B-999E-42C490BA7271}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{334B9019-922F-422F-AF7E-B6014A71AE67}" = lport=49486 | protocol=6 | dir=in | name=akamai netsession interface | 
"{3690EFC6-1EC0-4859-A728-5DAEB618229B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{3B34A9FF-9624-4C4D-9DD5-4979B7CE52ED}" = lport=5721 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4002 | 
"{3E5243D8-93E5-49FB-8DB9-9CF21B04F31A}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 | 
"{4D84FE09-4B53-4C78-849C-DB9CCE9DF133}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 | 
"{4F08216E-068D-4E9A-93AE-70ABEB9C003E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 | 
"{57F7DF3E-B431-4D18-A1E7-8AFDCBBBAA80}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{5E2B7684-E40F-45DC-BBD1-91EEED476B44}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{6D0B97FC-5272-4784-82D9-F7A655853670}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 | 
"{6E2CF416-FF24-4AA1-9DCB-578221E12106}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{73406CD2-6F7C-419C-AAF7-0DFDC15D90C9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8C2DA504-E276-4922-9958-439D35855557}" = lport=5721 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4002 | 
"{8E6D3953-9566-4A54-BE8E-C770516B4702}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D71E8B33-1C02-41A9-B976-4775641D4C87}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E4316C2D-CFAA-48ED-B511-543E7ECC9DD7}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{EACE51EF-E68E-4BBC-999A-9C45B98AF6A1}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E276B88-932B-4D8D-948C-98F00244155D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{240F6ACE-ECAD-4725-91C7-45B933CB4794}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{4C893B30-5886-42A5-91BC-EAFCF4C4FDE9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{573E4573-75B6-4DA8-8FCD-546B2E0E0095}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7AD69C0B-449F-4ED2-B0FE-66DE8FEC6F38}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{88FD1923-9682-4250-8F19-EC4F3554FC23}" = protocol=6 | dir=in | app=c:\users\mock\appdata\local\akamai\netsession_win.exe | 
"{B374CD70-FFAC-4E0D-BB8F-E4D861EC8F8B}" = protocol=17 | dir=in | app=c:\users\mock\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B7D64ED8-AECC-45A8-9D01-52FFB7FF2F62}" = protocol=17 | dir=in | app=c:\users\mock\appdata\local\akamai\netsession_win.exe | 
"{D963AE34-AFB9-4F72-9F11-0030901D5BCE}" = protocol=6 | dir=in | app=c:\users\mock\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F74BDF39-B1CE-4A8D-8BF0-2817D2679DBC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{F9C46D92-3DAE-4EDA-A1D2-C7EAD7068F51}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{5CF4B9ED-F6AF-4C94-BF79-153162F52E9E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{F6C3F5F0-8D73-44F1-8CC6-D7DBAF8ADF3A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{3F16CD0B-DD34-446A-AF99-F9ABE8D5B570}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E8048E09-19A4-4E3C-95AD-33B4F0330CDB}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}" = Windows Mobile-Gerätecenter
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{23DD6DAA-DDEF-41F5-A527-CECF07FA2CAF}" = 1500
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = 
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi-Software
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat  8 Standard - English, Français, Deutsch
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile Device Center Driver Update
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D17D6E7A-DF1E-41E9-B8C2-0078110221A3}" = VAIO Update Merge Module x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat  8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.3.0 Standard
"Adobe Acrobat  8 Standard - English, Français, Deutsch_830" = Adobe Acrobat 8.3.0 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"ASUS Skin" = ASUS Skin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"bxmig" = Favorit
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"dt icon module" = 
"Eraser" = Eraser
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"gtfirstboot Setting Request" = 
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"LucasArts' TIE Fighter" = LucasArts' TIE Fighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MFU Module" = 
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA Drivers" = NVIDIA Drivers
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"ProInst" = Intel PROSet Wireless
"Revo Uninstaller" = Revo Uninstaller 1.93
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"USB Scanner" = USB Scanner
"VAIO Help and Support" = 
"VAIO_My Club VAIO" = My Club VAIO
"VLC media player" = VLC media player 1.1.7
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
"WinRAR archiver" = WinRAR
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.11.2011 08:05:03 | Computer Name = Mock | Source = VSS | ID = 8194
Description = 
 
