falsche Weiterleitung bei Google-Suchergebnissen

Kreuzmaler · 02.12.2012, 22:52

Hallo,

ich habe vermutlich auch das Problem mit einem Trojaner: beim Anklicken von Suchergebnissen werden nicht die gewünschte Seite aufgerufen. Im Internet hab ich mich schon belesen, auch antimalware durchlaufen lassen, aber dabei ist nix rausgekommen. Deswegen wende ich mich jetzt an euch. Vielleicht könnt ihr mir weiterhelfen, was fantastisch wäre.

Hijack hatte ich bereits ausprobiert, doch leider fehlt mir das Können, damit umzugehen bzw. Fehler rauszufinden. Aber OTL und GMER hab ich schon mal entsprechend der Einsteigerhinweise durchgeführt. Hoffentlich richtig

Extras

OTL Extras logfile created on: 28.11.2012 18:56:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Diverses
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1014,42 Mb Total Physical Memory | 596,70 Mb Available Physical Memory | 58,82% Memory free
2,38 Gb Paging File | 1,94 Gb Available in Paging File | 81,29% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 46,57 Gb Total Space | 27,87 Gb Free Space | 59,86% Space Free | Partition Type: NTFS
Drive D: | 27,96 Gb Total Space | 13,74 Gb Free Space | 49,13% Space Free | Partition Type: NTFS

Computer Name: PETER | User Name: Hanspeter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Programme\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Google\Google Talk\googletalk.exe" = C:\Programme\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\DownloadManager\jre\bin\javaw.exe" = C:\Programme\DownloadManager\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Google AFE
"{48E9DE14-39D1-4974-91A6-D4E1836F648D}" = SafeGuard® PrivateDisk 1.00.6 - Try and Buy Version
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.4
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{BBFFB027-7D53-4E1B-95BC-35A2216D1D60}" = VAIO Long Battery Life Wallpaper
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.20
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}" = HP LaserJet Professional CP1020 Series
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"OpenMG HotFix4.4-05-12-06-01" = OpenMG Limited Patch 4.4-06-13-19-01
"Opera 12.11.1661" = Opera 12.11
"Picasa2" = Picasa 2
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"ShockwaveFlash" = Macromedia Flash Player 8
"Skype_is1" = Skype 2.0
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15.10.2012 11:05:46 | Computer Name = PETER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul mshtml.dll, Version 6.0.2900.2838, Fehleradresse 0x00072016.

Error - 06.11.2012 12:05:22 | Computer Name = PETER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung k-pacs-lite.exe, Version 0.0.0.0, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.

< End of report >

GERM
GMER 1.0.15.15641 - h**p://www.gmer.net
Rootkit scan 2012-12-02 19:20:37
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541080G9AT00 rev.MB4OA60A
Running: ge3fleb6.exe; Driver: C:\DOKUME~1\Hanspeter\LOKALE~1\Temp\pgldapow.sys

---- System - GMER 1.0.15 ----

SSDT F7BA0DC4 ZwClose
SSDT F7BA0D7E ZwCreateKey
SSDT F7BA0DCE ZwCreateSection
SSDT F7BA0D74 ZwCreateThread
SSDT F7BA0D83 ZwDeleteKey
SSDT F7BA0D8D ZwDeleteValueKey
SSDT F7BA0DBF ZwDuplicateObject
SSDT F7BA0D92 ZwLoadKey
SSDT F7BA0D60 ZwOpenProcess
SSDT F7BA0D65 ZwOpenThread
SSDT F7BA0DE7 ZwQueryValueKey
SSDT F7BA0D9C ZwReplaceKey
SSDT F7BA0DD8 ZwRequestWaitReplyPort
SSDT F7BA0D97 ZwRestoreKey
SSDT F7BA0DD3 ZwSetContextThread
SSDT F7BA0DDD ZwSetSecurityObject
SSDT F7BA0D88 ZwSetValueKey
SSDT F7BA0DE2 ZwSystemDebugControl
SSDT F7BA0D6F ZwTerminateProcess

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Opera\opera.exe[932] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 018BED8F
.text C:\Programme\Opera\opera.exe[932] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 018C031F
.text C:\Programme\Opera\opera.exe[932] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 018C015D
.text C:\Programme\Opera\opera.exe[932] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 018BFDD3
.text C:\Programme\Opera\opera.exe[932] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 018C0082
.text C:\Programme\Opera\opera.exe[932] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 018C0238
.text C:\Programme\Opera\opera.exe[932] GDI32.dll!TextOutW 77EF7EAC 5 Bytes JMP 018BFFB6
.text C:\Programme\Opera\opera.exe[932] GDI32.dll!ExtTextOutW 77EF8086 5 Bytes JMP 018C04EA
.text C:\Programme\Opera\opera.exe[932] GDI32.dll!TextOutA 77EFBA4F 5 Bytes JMP 018BFEEA
.text C:\Programme\Opera\opera.exe[932] GDI32.dll!ExtTextOutA 77EFD3FA 5 Bytes JMP 018C0406
.text C:\Programme\Opera\opera.exe[932] GDI32.dll!GetGlyphIndicesA 77F1DFE3 5 Bytes JMP 018C08AA
.text C:\Programme\Opera\opera.exe[932] GDI32.dll!GetGlyphIndicesW 77F32604 5 Bytes JMP 018C0977
.text C:\Programme\Opera\opera.exe[932] WS2_32.dll!getaddrinfo 71A12A6F 5 Bytes JMP 018BE8FB
.text C:\Programme\Opera\opera.exe[932] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 018BFD2C
.text C:\Programme\Opera\opera.exe[932] WS2_32.dll!send 71A14C27 5 Bytes JMP 018BF8A1
.text C:\Programme\Opera\opera.exe[932] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 018BFAC8
.text C:\Programme\Opera\opera.exe[932] WS2_32.dll!gethostbyname 71A15355 5 Bytes JMP 018BE83A
.text C:\Programme\Opera\opera.exe[932] WS2_32.dll!recv 71A1676F 5 Bytes JMP 018BF946
.text C:\Programme\Opera\opera.exe[932] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 018BF9F4
.text C:\Programme\Opera\opera.exe[932] WS2_32.dll!WSAAsyncGetHostByName 71A1E99D 5 Bytes JMP 018BECB0
.text C:\Programme\Opera\opera.exe[932] WININET.dll!InternetCrackUrlW 408B40C0 5 Bytes JMP 018C0D86
.text C:\Programme\Opera\opera.exe[932] WININET.dll!InternetCrackUrlA 408D4938 5 Bytes JMP 018C0C3D

---- EOF - GMER 1.0.15 ----

OTL
OTL logfile created on: 28.11.2012 18:56:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Diverses
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1014,42 Mb Total Physical Memory | 596,70 Mb Available Physical Memory | 58,82% Memory free
2,38 Gb Paging File | 1,94 Gb Available in Paging File | 81,29% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 46,57 Gb Total Space | 27,87 Gb Free Space | 59,86% Space Free | Partition Type: NTFS
Drive D: | 27,96 Gb Total Space | 13,74 Gb Free Space | 49,13% Space Free | Partition Type: NTFS

