|
Log-Analyse und Auswertung: USB Stick infiziert - PC auch? - Windows VistaWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.02.2014, 17:50 | #1 |
| USB Stick infiziert - PC auch? - Windows Vista Hallo HelferInnen des Boards, heute wollte ich in einem CopyShop etwas drucken lassen und habe meinen USB Stick eingesteckt. Beim Öffnen des Explorers habe ich nur Verknüpfungen meiner Ordner entdeckt. Sofort habe ich den USB Stick auswerfen lassen, was länger gedauert hat. Da ich aber auf dem USB Stick wissenschaftliche Daten habe musste ich diesen in meinen Laptop einstecken. Nun habe ich Angst, dass sich der PC infiziert hat. Auffällig auf dem USB Stick ist eine versteckte Datei, die nach dem Löschen immer wieder zurückkehr Ich habe dann mein Stick formatiert mit dem Ergebnis, dass diese Datei wieder da ist.. Habe mit Malwarebytes einen Vollständigen Scan gemacht - keinen Fund. Ich bin normalerweise ein vorsichtiger Nutzer, nur dieses mal hat´s mich wahrsch. getroffen. Sonstige Auffälligkeiten habe ich keine festgestellt (keine PopUps usw.). Nur habe ich Bedenken bei Online Banking etc und führe diese nicht mehr aus. Wichtig ist für mich, dass ich meine Abschlussarbeit der Universität abschließen kann. Nun kann ich diese nicht einmal sichern, weil ein neuer USB Stick wahrscheinlich auch befallen wird... Ich habe die Schritte wie beschrieben befolgt und poste nun meine Logfiles. Vielen Dank im Voraus! Grüße Muri Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01 Ran by TÜRKIYE 2008 at 2014-02-14 16:56:20 Running from C:\Users\TÜRKIYE 2008\Contacts\Desktop\Board Software Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 4.59 alpha 4 (Version: - ) A.V.A (Version: 30.22.010007 - REDDUCK) Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden Adobe Flash Player 10 ActiveX (Version: 10.3.183.90 - Adobe Systems Incorporated) Adobe Flash Player 10 Plugin (Version: 10.3.183.90 - Adobe Systems Incorporated) Adobe Photoshop Elements 6.0 (Version: 6.0 - Adobe Systems, Inc.) Adobe Photoshop Elements 6.0 (Version: 6.0 - Adobe Systems, Inc.) Hidden Adobe Reader X (10.1.9) - Deutsch (Version: 10.1.9 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (Version: 11.6.5.635 - Adobe Systems, Inc.) Apple Application Support (Version: 2.3 - Apple Inc.) Apple Software Update (Version: 2.1.3.127 - Apple Inc.) AppMon Utility (Version: 2.3.00.09200 - Sony Corporation) ArcSoft Magic-i Visual Effects (Version: - ArcSoft) Audacity 1.2.6 (Version: - ) Audiograbber 1.83 SE (Version: 1.83 SE - Audiograbber Deutschland) Audiograbber Lame-MP3-Plugin (Version: 1.0 - AG) Avira Free Antivirus (Version: 14.0.2.286 - Avira) Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter (Version: 2.3 - Sony Corporation) Brother MFL-Pro Suite (Version: 1.00 - Brother Industries, Ltd.) Browser Address Error Redirector (Version: - ) CDBurnerXP (Version: 4.4.0.3018 - CDBurnerXP) Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072 - Cisco Systems, Inc.) Hidden Click to Disc (Version: 1.1.00.14140 - Sony Corporation) Click to Disc (Version: 1.1.00.14140 - Sony Corporation) Hidden Click to Disc Editor (Version: 1.2.00 - Sony Corporation) Click to Disc Editor (Version: 1.2.00 - Sony Corporation) Hidden Click to Disc Editor 1.2 Upgrade (Version: 1.0.00 - Ihr Firmenname) Hidden Commandos 3 - Destination Berlin (Version: - ) Crystal Reports Basic for Visual Studio 2008 (Version: 10.5.0.0 - Business Objects) Crystal Reports Basic German Language Pack for Visual Studio 2008 (Version: 10.5.0.0 - Business Objects) Dassault Systemes Software B19 (Version: - ) Dassault Systemes Software Prerequisites x86 (Version: 8.1.3 - Dassault Systemes) Dev-C++ 5 beta 9 release (4.9.9.2) (Version: - ) DivX Converter (Version: 7.1.0 - DivX, Inc.) DivX Plus DirectShow Filters (Version: - DivX, Inc.) DivX-Setup (Version: 2.6.1.87 - DivX, LLC) DreamBoxEdit -- The one and only settings editor for your Dreambox (Version: - ) Dropbox (HKCU Version: 2.2.3 - Dropbox, Inc.) DSD Direct (Version: 2.0.01 - Sony Corporation) DSD Direct Player (Version: 1.0 - Sony Corporation) DSD Playback Plug-in (Version: 1.1 - Sony Corporation) ElsterFormular-Upgrade (Version: 14.3.11574 - Landesfinanzdirektion Thüringen) EPSON Scan (Version: - ) FIFA 13 (Version: 1.5.0.0 - Electronic Arts) Free YouTube to MP3 Converter version 3.12.17.1127 (Version: 3.12.17.1127 - DVDVideoSoft Ltd.) GAP2 Studentenversion (Version: 1.0.0 - FZG) GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden HDAUDIO SoftV92 Data Fax Modem with SmartCP (Version: - ) Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB971091) (Version: 1 - Microsoft Corporation) Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB973674) (Version: 1 - Microsoft Corporation) ICQ7.6 (Version: 7.6 - ICQ) IDT Audio (Version: 5.10.5303.0 - IDT) Intel(R) Matrix Storage Manager (Version: - ) JabRef 2.9.2 (Version: 2.9.2 - JabRef Team) Java 7 Update 51 (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 2 (Version: 1.6.0.20 - Sun Microsystems, Inc.) Java(TM) 6 Update 24 (Version: 6.0.240 - Sun Microsystems, Inc.) Java(TM) 6 Update 3 (Version: 1.6.0.30 - Sun Microsystems, Inc.) Java(TM) 6 Update 6 (Version: 1.6.0.60 - Sun Microsystems, Inc.) JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation) MATLAB R2012b (Version: 8.0 - The MathWorks, Inc.) Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft .NET Compact Framework 2.0 SP2 (Version: 2.0.7045 - Microsoft Corporation) Microsoft .NET Compact Framework 3.5 (Version: 3.5.7283 - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Device Emulator Version 3.0 - DEU (Version: 9.0.21022 - Microsoft Corporation) Microsoft Document Explorer 2008 (Version: - Microsoft Corporation) Microsoft Document Explorer 2008 (Version: 9.0.21022 - Microsoft Corporation) Hidden Microsoft Document Explorer 2008 Language Pack - DEU (Version: - Microsoft Corporation) Microsoft Document Explorer 2008 Language Pack - DEU (Version: 9.0.21022 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Visio Viewer 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066 - Microsoft Corporation) Hidden Microsoft Office Visual Web Developer MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server Compact 3.5 Design Tools DEU (Version: 3.5.5386.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 DEU (Version: 3.5.5386.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 for Devices DEU (Version: 3.5.5386.0 - Microsoft Corporation) Microsoft SQL Server Database Publishing Wizard 1.2 (Version: 1.2.0.0 - Microsoft Corporation) Microsoft SQL Server Native Client (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visio Viewer 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack (Version: 8.0.50727.42 - Microsoft Corporation) Hidden Microsoft Visual Studio 2008 Professional Edition - DEU (Version: - Microsoft Corporation) Microsoft Visual Studio 2008 Professional Edition - DEU (Version: 9.0.21022 - Microsoft Corporation) Hidden Microsoft Visual Studio Web Authoring Component (Version: 12.0.4518.1066 - Microsoft Corporation) Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (Version: 3.5.21022 - Microsoft) Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011 - Microsoft Corporation) Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (Version: 6.1.5288.17011 - Microsoft Corporation) Microsoft Windows SDK for Visual Studio 2008 Tools (Version: 6.1.5288.17011 - Microsoft Corporation) Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (Version: 6.1.5288.17011 - Microsoft Corporation) Microsoft Works (Version: 08.05.0822 - Microsoft Corporation) MiKTeX 2.9 (Version: 2.9 - MiKTeX.org) Mozilla Firefox 27.0 (x86 de) (Version: 27.0 - Mozilla) Mozilla Maintenance Service (Version: 27.0 - Mozilla) Mp3tag v2.41 (Version: v2.41 - Florian Heidenreich) MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation) My Club VAIO (Version: 2.1 - ) Nokia Connectivity Cable Driver (Version: 7.1.36.0 - Nokia) Nokia Ovi Suite (Version: 3.0.0.284 - Nokia) Nokia Ovi Suite (Version: 3.0.0.284 - Nokia) Hidden Nokia Ovi Suite Software Updater (Version: 02.06.006.44298 - Nokia Corporation) NVIDIA Drivers (Version: - ) OpenMG Limited Patch 4.7-07-15-19-01 (Version: - ) OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140 - Sony Corporation) OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140 - Sony Corporation) Hidden OpenOffice 4.0.1 (Version: 4.01.9714 - Apache Software Foundation) Ovi Desktop Sync Engine (Version: 1.5.146.0 - Nokia) Hidden OviMPlatform (Version: 2.7.44.2 - Nokia) Hidden PaperPort Image Printer (Version: 1.00.0000 - Nuance Communications, Inc.) PC Connectivity Solution (Version: 10.50.2.0 - Nokia) PDFCreator (Version: 0.9.6 - Frank Heindörfer, Philip Chinery) Pro Evolution Soccer 2009 (Version: 1.10.0000 - KONAMI) Pro Evolution Soccer 2010 (Version: 1.03.0000 - KONAMI) QuickTime (Version: 7.74.80.86 - Apple Inc.) REACTOR (Version: 1.00.0000 - ijji) Realtek High Definition Audio Driver (Version: 