Error - 29.11.2011 08:07:26 | Computer Name = Mock | Source = Windows Search Service | ID = 3040
Description = 
 
Error - 29.11.2011 08:09:30 | Computer Name = Mock | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = 
 
Error - 29.11.2011 08:12:22 | Computer Name = Mock | Source = VSS | ID = 8194
Description = 
 
Error - 29.11.2011 08:29:25 | Computer Name = Mock | Source = VSS | ID = 8194
Description = 
 
Error - 30.11.2011 06:17:36 | Computer Name = Mock | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.11.2011 06:26:37 | Computer Name = Mock | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.11.2011 17:35:56 | Computer Name = Mock | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.31.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1300  Anfangszeit: 01ccafa7f1933750  Zeitpunkt der Beendigung:
 16
 
Error - 01.12.2011 02:42:35 | Computer Name = Mock | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.12.2011 03:51:56 | Computer Name = Mock | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 30.11.2011 21:55:13 | Computer Name = Mock | Source = DCOM | ID = 10010
Description = 
 
Error - 30.11.2011 21:55:24 | Computer Name = Mock | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 01.12.2011 02:42:01 | Computer Name = Mock | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Mobile Intel(R) 45 Express Chipset Series PCI Express Root
 Port - 2A41" (PCI\VEN_8086&DEV_2A41&SUBSYS_9025104D&REV_07\3&21436425&0&08) wurde
 ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 01.12.2011 02:42:36 | Computer Name = Mock | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.12.2011 02:42:36 | Computer Name = Mock | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.12.2011 02:42:52 | Computer Name = Mock | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.12.2011 03:51:18 | Computer Name = Mock | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Mobile Intel(R) 45 Express Chipset Series PCI Express Root
 Port - 2A41" (PCI\VEN_8086&DEV_2A41&SUBSYS_9025104D&REV_07\3&21436425&0&08) wurde
 ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 01.12.2011 03:51:57 | Computer Name = Mock | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.12.2011 03:51:57 | Computer Name = Mock | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.12.2011 03:51:57 | Computer Name = Mock | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
--- --- ---




_________________


und
OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.12.2011 08:57:00 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Mock\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 54,19% Memory free
6,07 Gb Paging File | 4,65 Gb Available in Paging File | 76,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179,48 Gb Total Space | 39,93 Gb Free Space | 22,25% Space Free | Partition Type: NTFS
 
Computer Name: MOCK | User Name: Mock | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mock\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
PRC - C:\Programme\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\09d9d35b68b4fe07c1d2f25e2533f21e\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\dbcb4baf3d2ed9e62645bd332fc221f2\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\6b2ee1fdc6a182722db04af9c3cd10c3\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.0.0.4140__1b3c579b6925895f\SPMDam.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.0.0.4140__e3c7096ba83f9295\SPMCommon.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Nero BackItUp Scheduler 4.0) --  File not found
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_d768ebc.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PCToolsFirewallPlus) -- C:\Programme\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (pctplfw) -- C:\Windows\System32\drivers\pctplfw.sys (PC Tools)
DRV - (pctNDIS) -- C:\Windows\System32\drivers\pctNdis.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (PCTFW-DNS) -- C:\Windows\System32\drivers\pctNdis-DNS.sys (PC Tools)
DRV - (pctgntdi) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (PCTAppEvent) -- C:\Windows\System32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (ZYXEL750) -- C:\Windows\System32\drivers\WLANUTG.SYS (Texas Instruments)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (shpf) -- C:\Windows\system32\DRIVERS\shpf.sys (Sony Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SPI) -- C:\Windows\System32\drivers\SonyPI.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (VNUSB) -- C:\Windows\System32\drivers\VNUSB.sys (OLYMPUS IMAGING CORP.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "en.wikipedia.org/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.4.3
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://pac.lrz-muenchen.de/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.06.20 22:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\PROGRAM FILES\Mozilla Firefox\components [2010.05.31 12:27:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\PROGRAM FILES\Mozilla Firefox\plugins [2011.06.21 08:50:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.23 19:37:58 | 000,000,000 | ---D | M]
 