Computer Name: PETER | User Name: Hanspeter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.28 18:46:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Diverses\OTL.exe
PRC - [2012.11.26 18:37:54 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.26 18:37:42 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.26 18:37:42 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.17 10:36:08 | 001,015,912 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2012.01.13 09:53:48 | 000,939,624 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe
PRC - [2010.05.12 17:33:35 | 002,627,384 | R--- | M] (HP) -- C:\Programme\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE
PRC - [2008.09.16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.11.28 13:38:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005.11.28 13:38:42 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005.11.28 13:38:34 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005.10.19 22:07:34 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe
PRC - [2005.05.20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe
PRC - [2004.07.06 14:15:38 | 000,040,960 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
PRC - [2004.02.20 14:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ISB Utility\ISBMgr.exe
PRC - [2003.11.07 09:21:28 | 000,114,688 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe
PRC - [2003.02.26 03:08:42 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe
PRC - [2002.03.14 16:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe

========== Modules (No Company Name) ==========

MOD - [2012.09.19 18:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.05.12 17:33:35 | 000,126,264 | R--- | M] () -- C:\WINDOWS\system32\HPCP1020LM.dll
MOD - [2007.04.02 17:19:22 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005.05.20 17:42:20 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\VAIO Event Service\VESBasePS.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.11.26 18:37:54 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.26 18:37:42 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.19 08:00:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.01.13 09:53:48 | 000,939,624 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2008.09.16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2006.01.16 09:25:02 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006.01.06 21:25:12 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005.12.21 09:06:28 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005.11.28 13:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005.11.28 13:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005.11.28 13:38:34 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005.11.25 13:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005.11.24 16:03:22 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005.11.24 15:57:44 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005.11.24 15:47:30 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005.10.11 11:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2005.10.11 11:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2005.07.14 18:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005.05.20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.11.13 14:58:05 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.11.13 14:58:05 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.13 14:58:05 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.12 17:33:35 | 000,020,792 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hppcbulkio.sys -- (HPFXBULKLEDM)
DRV - [2006.02.20 22:12:00 | 000,077,824 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2006.01.17 17:32:44 | 003,325,312 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2005.11.07 05:58:30 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.10.18 08:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.10.18 08:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.10.18 08:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.09.21 10:22:42 | 000,468,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2005.06.29 06:35:10 | 003,173,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004.07.06 14:07:06 | 000,045,627 | R--- | M] (Utimaco Safeware AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\privatediskm.sys -- (PrivateDisk)
DRV - [2003.09.29 05:31:38 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000.12.05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000.11.09 11:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKCU\..\SearchScopes,DefaultScope = {62E128CA-C601-4238-8473-5B550B0A5348}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{62E128CA-C601-4238-8473-5B550B0A5348}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google AFE\GoogleAFE.dll (Google)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [HP CP1020 System Tray] C:\Programme\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE (HP)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350313290244 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.02.23 12:14:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.27 22:14:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Malwarebytes
[2012.11.27 22:14:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.11.27 22:14:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.11.27 22:14:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.11.27 22:14:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.11.27 22:03:16 | 000,000,000 | ---D | C] -- C:\Programme\DownloadManager
[2012.11.27 21:52:22 | 000,000,000 | ---D | C] -- C:\Programme\Hijack This
[2012.11.26 19:32:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012.11.10 19:29:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Micha\Desktop\2012-11-10
[2012.11.02 19:21:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Micha\Desktop\Mueckel
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.28 18:54:21 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\defogger_reenable
[2012.11.28 18:47:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.11.28 18:02:58 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\GKGHWHWMK.job
[2012.11.28 18:02:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.28 18:02:55 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.25 23:15:39 | 000,049,719 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Desktop\av-lachen-ist-medizin_web.jpg
[2012.11.25 23:03:50 | 000,131,072 | RHS- | M] () -- C:\WINDOWS\System32\mssign32H.dll
[2012.11.21 11:21:49 | 000,001,750 | -H-- | M] () -- C:\Dokumente und Einstellungen\Micha\Eigene Dateien\Default.rdp
[2012.11.20 09:30:22 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.11.20 08:53:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.11.20 08:51:58 | 000,482,032 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.11.20 08:51:58 | 000,459,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.11.20 08:51:58 | 000,094,862 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.11.20 08:51:58 | 000,078,942 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.11.13 14:58:05 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.11.13 14:58:05 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.11.13 14:58:05 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.11.11 09:01:02 | 003,425,662 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Desktop\Urban_Gardening1.mobi
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.28 18:54:21 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\defogger_reenable
[2012.11.25 23:03:50 | 000,131,072 | RHS- | C] () -- C:\WINDOWS\System32\mssign32H.dll
[2012.11.25 23:03:50 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\GKGHWHWMK.job
[2012.11.11 09:01:00 | 003,425,662 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Desktop\Urban_Gardening1.mobi
[2012.11.04 21:19:57 | 000,049,719 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Desktop\av-lachen-ist-medizin_web.jpg
[2012.10.28 13:41:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.10.22 22:14:32 | 000,169,480 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.10.22 21:56:50 | 000,126,264 | R--- | C] () -- C:\WINDOWS\System32\HPCP1020LM.dll
[2012.10.19 07:27:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.10.15 16:28:09 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.10.15 16:25:34 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.10.15 16:16:25 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

========== ZeroAccess Check ==========

[2006.02.23 12:32:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 21:28:07 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.10.28 13:54:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thomson.ResearchSoft.Installers
[2012.11.28 18:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Canon
[2012.11.15 11:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\EndNote
[2012.10.15 16:07:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Opera
[2012.10.19 07:21:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\sony

========== Purity Check ==========

< End of report >

Bin dankbar für jeden Hinweis!

markusg · 03.12.2012, 00:19

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
[2012.11.25 23:03:50 | 000,131,072 | RHS- | M] () -- C:\WINDOWS\System32\mssign32H.dll
[2012.11.25 23:03:50 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\GKGHWHWMK.job
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.

Frage:
hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt?
wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.

Kreuzmaler · 03.12.2012, 18:02

Hallo Markus,

also hab OTL ausgeführt wie du es beschrieben hast. Das Textdokument lautet wie folgt:
All processes killed
========== OTL ==========
File move failed. C:\WINDOWS\system32\mssign32H.dll scheduled to be moved on reboot.
C:\WINDOWS\tasks\GKGHWHWMK.job moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Micha
->Flash cache emptied: 15015 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 37133 bytes

User: Micha
->Temp folder emptied: 140289917 bytes
->Temporary Internet Files folder emptied: 183981737 bytes
->Opera cache emptied: 55189354 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5879289 bytes
RecycleBin emptied: 3664515323 bytes

Total Files Cleaned = 3.862,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12032012_173239

Files\Folders moved on Reboot...
C:\WINDOWS\system32\mssign32H.dll moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_a8.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Bezüglich deiner Frage, kann ich mich nicht an irgendeine Installation erinnern oder dergleichen...ganz ausschließen kann ich's aber auch nicht.
Der Upload hat geklappt und bei der summary-info.txt stand:

System volume information: dwHighDateTime = 0x1cdaae7,dwLowDateTime = 0x135ad6a0
System32: dwHighDateTime = 0x1c63870,dwLowDateTime = 0xed28412e
dwSerialNumber = 0x54a58ef0

Danke schonmal für deine Hilfe! Grüße

markusg · 03.12.2012, 18:29

danke
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Kreuzmaler · 03.12.2012, 21:27

...beim TDSSKiller ist Folgendes beim Report rausgekommen:

21:19:05.0562 2468 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:19:05.0750 2468 ============================================================
21:19:05.0750 2468 Current date / time: 2012/12/03 21:19:05.0750
21:19:05.0750 2468 SystemInfo:
21:19:05.0750 2468
21:19:05.0750 2468 OS Version: 5.1.2600 ServicePack: 3.0
21:19:05.0750 2468 Product type: Workstation
21:19:05.0750 2468 ComputerName: PETER
21:19:05.0750 2468 UserName: Micha
21:19:05.0750 2468 Windows directory: C:\WINDOWS
21:19:05.0750 2468 System windows directory: C:\WINDOWS
21:19:05.0750 2468 Processor architecture: Intel x86
21:19:05.0750 2468 Number of processors: 1
21:19:05.0750 2468 Page size: 0x1000
21:19:05.0750 2468 Boot type: Normal boot
21:19:05.0750 2468 ============================================================
21:19:07.0750 2468 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:19:07.0765 2468 ============================================================
21:19:07.0765 2468 \Device\Harddisk0\DR0:
21:19:07.0781 2468 MBR partitions:
21:19:07.0781 2468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5D228C0
21:19:07.0796 2468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5D2293E, BlocksNum 0x37EBB83
21:19:07.0796 2468 ============================================================
21:19:07.0828 2468 C: <-> \Device\Harddisk0\DR0\Partition1
21:19:07.0859 2468 D: <-> \Device\Harddisk0\DR0\Partition2
21:19:07.0859 2468 ============================================================
21:19:07.0859 2468 Initialize success
21:19:07.0859 2468 ============================================================
21:19:41.0296 3408 ============================================================
21:19:41.0312 3408 Scan started
21:19:41.0312 3408 Mode: Manual; SigCheck; TDLFS;
21:19:41.0312 3408 ============================================================
21:19:42.0031 3408 ================ Scan system memory ========================
21:19:42.0031 3408 System memory - ok
21:19:42.0031 3408 ================ Scan services =============================
21:19:42.0093 3408 Abiosdsk - ok
21:19:42.0109 3408 abp480n5 - ok
21:19:42.0156 3408 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:19:44.0343 3408 ACPI - ok
21:19:44.0390 3408 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:19:44.0562 3408 ACPIEC - ok
21:19:44.0671 3408 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
21:19:44.0734 3408 AdobeActiveFileMonitor7.0 - ok
21:19:44.0750 3408 adpu160m - ok
21:19:44.0781 3408 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:19:44.0968 3408 aec - ok
21:19:45.0015 3408 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:19:45.0062 3408 AegisP ( UnsignedFile.Multi.Generic ) - warning
21:19:45.0062 3408 AegisP - detected UnsignedFile.Multi.Generic (1)
21:19:45.0109 3408 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:19:45.0187 3408 AFD - ok
21:19:45.0203 3408 Aha154x - ok
21:19:45.0203 3408 aic78u2 - ok
21:19:45.0218 3408 aic78xx - ok
21:19:45.0281 3408 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:19:45.0437 3408 Alerter - ok
21:19:45.0453 3408 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
21:19:45.0578 3408 ALG - ok
21:19:45.0593 3408 AliIde - ok
21:19:45.0593 3408 amsint - ok
21:19:45.0671 3408 [ 07194A09DC27C99A2474251DE27F6E17 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
21:19:45.0750 3408 AntiVirSchedulerService - ok
21:19:45.0765 3408 [ F0964ECD283591E7686AF912298B9F39 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
21:19:45.0843 3408 AntiVirService - ok
21:19:45.0859 3408 [ D3DA11B88AB29076B78FF79F35F0586B ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:19:45.0953 3408 ApfiltrService - ok
21:19:45.0968 3408 AppMgmt - ok
21:19:45.0984 3408 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:19:46.0140 3408 Arp1394 - ok
21:19:46.0156 3408 asc - ok
21:19:46.0156 3408 asc3350p - ok
21:19:46.0171 3408 asc3550 - ok
21:19:46.0375 3408 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:19:46.0421 3408 aspnet_state - ok
21:19:46.0468 3408 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:19:46.0656 3408 AsyncMac - ok
21:19:46.0671 3408 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:19:46.0796 3408 atapi - ok
21:19:46.0812 3408 Atdisk - ok
21:19:46.0828 3408 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:19:47.0109 3408 Atmarpc - ok
21:19:47.0156 3408 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:19:47.0312 3408 AudioSrv - ok
21:19:47.0359 3408 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:19:47.0546 3408 audstub - ok
21:19:47.0546 3408 [ 680B3A1BE559B5D5AAC04C7949469DD6 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:19:48.0046 3408 avgntflt - ok
21:19:48.0093 3408 [ 6B289080B9752DAD39C1C2B98B479DCE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:19:48.0140 3408 avipbb - ok
21:19:48.0171 3408 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
21:19:48.0203 3408 avkmgr - ok
21:19:48.0250 3408 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:19:48.0437 3408 Beep - ok
21:19:48.0484 3408 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
21:19:48.0687 3408 BITS - ok
21:19:48.0703 3408 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
21:19:48.0781 3408 Browser - ok
21:19:48.0812 3408 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:19:48.0984 3408 cbidf2k - ok
21:19:49.0000 3408 cd20xrnt - ok
21:19:49.0046 3408 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:19:49.0203 3408 Cdaudio - ok
21:19:49.0234 3408 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:19:49.0359 3408 Cdfs - ok
21:19:49.0375 3408 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:19:49.0515 3408 Cdrom - ok
21:19:49.0515 3408 Changer - ok
21:19:49.0562 3408 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:19:49.0750 3408 CiSvc - ok
21:19:49.0765 3408 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:19:49.0937 3408 ClipSrv - ok
21:19:50.0046 3408 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:19:50.0125 3408 clr_optimization_v2.0.50727_32 - ok
21:19:50.0156 3408 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:19:50.0390 3408 CmBatt - ok
21:19:50.0390 3408 CmdIde - ok
21:19:50.0406 3408 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:19:50.0546 3408 Compbatt - ok
21:19:50.0562 3408 COMSysApp - ok
21:19:50.0578 3408 Cpqarray - ok
21:19:50.0609 3408 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:19:50.0781 3408 CryptSvc - ok
21:19:50.0796 3408 dac2w2k - ok
21:19:50.0796 3408 dac960nt - ok
21:19:50.0843 3408 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:19:50.0906 3408 DcomLaunch - ok
21:19:50.0937 3408 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:19:51.0109 3408 Dhcp - ok
21:19:51.0125 3408 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:19:51.0281 3408 Disk - ok
21:19:51.0281 3408 dmadmin - ok
21:19:51.0343 3408 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:19:51.0546 3408 dmboot - ok
21:19:51.0593 3408 [ 526192BF7696F72E29777BF4A180513A ] DMICall C:\WINDOWS\system32\DRIVERS\DMICall.sys
21:19:51.0750 3408 DMICall - ok
21:19:51.0765 3408 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:19:51.0937 3408 dmio - ok
21:19:51.0968 3408 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:19:52.0125 3408 dmload - ok
21:19:52.0218 3408 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:19:52.0375 3408 dmserver - ok
21:19:52.0421 3408 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:19:52.0609 3408 DMusic - ok
21:19:52.0640 3408 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:19:52.0718 3408 Dnscache - ok
21:19:52.0765 3408 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:19:52.0921 3408 Dot3svc - ok
21:19:52.0921 3408 dpti2o - ok
21:19:53.0000 3408 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:19:53.0140 3408 drmkaud - ok
21:19:53.0203 3408 [ 95974E66D3DE4951D29E28E8BC0B644C ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:19:53.0281 3408 E100B - ok
21:19:53.0312 3408 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:19:53.0468 3408 EapHost - ok
21:19:53.0500 3408 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:19:53.0656 3408 ERSvc - ok
21:19:53.0687 3408 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
21:19:53.0750 3408 Eventlog - ok
21:19:53.0796 3408 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
21:19:53.0875 3408 EventSystem - ok
21:19:53.0953 3408 [ 4A2A65B466EF6B4D999AD3CE2BEF827D ] EvtEng C:\Programme\Intel\Wireless\Bin\EvtEng.exe
21:19:54.0015 3408 EvtEng ( UnsignedFile.Multi.Generic ) - warning
21:19:54.0015 3408 EvtEng - detected UnsignedFile.Multi.Generic (1)
21:19:54.0062 3408 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:19:54.0234 3408 Fastfat - ok
21:19:54.0281 3408 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:19:54.0359 3408 FastUserSwitchingCompatibility - ok
21:19:54.0375 3408 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:19:54.0515 3408 Fdc - ok
21:19:54.0593 3408 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:19:54.0750 3408 Fips - ok
21:19:54.0828 3408 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:19:54.0921 3408 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