[2010.11.26 21:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mock\AppData\Roaming\mozilla\Extensions
[2010.11.26 21:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mock\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.30 11:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mock\AppData\Roaming\mozilla\Firefox\Profiles\0ad0zd7d.default\extensions
[2010.08.07 11:42:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mock\AppData\Roaming\mozilla\Firefox\Profiles\0ad0zd7d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.06 22:27:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Mock\AppData\Roaming\mozilla\Firefox\Profiles\0ad0zd7d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.29 13:29:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Mock\AppData\Roaming\mozilla\Firefox\Profiles\0ad0zd7d.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011.04.12 19:41:15 | 000,002,059 | ---- | M] () -- C:\Users\Mock\AppData\Roaming\Mozilla\Firefox\Profiles\0ad0zd7d.default\searchplugins\daemon-search.xml
[2011.11.17 10:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.10.13 00:29:35 | 000,000,000 | ---D | M] (Firefox Companion for eBay) -- C:\Programme\Mozilla Firefox\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010.06.05 09:12:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.31 12:25:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.18 14:35:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.23 15:11:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.21 09:22:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.11.17 10:34:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010.06.05 09:12:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.31 12:25:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.18 14:35:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.23 15:11:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.21 09:22:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.11.17 10:34:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.11.27 05:56:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2008.11.27 05:56:37 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2008.11.27 05:56:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2008.11.27 05:56:37 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2008.11.27 05:56:37 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.25 17:04:34 | 000,000,762 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mock\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - Startup: C:\Users\Mock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mock\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52965E3B-500A-4AE9-B258-7897E0E4ED09}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Mock\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mock\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\Shell - "" = AutoRun
O33 - MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe
O33 - MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\Shell - "" = AutoRun
O33 - MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.30 22:35:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mock\Desktop\OTL.exe
[2011.11.30 22:14:37 | 000,000,000 | ---D | C] -- C:\Users\Mock\Desktop\cmd
[2011.11.30 18:10:31 | 000,000,000 | ---D | C] -- C:\Users\Mock\Desktop\computerspiele entwickler werden - fragezeichen
[2011.11.29 13:03:03 | 000,000,000 | ---D | C] -- C:\Users\Mock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.11.29 13:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011.11.29 12:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2011.11.29 12:57:17 | 002,617,176 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Mock\Desktop\revosetup193.exe
[2011.11.29 12:49:51 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.11.29 12:49:50 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.11.29 12:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011.11.29 12:49:13 | 000,000,000 | ---D | C] -- C:\Users\Mock\AppData\Roaming\TuneUp Software
[2011.11.29 12:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2011.11.29 12:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.11.29 12:46:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.11.29 12:45:12 | 026,489,760 | ---- | C] (TuneUp Software) -- C:\Users\Mock\Desktop\TuneUpUtilities2012_de-DE.exe
[2011.11.29 12:43:34 | 000,000,000 | ---D | C] -- C:\Users\Mock\AppData\Local\PackageAware
[2011.11.27 21:28:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.11.26 18:59:48 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.11.26 18:58:33 | 000,000,000 | ---D | C] -- C:\Users\Mock\AppData\Roaming\Malwarebytes
[2011.11.26 18:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.26 18:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.26 18:58:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.26 18:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.26 18:51:40 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Mock\Desktop\mbam-setup-1.51.2.1300.exe
[2011.11.24 12:11:06 | 000,000,000 | ---D | C] -- C:\Users\Mock\AppData\Roaming\Avira
[2011.11.24 12:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.11.24 12:05:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.11.24 12:05:35 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.11.24 12:05:35 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.11.24 12:05:35 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.11.24 12:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.11.24 12:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.11.17 10:34:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.11.17 10:34:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.11.17 10:34:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.11.11 14:45:12 | 000,000,000 | ---D | C] -- C:\Users\Mock\Desktop\League_of_Extraordinary_Gentlemen_V2
[2011.11.11 14:45:06 | 000,000,000 | ---D | C] -- C:\Users\Mock\Desktop\The_League_of_Extraordinary_Gentlemen_Vol_3_-__Century_1910
[2011.11.11 14:44:57 | 000,000,000 | ---D | C] -- C:\Users\Mock\Desktop\The_League_of_Extraordinary_Gentlemen__-_The_Black_Dossier
[2011.11.11 10:29:59 | 000,000,000 | ---D | C] -- C:\Users\Mock\AppData\Local\Akamai
[2011.11.03 20:50:51 | 000,000,000 | ---D | C] -- C:\Users\Mock\dwhelper
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.01 08:56:35 | 000,040,993 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.01 08:56:35 | 000,040,993 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.01 08:56:21 | 000,732,432 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.01 08:56:21 | 000,681,988 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.01 08:56:21 | 000,170,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.01 08:56:21 | 000,138,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.01 08:51:15 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.01 08:51:15 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.01 08:51:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.01 07:47:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.11.30 22:35:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mock\Desktop\OTL.exe
[2011.11.29 23:32:53 | 000,000,227 | ---- | M] () -- C:\Users\Mock\Desktop\good bad worse.rtf
[2011.11.29 19:02:47 | 004,031,101 | ---- | M] () -- C:\Users\Mock\Desktop\System der politischen Oekonomie.pdf
[2011.11.29 19:01:32 | 000,052,836 | ---- | M] () -- C:\Users\Mock\Desktop\Georg_Franck_Wien.pdf
[2011.11.29 13:09:26 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2011.11.29 12:57:23 | 002,617,176 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Mock\Desktop\revosetup193.exe
[2011.11.29 12:45:50 | 026,489,760 | ---- | M] (TuneUp Software) -- C:\Users\Mock\Desktop\TuneUpUtilities2012_de-DE.exe
[2011.11.28 16:12:12 | 000,000,853 | ---- | M] () -- C:\Users\Mock\Desktop\berliner staatsbib - werbung.rtf
[2011.11.27 13:34:41 | 000,003,805 | ---- | M] () -- C:\Users\Mock\Desktop\werner herzog.rtf
[2011.11.26 18:59:47 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.11.26 18:51:59 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Mock\Desktop\mbam-setup-1.51.2.1300.exe
[2011.11.24 11:05:25 | 084,419,032 | ---- | M] () -- C:\Users\Mock\Desktop\avira_free_antivirus_de.exe
[2011.11.22 18:55:54 | 000,401,796 | ---- | M] () -- C:\Users\Mock\Desktop\Kreatives_Schreiben_M_Falkenberg.pdf
[2011.11.21 15:42:57 | 000,128,915 | ---- | M] () -- C:\Users\Mock\Desktop\das kapital - neu lesen.pdf
[2011.11.21 15:36:11 | 000,004,446 | ---- | M] () -- C:\Users\Mock\Desktop\kapital.rtf
[2011.11.18 14:13:54 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.11.18 14:13:54 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.11.13 11:11:53 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.07 23:41:35 | 000,002,735 | ---- | M] () -- C:\Users\Mock\Desktop\versprechen - krimi.rtf
[2011.11.06 14:43:37 | 000,648,692 | ---- | M] () -- C:\Users\Mock\Desktop\IJN_carrier_Amagi_capsized_off_Kure_in_1946.jpg
[2011.11.05 13:47:52 | 000,023,522 | ---- | M] () -- C:\Users\Mock\Desktop\alan moore - behind the painted smile.rtf
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.29 23:32:52 | 000,000,227 | ---- | C] () -- C:\Users\Mock\Desktop\good bad worse.rtf
[2011.11.29 19:02:47 | 004,031,101 | ---- | C] () -- C:\Users\Mock\Desktop\System der politischen Oekonomie.pdf
[2011.11.29 19:00:14 | 000,052,836 | ---- | C] () -- C:\Users\Mock\Desktop\Georg_Franck_Wien.pdf
[2011.11.29 13:06:38 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2011.11.29 12:49:41 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011.11.28 16:12:12 | 000,000,853 | ---- | C] () -- C:\Users\Mock\Desktop\berliner staatsbib - werbung.rtf
[2011.11.27 13:01:01 | 000,003,805 | ---- | C] () -- C:\Users\Mock\Desktop\werner herzog.rtf