21:19:54.0921 3408 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
21:19:54.0937 3408 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:19:55.0109 3408 Flpydisk - ok
21:19:55.0140 3408 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:19:55.0281 3408 FltMgr - ok
21:19:55.0328 3408 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:19:55.0390 3408 FontCache3.0.0.0 - ok
21:19:55.0437 3408 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:19:55.0593 3408 Fs_Rec - ok
21:19:55.0640 3408 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:19:55.0781 3408 Ftdisk - ok
21:19:55.0812 3408 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:19:55.0968 3408 Gpc - ok
21:19:55.0984 3408 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:19:56.0109 3408 HDAudBus - ok
21:19:56.0234 3408 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:19:56.0390 3408 helpsvc - ok
21:19:56.0390 3408 HidServ - ok
21:19:56.0421 3408 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:19:56.0562 3408 HidUsb - ok
21:19:56.0609 3408 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:19:56.0750 3408 hkmsvc - ok
21:19:56.0781 3408 [ AB6804E14CC8F2DB984769C577F02C77 ] HPFXBULKLEDM C:\WINDOWS\system32\drivers\hppcbulkio.sys
21:19:56.0828 3408 HPFXBULKLEDM - ok
21:19:56.0828 3408 hpn - ok
21:19:56.0875 3408 [ ACC46DDA7FECE95A253AE88CEA172E12 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:19:56.0953 3408 HSFHWAZL - ok
21:19:57.0015 3408 [ C9F4E7DA78A02623ABF78A4A34CE79B1 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:19:57.0125 3408 HSF_DPV - ok
21:19:57.0187 3408 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:19:57.0218 3408 HTTP - ok
21:19:57.0234 3408 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:19:57.0390 3408 HTTPFilter - ok
21:19:57.0390 3408 i2omgmt - ok
21:19:57.0406 3408 i2omp - ok
21:19:57.0515 3408 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:19:57.0687 3408 i8042prt - ok
21:19:57.0765 3408 [ 240D0F5D7CAAFD87BD8D801A97BBE041 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:19:57.0953 3408 ialm - ok
21:19:58.0031 3408 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:19:58.0156 3408 idsvc - ok
21:19:58.0265 3408 [ A16DEDF58C40D8236578F0FBB520EA6D ] Image Converter video recording monitor for VAIO Entertainment C:\Programme\Sony\Image Converter 2\IcVzMon.exe
21:19:58.0312 3408 Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - warning
21:19:58.0312 3408 Image Converter video recording monitor for VAIO Entertainment - detected UnsignedFile.Multi.Generic (1)
21:19:58.0328 3408 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:19:58.0468 3408 Imapi - ok
21:19:58.0500 3408 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
21:19:58.0640 3408 ImapiService - ok
21:19:58.0640 3408 ini910u - ok
21:19:58.0890 3408 [ 5F2657F8781376892035976CF8122A2D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:19:59.0203 3408 IntcAzAudAddService - ok
21:19:59.0234 3408 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:19:59.0359 3408 IntelIde - ok
21:19:59.0390 3408 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:19:59.0515 3408 intelppm - ok
21:19:59.0531 3408 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:19:59.0718 3408 Ip6Fw - ok
21:19:59.0734 3408 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:19:59.0906 3408 IpFilterDriver - ok
21:19:59.0921 3408 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:20:00.0078 3408 IpInIp - ok
21:20:00.0109 3408 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:20:00.0250 3408 IpNat - ok
21:20:00.0265 3408 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:20:00.0406 3408 IPSec - ok
21:20:00.0437 3408 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:20:00.0562 3408 IRENUM - ok
21:20:00.0578 3408 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:20:00.0718 3408 isapnp - ok
21:20:00.0750 3408 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:20:00.0890 3408 Kbdclass - ok
21:20:00.0921 3408 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:20:01.0093 3408 kmixer - ok
21:20:01.0140 3408 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:20:01.0187 3408 KSecDD - ok
21:20:01.0234 3408 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:20:01.0296 3408 lanmanserver - ok
21:20:01.0343 3408 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:20:01.0390 3408 lanmanworkstation - ok
21:20:01.0406 3408 lbrtfdc - ok
21:20:01.0468 3408 [ 3D769924A07C00F5BB4B890F3934CD1E ] LEX_AS_NIC_SERVICE_YNOS C:\WINDOWS\system32\DRIVERS\ExpasAG.sys
21:20:01.0562 3408 LEX_AS_NIC_SERVICE_YNOS - ok
21:20:01.0609 3408 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:20:01.0750 3408 LmHosts - ok
21:20:01.0781 3408 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:20:01.0843 3408 mdmxsdk - ok
21:20:01.0875 3408 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:20:02.0031 3408 Messenger - ok
21:20:02.0078 3408 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:20:02.0250 3408 mnmdd - ok
21:20:02.0281 3408 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:20:02.0437 3408 mnmsrvc - ok
21:20:02.0453 3408 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:20:02.0609 3408 Modem - ok
21:20:02.0656 3408 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:20:02.0812 3408 Mouclass - ok
21:20:02.0859 3408 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:20:03.0031 3408 mouhid - ok
21:20:03.0046 3408 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:20:03.0171 3408 MountMgr - ok
21:20:03.0171 3408 mraid35x - ok
21:20:03.0187 3408 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:20:03.0312 3408 MRxDAV - ok
21:20:03.0375 3408 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:20:03.0453 3408 MRxSmb - ok
21:20:03.0578 3408 [ B490BD0678CB6A4890A86020ED106C75 ] MSCSPTISRV C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
21:20:03.0625 3408 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
21:20:03.0625 3408 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
21:20:03.0671 3408 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:20:03.0828 3408 MSDTC - ok
21:20:03.0843 3408 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:20:03.0968 3408 Msfs - ok
21:20:03.0984 3408 MSIServer - ok
21:20:04.0062 3408 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:20:04.0203 3408 MSKSSRV - ok
21:20:04.0218 3408 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:20:04.0375 3408 MSPCLOCK - ok
21:20:04.0484 3408 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:20:04.0656 3408 MSPQM - ok
21:20:04.0703 3408 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:20:04.0843 3408 mssmbios - ok
21:20:04.0890 3408 MSSQL$VAIO_VEDB - ok
21:20:04.0937 3408 [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
21:20:04.0984 3408 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning
21:20:04.0984 3408 MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)
21:20:05.0031 3408 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:20:05.0062 3408 Mup - ok
21:20:05.0109 3408 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
21:20:05.0296 3408 napagent - ok
21:20:05.0328 3408 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:20:05.0453 3408 NDIS - ok
21:20:05.0484 3408 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:20:05.0546 3408 NdisTapi - ok
21:20:05.0593 3408 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:20:05.0750 3408 Ndisuio - ok
21:20:05.0781 3408 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:20:06.0000 3408 NdisWan - ok
21:20:06.0031 3408 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:20:06.0109 3408 NDProxy - ok
21:20:06.0125 3408 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:20:06.0250 3408 NetBIOS - ok
21:20:06.0296 3408 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:20:06.0437 3408 NetBT - ok
21:20:06.0484 3408 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
21:20:06.0656 3408 NetDDE - ok
21:20:06.0671 3408 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:20:06.0781 3408 NetDDEdsdm - ok
21:20:06.0828 3408 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:20:07.0000 3408 Netlogon - ok
21:20:07.0015 3408 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
21:20:07.0171 3408 Netman - ok
21:20:07.0203 3408 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:20:07.0265 3408 NetTcpPortSharing - ok
21:20:07.0281 3408 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:20:07.0406 3408 NIC1394 - ok
21:20:07.0437 3408 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
21:20:07.0453 3408 Nla - ok
21:20:07.0468 3408 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:20:07.0609 3408 Npfs - ok
21:20:07.0656 3408 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:20:07.0843 3408 Ntfs - ok
21:20:07.0875 3408 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:20:07.0984 3408 NtLmSsp - ok
21:20:08.0046 3408 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:20:08.0218 3408 NtmsSvc - ok
21:20:08.0250 3408 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:20:08.0421 3408 Null - ok
21:20:08.0437 3408 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:20:08.0609 3408 NwlnkFlt - ok
21:20:08.0640 3408 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:20:08.0812 3408 NwlnkFwd - ok
21:20:08.0828 3408 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:20:08.0968 3408 ohci1394 - ok
21:20:09.0000 3408 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:20:09.0046 3408 ose - ok
21:20:09.0078 3408 [ DCACC2FC7DC0A3D7A60BEB81FA233822 ] PACSPTISVR C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
21:20:09.0140 3408 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
21:20:09.0140 3408 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
21:20:09.0171 3408 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
21:20:09.0328 3408 Parport - ok
21:20:09.0328 3408 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:20:09.0453 3408 PartMgr - ok
21:20:09.0546 3408 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:20:09.0687 3408 ParVdm - ok
21:20:09.0703 3408 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:20:09.0828 3408 PCI - ok
21:20:09.0828 3408 PCIDump - ok
21:20:09.0859 3408 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:20:10.0000 3408 PCIIde - ok
21:20:10.0031 3408 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:20:10.0140 3408 Pcmcia - ok
21:20:10.0140 3408 PDCOMP - ok
21:20:10.0156 3408 PDFRAME - ok
21:20:10.0156 3408 PDRELI - ok
21:20:10.0171 3408 PDRFRAME - ok
21:20:10.0171 3408 perc2 - ok
21:20:10.0187 3408 perc2hib - ok
21:20:10.0234 3408 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
21:20:10.0250 3408 PlugPlay - ok
21:20:10.0265 3408 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:20:10.0375 3408 PolicyAgent - ok
21:20:10.0406 3408 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:20:10.0578 3408 PptpMiniport - ok
21:20:10.0609 3408 [ D4644A982B8748353FF3805591531F46 ] PrivateDisk C:\WINDOWS\system32\Drivers\PrivateDiskM.sys
21:20:10.0671 3408 PrivateDisk ( UnsignedFile.Multi.Generic ) - warning
21:20:10.0671 3408 PrivateDisk - detected UnsignedFile.Multi.Generic (1)
21:20:10.0671 3408 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:20:10.0781 3408 ProtectedStorage - ok
21:20:10.0796 3408 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:20:10.0953 3408 PSched - ok
21:20:11.0000 3408 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:20:11.0156 3408 Ptilink - ok
21:20:11.0234 3408 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:20:11.0250 3408 PxHelp20 - ok
21:20:11.0265 3408 ql1080 - ok
21:20:11.0265 3408 Ql10wnt - ok
21:20:11.0281 3408 ql12160 - ok
21:20:11.0281 3408 ql1240 - ok
21:20:11.0296 3408 ql1280 - ok
21:20:11.0328 3408 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:20:11.0515 3408 RasAcd - ok
21:20:11.0562 3408 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:20:11.0718 3408 RasAuto - ok
21:20:11.0734 3408 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:20:11.0890 3408 Rasl2tp - ok
21:20:11.0953 3408 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:20:12.0109 3408 RasMan - ok
21:20:12.0125 3408 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:20:12.0281 3408 RasPppoe - ok
21:20:12.0296 3408 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:20:12.0484 3408 Raspti - ok
21:20:12.0531 3408 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:20:12.0671 3408 Rdbss - ok
21:20:12.0703 3408 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:20:12.0875 3408 RDPCDD - ok
21:20:12.0921 3408 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:20:13.0015 3408 RDPWD - ok
21:20:13.0046 3408 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:20:13.0234 3408 RDSessMgr - ok
21:20:13.0281 3408 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:20:13.0421 3408 redbook - ok
21:20:13.0453 3408 [ 2D14ED3EF8A7506174936D865528EDC7 ] RegSrvc C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
21:20:13.0500 3408 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
21:20:13.0500 3408 RegSrvc - detected UnsignedFile.Multi.Generic (1)
21:20:13.0546 3408 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:20:13.0718 3408 RemoteAccess - ok
21:20:13.0718 3408 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:20:13.0859 3408 RpcLocator - ok
21:20:13.0906 3408 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:20:13.0937 3408 RpcSs - ok
21:20:13.0953 3408 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:20:14.0125 3408 RSVP - ok
21:20:14.0171 3408 [ 1C0284983B44E2714BCEDDF84E1845E9 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
21:20:14.0265 3408 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
21:20:14.0265 3408 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
21:20:14.0281 3408 [ 123F270A7F89C1A826FF8A1AE7DC41E5 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:20:14.0328 3408 s24trans ( UnsignedFile.Multi.Generic ) - warning
21:20:14.0328 3408 s24trans - detected UnsignedFile.Multi.Generic (1)
21:20:14.0359 3408 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
21:20:14.0468 3408 SamSs - ok
21:20:14.0468 3408 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:20:14.0640 3408 SCardSvr - ok
21:20:14.0703 3408 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:20:14.0937 3408 Schedule - ok
21:20:15.0046 3408 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:20:15.0171 3408 Secdrv - ok
21:20:15.0187 3408 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
21:20:15.0343 3408 seclogon - ok
21:20:15.0343 3408 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
21:20:15.0500 3408 SENS - ok
21:20:15.0515 3408 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:20:15.0671 3408 Serial - ok
21:20:15.0734 3408 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:20:15.0875 3408 Sfloppy - ok
21:20:15.0921 3408 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:20:16.0078 3408 SharedAccess - ok
21:20:16.0093 3408 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:20:16.0125 3408 ShellHWDetection - ok
21:20:16.0125 3408 Simbad - ok
21:20:16.0171 3408 [ BE6038E0A7D2E2FE69107E41A0265831 ] SNC C:\WINDOWS\system32\Drivers\SonyNC.sys
21:20:16.0250 3408 SNC - ok
21:20:16.0250 3408 Sparrow - ok
21:20:16.0265 3408 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:20:16.0406 3408 splitter - ok
21:20:16.0453 3408 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:20:16.0531 3408 Spooler - ok
21:20:16.0578 3408 [ 1B7447278005E38E464B34A7E841D628 ] SPTISRV C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
21:20:16.0625 3408 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
21:20:16.0625 3408 SPTISRV - detected UnsignedFile.Multi.Generic (1)
21:20:16.0640 3408 SQLAgent$VAIO_VEDB - ok
21:20:16.0671 3408 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:20:16.0828 3408 sr - ok
21:20:16.0937 3408 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
21:20:17.0093 3408 srservice - ok
21:20:17.0140 3408 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:20:17.0171 3408 Srv - ok
21:20:17.0234 3408 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:20:17.0375 3408 SSDPSRV - ok
21:20:17.0421 3408 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:20:17.0468 3408 ssmdrv - ok
21:20:17.0515 3408 [ F05B8D10BD6AD4CBB561E29D5BE2C674 ] SSScsiSV C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
21:20:17.0562 3408 SSScsiSV ( UnsignedFile.Multi.Generic ) - warning
21:20:17.0562 3408 SSScsiSV - detected UnsignedFile.Multi.Generic (1)
21:20:17.0593 3408 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:20:17.0750 3408 stisvc - ok
21:20:17.0765 3408 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:20:17.0921 3408 swenum - ok
21:20:18.0015 3408 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:20:18.0171 3408 swmidi - ok
21:20:18.0187 3408 SwPrv - ok
21:20:18.0187 3408 symc810 - ok
21:20:18.0203 3408 symc8xx - ok
21:20:18.0234 3408 SYMIDSCO - ok
21:20:18.0250 3408 sym_hi - ok
21:20:18.0250 3408 sym_u3 - ok
21:20:18.0281 3408 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:20:18.0406 3408 sysaudio - ok
21:20:18.0421 3408 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:20:18.0609 3408 SysmonLog - ok
21:20:18.0656 3408 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:20:18.0843 3408 TapiSrv - ok
21:20:18.0906 3408 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:20:19.0015 3408 Tcpip - ok
21:20:19.0046 3408 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:20:19.0187 3408 TDPIPE - ok
21:20:19.0218 3408 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:20:19.0390 3408 TDTCP - ok
21:20:19.0406 3408 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:20:19.0562 3408 TermDD - ok
21:20:19.0609 3408 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
21:20:19.0781 3408 TermService - ok
21:20:19.0812 3408 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:20:19.0828 3408 Themes - ok
21:20:19.0859 3408 [ 72AAA3343AF62E02AE37001EEA5C9A0E ] tifmsony C:\WINDOWS\system32\drivers\tifmsony.sys
21:20:19.0953 3408 tifmsony - ok
21:20:19.0953 3408 TosIde - ok
21:20:19.0968 3408 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:20:20.0125 3408 TrkWks - ok
21:20:20.0171 3408 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:20:20.0328 3408 Udfs - ok
21:20:20.0343 3408 ultra - ok
21:20:20.0375 3408 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
21:20:20.0484 3408 UMWdf - ok