[2011.11.24 11:02:56 | 084,419,032 | ---- | C] () -- C:\Users\Mock\Desktop\avira_free_antivirus_de.exe
[2011.11.22 18:47:24 | 000,401,796 | ---- | C] () -- C:\Users\Mock\Desktop\Kreatives_Schreiben_M_Falkenberg.pdf
[2011.11.21 15:42:57 | 000,128,915 | ---- | C] () -- C:\Users\Mock\Desktop\das kapital - neu lesen.pdf
[2011.11.21 15:33:51 | 000,004,446 | ---- | C] () -- C:\Users\Mock\Desktop\kapital.rtf
[2011.11.07 23:40:06 | 000,002,735 | ---- | C] () -- C:\Users\Mock\Desktop\versprechen - krimi.rtf
[2011.11.06 14:43:37 | 000,648,692 | ---- | C] () -- C:\Users\Mock\Desktop\IJN_carrier_Amagi_capsized_off_Kure_in_1946.jpg
[2011.11.05 13:47:52 | 000,023,522 | ---- | C] () -- C:\Users\Mock\Desktop\alan moore - behind the painted smile.rtf
[2011.05.02 20:37:40 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.01.24 16:05:30 | 000,164,247 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.01.24 16:04:47 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.01.02 02:38:12 | 000,000,268 | RH-- | C] () -- C:\Users\Mock\AppData\Roaming\manual
[2011.01.02 02:38:12 | 000,000,268 | RH-- | C] () -- C:\ProgramData\AccountTypes
[2011.01.02 02:38:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011.01.02 02:35:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\vhosts
[2011.01.02 02:35:39 | 000,000,268 | RH-- | C] () -- C:\Users\Mock\AppData\Roaming\laserjet
[2011.01.02 02:35:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.09.25 23:11:28 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010.09.08 15:44:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.03.16 15:59:24 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2010.03.16 15:59:24 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.01.09 23:37:57 | 000,267,031 | ---- | C] () -- C:\Users\Mock\AppData\Local\khlptqub_nav.dat
[2010.01.09 23:37:57 | 000,003,497 | ---- | C] () -- C:\Users\Mock\AppData\Local\khlptqub.dat
[2010.01.09 23:37:57 | 000,003,084 | ---- | C] () -- C:\Users\Mock\AppData\Local\khlptqub_navps.dat
[2009.12.16 20:13:07 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009.10.20 21:17:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.20 21:17:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.20 21:17:00 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.10.01 11:12:34 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2009.10.01 00:41:21 | 000,000,090 | ---- | C] () -- C:\Users\Mock\AppData\Local\yseqcc.bat
[2009.06.21 23:55:50 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.04.24 19:38:15 | 000,000,532 | ---- | C] () -- C:\Users\Mock\AppData\Roaming\wklnhst.dat
[2009.03.07 00:20:56 | 000,000,092 | ---- | C] () -- C:\Users\Mock\AppData\Local\fusioncache.dat
[2009.01.30 18:41:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.10.25 22:53:36 | 000,000,162 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.10.13 02:04:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.13 01:01:47 | 000,051,712 | ---- | C] () -- C:\Users\Mock\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.07 11:32:08 | 000,000,680 | ---- | C] () -- C:\Users\Mock\AppData\Local\d3d9caps.dat
[2008.09.19 22:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.19 22:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.08.05 08:02:20 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008.08.05 07:49:27 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.07.09 09:29:34 | 000,040,993 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.07.09 09:29:34 | 000,040,993 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.07.09 08:42:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.06.25 01:07:22 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.06.25 01:07:02 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.06.25 01:06:56 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.01.21 09:31:48 | 000,732,432 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:31:48 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:31:48 | 000,170,640 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:31:48 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.30 09:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.04.16 02:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:43 | 002,509,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,681,988 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,138,366 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.04.17 09:14:00 | 000,097,388 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2000.08.29 08:40:10 | 000,006,137 | ---- | C] () -- C:\Windows\System32\E1.ini
[2000.08.02 14:47:20 | 000,026,112 | ---- | C] () -- C:\Windows\RunUnDrv.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 172 bytes -> C:\Users\Mock\Desktop\Immatrikulationsbescheinigung.JPG:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >
--- --- ---
__________________
Geändert von martin2und3 (01.12.2011 um 09:16 Uhr)

Alt 01.12.2011, 09:44   #4
Chris4You
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner


Hi,

wir setzen doch nicht etwa nicht lizensierte SW ein?
O1 - Hosts: 127.0.0.1 activate.adobe.com

Bitte den Inhalt (nicht ausführen) von folgender Datei posten:
C:\Users\Mock\AppData\Local\yseqcc.bat


Dateien Online überprüfen lassen:
  • Suche die Seite Virustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Windows\RunUnDrv.exe
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Reste einer alten Infektionsind auch noch drauf...
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O33 - MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\Shell - "" = AutoRun
O33 - MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe
O33 - MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\Shell - "" = AutoRun
O33 - MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
[2010.01.09 23:37:57 | 000,267,031 | ---- | C] () -- C:\Users\Mock\AppData\Local\khlptqub_nav.dat
[2010.01.09 23:37:57 | 000,003,497 | ---- | C] () -- C:\Users\Mock\AppData\Local\khlptqub.dat
[2010.01.09 23:37:57 | 000,003,084 | ---- | C] () -- C:\Users\Mock\AppData\Local\khlptqub_navps.dat
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C31F31E6

:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 01.12.2011, 10:02   #5
martin2und3
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner


okay, hier erst mal das Ergebnis von VT zur RunUnDrv.exe



0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
RunUnDrv.exe
Submission date:
2011-12-01 08:41:49 (UTC)
Current status:
queued queued analysing finished
Result:
1/ 43 (2.3%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.11.30.00 2011.11.30 -
AntiVir 7.11.18.142 2011.12.01 -
Antiy-AVL 2.0.3.7 2011.12.01 -
Avast 6.0.1289.0 2011.11.30 -
AVG 10.0.0.1190 2011.11.30 -
BitDefender 7.2 2011.12.01 -
ByteHero 1.0.0.1 2011.11.29 -
CAT-QuickHeal 12.00 2011.12.01 -
ClamAV 0.97.3.0 2011.12.01 -
Commtouch 5.3.2.6 2011.12.01 -
Comodo 10797 2011.12.01 -
DrWeb 5.0.2.03300 2011.12.01 -
Emsisoft 5.1.0.11 2011.12.01 -
eSafe 7.0.17.0 2011.11.30 Win32.Malware
eTrust-Vet 37.0.9596 2011.11.30 -
F-Prot 4.6.5.141 2011.11.29 -
F-Secure 9.0.16440.0 2011.12.01 -
Fortinet 4.3.388.0 2011.12.01 -
GData 22.292/22.543 2011.12.01 -
Ikarus T3.1.1.109.0 2011.12.01 -
Jiangmin 13.0.900 2011.11.30 -
K7AntiVirus 9.119.5570 2011.11.30 -
Kaspersky 9.0.0.837 2011.12.01 -
McAfee 5.400.0.1158 2011.12.01 -
McAfee-GW-Edition 2010.1D 2011.12.01 -
Microsoft 1.7903 2011.12.01 -
NOD32 6668 2011.11.29 -
Norman 6.07.13 2011.11.30 -
nProtect 2011-12-01.01 2011.12.01 -
Panda 10.0.3.5 2011.11.30 -
PCTools 8.0.0.5 2011.12.01 -
Prevx 3.0 2011.12.01 -