21:20:20.0531 3408 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:20:20.0718 3408 Update - ok
21:20:20.0765 3408 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:20:21.0062 3408 upnphost - ok
21:20:21.0078 3408 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
21:20:21.0515 3408 UPS - ok
21:20:21.0546 3408 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:20:21.0703 3408 usbccgp - ok
21:20:21.0734 3408 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:20:21.0937 3408 usbehci - ok
21:20:21.0984 3408 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:20:22.0140 3408 usbhub - ok
21:20:22.0156 3408 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:20:22.0296 3408 usbprint - ok
21:20:22.0328 3408 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:20:22.0453 3408 usbscan - ok
21:20:22.0500 3408 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:20:22.0656 3408 USBSTOR - ok
21:20:22.0671 3408 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:20:22.0843 3408 usbuhci - ok
21:20:22.0906 3408 [ FB1A8F8CBD361FC1F0D144D5018C97F3 ] VAIO Entertainment TV Device Arbitration Service C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
21:20:22.0953 3408 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
21:20:22.0953 3408 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
21:20:23.0000 3408 [ 2B0EAC2B6E5F1C5E007DABAE101028B0 ] VAIO Event Service C:\Programme\Sony\VAIO Event Service\VESMgr.exe
21:20:23.0046 3408 VAIO Event Service ( UnsignedFile.Multi.Generic ) - warning
21:20:23.0046 3408 VAIO Event Service - detected UnsignedFile.Multi.Generic (1)
21:20:23.0218 3408 [ 8A851EE335A459440B69A44C1CD50BDB ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
21:20:23.0390 3408 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
21:20:23.0390 3408 VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1)
21:20:23.0421 3408 [ B74A27540B0B7FE393A882B94B0D2188 ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
21:20:23.0453 3408 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning
21:20:23.0453 3408 VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1)
21:20:23.0546 3408 [ 4914B65DCCF68CB95C2D1303C7264C8C ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
21:20:23.0671 3408 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
21:20:23.0671 3408 VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1)
21:20:23.0734 3408 [ C5AFCD27DFE4D1501406B9AD40F85750 ] VAIOMediaPlatform-Mobile-Gateway C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
21:20:23.0765 3408 VAIOMediaPlatform-Mobile-Gateway ( UnsignedFile.Multi.Generic ) - warning
21:20:23.0765 3408 VAIOMediaPlatform-Mobile-Gateway - detected UnsignedFile.Multi.Generic (1)
21:20:23.0781 3408 Vcsw - ok
21:20:23.0812 3408 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:20:23.0968 3408 VgaSave - ok
21:20:23.0968 3408 ViaIde - ok
21:20:24.0015 3408 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:20:24.0140 3408 VolSnap - ok
21:20:24.0203 3408 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
21:20:24.0359 3408 VSS - ok
21:20:24.0468 3408 [ BDB755F9B3E01BF33993C10C007202DF ] VUAgent C:\Programme\Sony\VAIO Update Common\VUAgent.exe
21:20:24.0578 3408 VUAgent - ok
21:20:24.0625 3408 [ 0BD64CCEA7B4BF25CA2FB9BF1444DFD9 ] VzCdbSvc C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
21:20:24.0703 3408 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
21:20:24.0703 3408 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
21:20:24.0750 3408 [ E81E8C7DC7EBC6CEDE156EAAD5EF9C8E ] VzFw C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
21:20:24.0828 3408 VzFw ( UnsignedFile.Multi.Generic ) - warning
21:20:24.0828 3408 VzFw - detected UnsignedFile.Multi.Generic (1)
21:20:25.0000 3408 [ 7A4A198462FE786EE3CE80721A16F5A9 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
21:20:25.0296 3408 w29n51 - ok
21:20:25.0328 3408 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
21:20:25.0500 3408 W32Time - ok
21:20:25.0515 3408 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:20:25.0687 3408 Wanarp - ok
21:20:25.0703 3408 WDICA - ok
21:20:25.0718 3408 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:20:25.0890 3408 wdmaud - ok
21:20:25.0984 3408 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:20:26.0171 3408 WebClient - ok
21:20:26.0203 3408 [ C1D5CBD8AA0D674DA1BA1BB189696396 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:20:26.0312 3408 winachsf - ok
21:20:26.0390 3408 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:20:26.0562 3408 winmgmt - ok
21:20:26.0609 3408 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:20:26.0734 3408 WmdmPmSN - ok
21:20:26.0750 3408 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:20:26.0921 3408 WmiApSrv - ok
21:20:26.0968 3408 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:20:27.0109 3408 wscsvc - ok
21:20:27.0125 3408 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:20:27.0250 3408 wuauserv - ok
21:20:27.0312 3408 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:20:27.0515 3408 WZCSVC - ok
21:20:27.0531 3408 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:20:27.0687 3408 xmlprov - ok
21:20:27.0703 3408 ================ Scan global ===============================
21:20:27.0734 3408 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
21:20:27.0781 3408 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:20:27.0828 3408 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:20:27.0843 3408 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
21:20:27.0843 3408 [Global] - ok
21:20:27.0859 3408 ================ Scan MBR ==================================
21:20:27.0875 3408 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:20:28.0156 3408 \Device\Harddisk0\DR0 - ok
21:20:28.0156 3408 ================ Scan VBR ==================================
21:20:28.0156 3408 [ 5E7225383A5DA4F85877D63FD179FBE0 ] \Device\Harddisk0\DR0\Partition1
21:20:28.0156 3408 \Device\Harddisk0\DR0\Partition1 - ok
21:20:28.0187 3408 [ 868C3B66A59ACC2B61CE7AB947AB5172 ] \Device\Harddisk0\DR0\Partition2
21:20:28.0187 3408 \Device\Harddisk0\DR0\Partition2 - ok
21:20:28.0187 3408 ============================================================
21:20:28.0187 3408 Scan finished
21:20:28.0187 3408 ============================================================
21:20:28.0328 0812 Detected object count: 21
21:20:28.0328 0812 Actual detected object count: 21
21:22:26.0578 0812 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0578 0812 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0578 0812 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0578 0812 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0578 0812 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0578 0812 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0578 0812 Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0578 0812 Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0593 0812 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0593 0812 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0593 0812 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0593 0812 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0593 0812 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0593 0812 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0593 0812 PrivateDisk ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0593 0812 PrivateDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0593 0812 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0593 0812 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0593 0812 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0593 0812 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0593 0812 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0593 0812 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0593 0812 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0593 0812 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0593 0812 SSScsiSV ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0593 0812 SSScsiSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0593 0812 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0593 0812 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0593 0812 VAIO Event Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0593 0812 VAIO Event Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0593 0812 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0593 0812 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0609 0812 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0609 0812 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0609 0812 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0609 0812 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0609 0812 VAIOMediaPlatform-Mobile-Gateway ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0609 0812 VAIOMediaPlatform-Mobile-Gateway ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0609 0812 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0609 0812 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:26.0609 0812 VzFw ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:26.0609 0812 VzFw ( UnsignedFile.Multi.Generic ) - User select action: Skip