Rising 23.86.03.01 2011.12.01 -
Sophos 4.71.0 2011.12.01 -
SUPERAntiSpyware 4.40.0.1006 2011.12.01 -
Symantec 20111.2.0.82 2011.12.01 -
TheHacker 6.7.0.1.352 2011.11.30 -
TrendMicro 9.500.0.1008 2011.12.01 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.01 -
VBA32 3.12.16.4 2011.12.01 -
VIPRE 11186 2011.12.01 -
ViRobot 2011.12.1.4802 2011.12.01 -
VirusBuster 14.1.93.0 2011.11.30 -
Additional information
Show all
MD5 : 36ed1e6cf0e94ff49c5dc8fcffedc7ea
SHA1 : 1eec6ed7292db8c8c9e1cf766b8f87c2fbfdab4b
SHA256: e84f8c7be8db133ebb7b063b14d6d7278daa5af4f6962e35806f5f7820e3b8ba
ssdeep: 384:8Zoc4n9T+TJKoDlU36dobGsudZ7R+4HvTZe3mgMz:8Zoc8+hKd7QPHvA3mg
File size : 26112 bytes
First seen: 2009-01-31 15:57:17
Last seen : 2011-12-01 08:41:49
TrID:
Win32 Executable MS Visual C++ (generic) (63.0%)
Win32 Executable Generic (14.2%)
Win32 Dynamic Link Library (generic) (12.6%)
Clipper DOS Executable (3.3%)
Generic Win/DOS Executable (3.3%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: InstallShield 2000
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x18C0
timedatestamp....: 0x39881859 (Wed Aug 02 12:47:21 2000)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x2F36, 0x3000, 6.38, c7585e40ff94551847bf9a5642e559ac
.rdata, 0x4000, 0x866, 0xA00, 4.68, 4995e5f32a7868a0e6ce1d7552ce9985
.data, 0x5000, 0x2C18, 0x2800, 0.80, 9691b26a510b127e9baf2d702d2aedcb

[[ 2 import(s) ]]
KERNEL32.dll: GetACP, DeleteFileA, CopyFileA, GetTempFileNameA, GetTempPathA, FreeLibrary, SetErrorMode, GetProcAddress, LoadLibraryA, MultiByteToWideChar, FreeEnvironmentStringsA, VirtualAlloc, HeapAlloc, GetLastError, GetFileAttributesA, ExitProcess, TerminateProcess, GetCurrentProcess, SetFileAttributesA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, GetCPInfo, GetPrivateProfileStringA, GetOEMCP, UnhandledExceptionFilter, GetModuleFileNameA, GetStringTypeW, HeapFree, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, SetHandleCount, GetStdHandle, GetFileType, HeapDestroy, HeapCreate, VirtualFree, RtlUnwind, WriteFile, LCMapStringA, LCMapStringW, GetStringTypeA
USER32.dll: GetTopWindow, MessageBoxA, wsprintfA
ExifTool:
file metadata
CodeSize: 12288
EntryPoint: 0x18c0
FileSize: 26 kB
FileType: Win32 EXE
ImageVersion: 0.0
InitializedDataSize: 14336
LinkerVersion: 5.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2000:08:02 14:47:21+02:00
UninitializedDataSize: 0

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!





bin mir gerade nicht ganz sicher wie ich den Inhalt der yseqcc.bat posten soll ohne sie ausversehen auszuführen.. geht das irgendwie mit "öffnen mit" oder wie mache ich das? oder kann ich die einfach mit nem doppelklick öffnen?


Alt 01.12.2011, 10:11   #6
martin2und3
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner


und hier noch das Ergebnis von OTL


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\ not found.
File E:\setup\rsrc\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\ not found.
File E:\Directx\dxsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dba770ca-794c-11de-bc3d-001a80d630c1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dba770ca-794c-11de-bc3d-001a80d630c1}\ not found.
File G:\setup\rsrc\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dba770ca-794c-11de-bc3d-001a80d630c1}\ not found.
File G:\Directx\dxsetup.exe not found.
C:\Users\Mock\AppData\Local\khlptqub_nav.dat moved successfully.
C:\Users\Mock\AppData\Local\khlptqub.dat moved successfully.
C:\Users\Mock\AppData\Local\khlptqub_navps.dat moved successfully.
ADS C:\ProgramData\TEMP:B606BA34 deleted successfully.
ADS C:\ProgramData\TEMP:C31F31E6 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 16498 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41818 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mock
->Temp folder emptied: 96621174 bytes
->Temporary Internet Files folder emptied: 9484700 bytes
->Java cache emptied: 10974745 bytes
->FireFox cache emptied: 97057368 bytes
->Flash cache emptied: 427749 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1249280 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12040444 bytes
RecycleBin emptied: 871425696 bytes

Total Files Cleaned = 1.048,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mock
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12012011_100250

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Antwort

Themen zu cmd.exe und mahmud.exe - Bundespolizei Trojaner
adaware, bli, blinkt, bundespolizei trojaner, cmd.exe, e-banking, erkannt, erkennen, fenster, folge, folgendes, griff, hilfe!, kurze, mahmud.exe, nicht mehr, nicht sicher, nichts, online-banking, problem, schwarz, startet, trojane, trojaner, verschwindet, virus, virustotal, woche, wochen


« Startseite www.searchqu.com/406 | Kein WLAN nach vermeintlicher Virenentfernung (Win XP) »


Ähnliche Themen: cmd.exe und mahmud.exe - Bundespolizei Trojaner


  1. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (2)
  2. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 16.09.2012 (18)
  3. Trojaner ''Bundespolizei''
    Plagegeister aller Art und deren Bekämpfung - 28.07.2012 (1)
  4. Bundespolizei Trojaner - mahmud.exe?
    Plagegeister aller Art und deren Bekämpfung - 11.12.2011 (1)
  5. mahmud.exe, wahrscheinlich noch mehr...
    Log-Analyse und Auswertung - 08.12.2011 (12)
  6. TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe
    Log-Analyse und Auswertung - 29.11.2011 (24)
  7. BKA Trojaner (mahmud.exe) win xp sp3 32bit
    Log-Analyse und Auswertung - 23.10.2011 (1)
  8. Bundespolizei Trojaner OTL Log
    Log-Analyse und Auswertung - 19.08.2011 (7)
  9. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.08.2011 (8)
  10. Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (7)
  11. Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.08.2011 (1)
  12. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.08.2011 (1)
  13. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 15.08.2011 (1)
  14. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (1)
  15. Trojaner der Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 14.08.2011 (5)
  16. Trojaner Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 12.08.2011 (1)
  17. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 07.08.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema cmd.exe und mahmud.exe - Bundespolizei Trojaner - Hallo, ich habe leider folgendes Problem bzw. Auffälligkeit: ich hatte vor ungefähr zwei Wochen den Bundespolizei-Trojaner (das ucash-Ding) auf meinem Laptop. Eigentlich dachte ich, ich hätte das ganz gut in - cmd.exe und mahmud.exe - Bundespolizei Trojaner...
Archiv
Du betrachtest: cmd.exe und mahmud.exe - Bundespolizei Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19