Was meinst du, hilft es einen anderen Virenschutz etc. zunehmen, um so ein Problem erneut zu vermeiden oder liegt es daran das XP einfach anfälliger ist? Mein Rechner ist schon über 6 Jahre alt und ein anderes Betriebssystem würde vielleicht nicht funktionieren, oder?

Grüße

markusg · 04.12.2012, 14:08

Hi,
Nein, ein anderes BS würde warscheinlich nicht laufen.
um die Absicherung kümmern wir unsnoch.
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Kreuzmaler · 04.12.2012, 21:53

Salut,

alles funktioniert wieder bestens. Hab vielen Dank für deine Hilfe! Der Combofix logfile lautet:
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-12-04.01 - Micha 04.12.2012  21:36:52.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1014.656 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Micha\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\dasetup.log
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-04 bis 2012-12-04  ))))))))))))))))))))))))))))))
.
.
2012-11-27 21:14 . 2012-11-27 21:14	--------	d-----w-	c:\dokumente und einstellungen\Micha\Anwendungsdaten\Malwarebytes
2012-11-27 21:14 . 2012-11-27 21:14	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-11-27 21:14 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-27 21:14 . 2012-11-27 21:14	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-11-27 21:03 . 2012-11-27 21:17	--------	d-----w-	c:\programme\DownloadManager
2012-11-27 20:52 . 2012-11-28 17:13	--------	d-----w-	c:\programme\Hijack This
2012-11-26 18:32 . 2012-11-26 19:32	--------	d-----w-	c:\windows\system32\NtmsData
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 16:55 . 2012-10-15 20:14	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-13 16:55 . 2012-10-15 20:14	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 19:56 . 2006-02-23 03:00	1866496	----a-w-	c:\windows\system32\win32k.sys
2012-10-19 06:55 . 2012-10-19 06:55	129784	------w-	c:\windows\system32\pxafs.dll
2012-10-19 06:55 . 2006-02-24 08:34	116472	------w-	c:\windows\system32\pxcpyi64.exe
2012-10-19 06:55 . 2005-08-22 00:03	43528	------w-	c:\windows\system32\drivers\pxhelp20.sys
2012-10-19 06:55 . 2006-02-24 08:34	118520	------w-	c:\windows\system32\pxinsi64.exe
2012-10-02 18:04 . 2006-02-23 03:00	58368	----a-w-	c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programme\Apoint\Apoint.exe" [2003-11-07 114688]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"SonyPowerCfg"="c:\programme\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 184320]
"ISBMgr.exe"="c:\programme\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"PDService.exe"="c:\programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"AzMixerSel"="c:\programme\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"VAIO Update 5"="c:\programme\Sony\VAIO Update 5\VAIOUpdt.exe" [2012-01-17 1015912]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"HP CP1020 System Tray"="c:\programme\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE" [2010-05-12 2627384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42	73728	----a-w-	c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06.07.2004 14:07 45627]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16.09.2008 11:03 169312]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 VUAgent;VUAgent;c:\programme\Sony\VAIO Update Common\VUAgent.exe [13.01.2012 09:53 939624]
S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [16.10.2012 19:17 20792]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.club-vaio.com/de/
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.com/de/
IE: &Google-Suche - c:\programme\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Ins Deutsche übersetzen - c:\programme\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Im Cache gespeicherte Seite - c:\programme\Google\GoogleToolbar1.dll/cmcache.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verweisseiten - c:\programme\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Ähnliche Seiten - c:\programme\Google\GoogleToolbar1.dll/cmsimilar.html
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-avgnt - c:\programme\Avira\AntiVir Desktop\avgnt.exe
AddRemove-HijackThis - c:\dokume~1\Micha\LOKALE~1\Temp\Temporäres Verzeichnis 1 für HiJackThis.zip\HijackThis.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-12-04 21:40
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(468)
c:\windows\system32\VESWinlogon.dll
.
Zeit der Fertigstellung: 2012-12-04  21:42:16
ComboFix-quarantined-files.txt  2012-12-04 20:42
.
Vor Suchlauf: 8 Verzeichnis(se), 31.395.172.352 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 31.467.847.680 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 461747FA37FE8D40CBCE001D33C70AF2

--- --- ---
Grüße

markusg · 06.12.2012, 16:47

hi
poste Malwarebytes logs mit funden, bitte.
http://www.trojaner-board.de/125889-...en-posten.html

Kreuzmaler · 06.12.2012, 21:35

Hallo,
bei Anti-Malware ist nix gefunden wurden.

markusg · 06.12.2012, 21:40

Hi
Anmerkung, von Morgen, bis Mittwoch im Kurzurlaub
lade den CCleaner standard:
CCleaner Download - CCleaner 3.25.1872
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Kreuzmaler · 12.12.2012, 17:18

Ist leider nicht ganz so übersichtlich, aber hoffentlich alles einsehbar. Hier die Liste vom ccleaner:
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 10.12.2012 11.5.502.110 notwendig
Adobe Flash Player ActiveX Adobe Systems Incorporated 10.12.2012 9.0.124.0 unbekannt
Adobe Photoshop Elements 7.0 Adobe Systems Incorporated 19.10.2012 7.0 notwendig
Adobe Reader XI - Deutsch Adobe Systems Incorporated 21.10.2012 128,00MB 11.0.00 notwendig
Avira Free Antivirus Avira 07.12.2012 12.1.9.1236 notwendig
Canon CanoScan Toolbox 4.1 16.10.2012 notwendig
CCleaner Piriform 25.11.2012 3.25
Click to DVD 2.0.03 Menu Data Sony Corporation 15.10.2012 2.0.03 unnötig
Click to DVD 2.5.20 Sony Corporation 15.10.2012 2.5.20 unnötig
dm-Fotowelt CEWE COLOR AG u Co. OHG 10.12.2012 5.0.1 notwendig
DVgate Plus 15.10.2012 unbekannt
EndNote X4 Thomson Reuters 28.10.2012 70,33MB 14.0.0.4845 notwendig
FastStone Image Viewer 4.6 FastStone Soft 16.10.2012 4.6 notwendig
Google AFE unbekannt
Google Earth Google 24.02.2006 notwendig 3.0.0762
Google Talk (remove only) 24.02.2006 unbekannt
Google Toolbar for Internet Explorer 24.02.2006 unbekannt
HDAUDIO SoftV92 Data Fax Modem with SmartCP 23.02.2006
High Definition Audio Driver Package - KB835221 Microsoft Corporation 15.10.2012 20040219.000000 unbekannt
HP LaserJet Professional CP1020 Series Hewlett-Packard 22.10.2012 notwendig
Image Converter 2 Plus Sony Corporation 15.10.2012 2.2.04 notwendig
Intel(R) Graphics Media Accelerator Driver for Mobile 15.10.2012 6.14.10.4363 unbekannt
Intel(R) PRO Network Connections Drivers 12.12.2012 unbekannt
Intel(R) PROSet/Wireless Software Intel Corporation 15.10.2012 unbekannt
InterVideo WinDVD for VAIO InterVideo Inc. 24.02.2006 5.0-B11.739 unbekannt
J2SE Runtime Environment 5.0 Update 6 Sun Microsystems, Inc. 24.02.2006 152,00MB 1.5.0.60 unbekannt
LAN-Express AS IEEE 802.11 Wireless LAN 24.02.2006 unbekannt
Macromedia Flash Player 8 Macromedia 9.0.124.0 notwendig
Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 06.12.2012 1.65.1.1000
Memory Stick Formatter 24.02.2006 unbekannt
Microsoft .NET Framework 1.1 20.11.2012
Microsoft .NET Framework 1.1 German Language Pack Microsoft 23.02.2006 3,02MB 1.1.4322 unbekannt
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 20.11.2012 185,00MB 2.2.30729 unbekannt
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 16.10.2012 6,30MB 2.2.30729 unbekannt
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 19.10.2012 239,00MB 3.2.30729 unbekannt
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 16.10.2012 37,52MB 3.2.30729 unbekannt
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 16.10.2012 unbekannt
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 19.10.2012 unbekannt
Microsoft Office Professional Edition 2003 Microsoft Corporation 28.10.2012 297,00MB 11.0.5614.0 unbekannt
Microsoft SQL Server Desktop Engine (VAIO_VEDB) Microsoft Corporation 15.10.2012 79,77MB 8.00.761 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 10.12.2012 10,29MB 9.0.30729 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.10.2012 11,13MB 10.0.40219 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 19.10.2012 1,42MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 19.10.2012 2,77MB 4.20.9876.0 unbekannt
OpenMG Limited Patch 4.4-06-13-19-01 15.10.2012 unbekannt
OpenMG Secure Module 4.4.00 Sony Corporation 15.10.2012 4.4.00.11241 unbekannt
Opera 12.11 Opera Software ASA 03.12.2012 12.11.1661 notwendig
Picasa 2 Google, Inc. 24.02.2006 2.0 unbekannt
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 08.03.2006 1.92 notwendig
ResearchSoft Direct Export Helper 28.10.2012 unbekannt
Roxio DigitalMedia Audio Roxio 15.10.2012 16,72MB 2.0.4 unbekannt
Roxio DigitalMedia Copy Roxio 15.10.2012 15,32MB 2.0.4 unbekannt
Roxio DigitalMedia Data Roxio 15.10.2012 15,02MB 2.0.4 unbekannt
SafeGuard® PrivateDisk 1.00.6 - Try and Buy Version Utimaco Safeware AG 24.02.2006 6,05MB 1.00.6.7 unbekannt
Setting Utility Series 24.02.2006 unbekannt
Skype 2.0 Skype Software S.A. 15.10.2012 2.0 notwendig
SonicStage 3.4 Sony Corporation 15.10.2012 3.4 unbekannt
Sony MP4 Shared Library Sony Corporation 24.02.2006 2.0 unbekannt
Sony USB Mouse unbekannt
Sony Utilities DLL 24.02.2006 unbekannt
Sony Video Shared Library Sony Corporation 24.02.2006 2.0.01 unbekannt
VAIO Control Center 24.02.2006 unbekannt
VAIO Entertainment Platform Sony Corporation 15.10.2012 1.3.30.11290 unbekannt
VAIO Event Service Sony Corporation 24.02.2006 2.2.00.06130 unbekannt
VAIO Hardware Diagnostics 24.02.2006 unbekannt
VAIO Long Battery Life Wallpaper 24.02.2006 unbekannt
VAIO Media 5.0 Sony Corporation 15.10.2012 5.0.10 unbekannt
VAIO Media AC3 Decoder 1.0 15.10.2012 unbekannt
VAIO Media Integrated Server 5.0 Sony Corporation 15.10.2012 unbekannt
VAIO Media Redistribution 5.0 Sony Corporation 15.10.2012 5.0.10 unbekannt
VAIO Original Screen Saver 12.12.2012 unbekannt
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents 24.02.2006 unbekannt
VAIO Power Management Sony Corporation 24.02.2006 1.7.01.10190 unbekannt
VAIO Product Survey Sony Corporation 24.02.2006 1.1.2.1 unbekannt
VAIO Sea Wallpaper 24.02.2006 unbekannt
VAIO Starfish Wallpaper 24.02.2006 unbekannt
VAIO Update Sony Corporation 21.10.2012 5.6.1.02150 unbekannt
VAIO-Online-Registrierung (Deutsch) Sony Corporation 24.02.2006 4.6.0.0 unbekannt
VideoLAN VLC media player 0.8.6d VideoLAN Team 07.12.2012 0.8.6d notwendig
Windows Internet Explorer 8 Microsoft Corporation 19.10.2012 20090308.140743 unnötig
Windows XP Service Pack 3 Microsoft Corporation 15.10.2012 20080414.031514 notwendig
Wireless LAN Starter 24.02.2006 unbekannt

Danke für deine Hilfe nochmal!

markusg · 13.12.2012, 15:14

passt alles.
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Click to DVD : beide
Google : alle
InterVideo
J2SE
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Memory Stick
Picasa
Skype : total veraltet!
Skype6 ist aktuell:
Installieren Sie Skype kostenlos für Anrufe, Videoanrufe und IM
VideoLAN : total veraltet!
VideoLAN - Official page for VLC media player, the Open Source video framework!
Aktuell, Version 2
Windows Internet Explorer 8 : ist nötig, und bleibt, der ie ist wichtiger Systembestandteil.

Öffne ccleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.