6.0.1.5449 - Realtek Semiconductor Corp.) Recuva (Version: 1.44 - Piriform) Roxio Activation Module (Version: 1.0 - Roxio) Hidden Roxio Easy Media Creator Home (Version: 9.1.095 - Roxio) ScanSoft PaperPort 11 (Version: 11.1.0000 - Nuance Communications, Inc.) SecureW2 Enterprise Client 3.5.11 (Version: - ) Setting Utility Series (Version: 3.1.00.09240 - Sony Corporation) Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.) SonicStage Mastering Studio (Version: 2.3.01 - Sony Corporation) SonicStage Mastering Studio (Version: 2.3.01 - Sony Corporation) Hidden SonicStage Mastering Studio Audio Filter (Version: 2.3.01 - Sony Corporation) SonicStage Mastering Studio Plugins (Version: 2.4 - Sony Corporation) Sony Video Shared Library (Version: 3.3.00 - Sony Corporation) Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0 - Adobe Systems) Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (Version: 9.1.13.0 - Synaptics) TeXstudio 2.3 (Version: 2.3.0 - Benito van der Zander) Tools für Microsoft SQL Server 2005 Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden TuneUp Utilities 2008 (Version: 7.0.8007 - TuneUp Software) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.5000.00 - Microsoft Corporation) Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 System (KB2539530) (Version: - Microsoft) Update für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB972221) (Version: 1 - Microsoft Corporation) VAIO Camera Capture Utility (Version: 2.7.03.09250 - Sony Corporation) VAIO Content Folder Setting (Version: 1.1.02.11070 - Sony Corporation) VAIO Content Metadata Intelligent Analyzing Manager (Version: 2.1.00.09284 - Sony Corporation) Hidden VAIO Content Metadata Manager Setting (Version: 2.1.00.09281 - Sony Corporation) VAIO Content Metadata Manager Setting (Version: 2.1.00.09281 - Sony Corporation) Hidden VAIO Content Metadata XML Interface Library (Version: 3.1.00.03103 - Sony Corporation) Hidden VAIO Control Center (Version: 2.1.00.09190 - Sony Corporation) VAIO Data Restore Tool (Version: 1.0.03.10030 - Sony Corporation) VAIO Database Converter 1.0 (Version: 1.0.00 - Sony Corporation) VAIO Database Converter Ver 1.0 (Version: 1.0.00.00000 - Sony Corporation) Hidden VAIO DVD Menu Data Basic (Version: 1.0.00.08130 - Sony Corporation) VAIO Entertainment Platform (Version: 3.1.00.14150 - Sony Corporation) VAIO Event Service (Version: 3.3.00.11020 - Sony Corporation) VAIO Launcher (Version: 1.1.00.11210 - Sony Corporation) Vaio Marketing Tools (Version: - Sony) VAIO Media (Version: 6.0.10 - Sony Corporation) Hidden VAIO Media 6.0 (Version: 6.0.10 - Sony Corporation) VAIO Media AC3 Decoder 1.0 (Version: - ) VAIO Media Content Collection 6.0 (Version: - Sony Corporation) VAIO Media Integrated Server 6.1 (Version: - Sony Corporation) VAIO Media Redistribution 6.0 (Version: 6.0.10 - Sony Corporation) VAIO Media Registration Tool (Version: 6.0.10 - Sony Corporation) Hidden VAIO Media Registration Tool 6.0 (Version: 6.0.10 - Sony Corporation) VAIO Movie Story (Version: 1.1.00.10160 - Sony Corporation) Hidden VAIO Movie Story Template Data (Version: 1.1.00.09281 - Sony Corporation) VAIO MusicBox (Version: 1.1.02.12100 - Sony Corporation) VAIO MusicBox Sample Music (Version: 1.0.01.09210 - Sony Corporation) VAIO Original Function Setting (Version: 1.4.00.03240 - Sony Corporation) VAIO Power Management (Version: 2.3.01.10310 - Sony Corporation) VAIO Update (Version: 6.3.0.08010 - Sony Corporation) VAIO Wallpaper Contents (Version: 1.0.00.09200 - Sony Corporation) VBA (3821b) (Version: 6.01.00.1234 - Microsoft Corporation) Hidden VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden Virtual DJ Home - Atomix Productions (Version: - ) Visual Studio 2005 Tools for Office Second Edition Runtime (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.21022 - Microsoft Corporation) Hidden Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU (Version: 9.0.21022 - Microsoft Corporation) Hidden Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (Version: - Microsoft Corporation) VLC media player 1.0.3 (Version: 1.0.3 - VideoLAN Team) VU5x86 (Version: 1.1.0 - Sony Corporation ) Hidden WIDCOMM Bluetooth Software 6.1.0.2000 (Version: 6.1.0.2000 - Broadcom Corporation) Winamp (Version: 5.621 - Nullsoft, Inc) Windows Live Anmelde-Assistent (Version: 5.000.818.6 - Microsoft Corporation) Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp) Windows Mobile 5.0 SDK R2 for Pocket PC (Version: 5.00.1700.5.14343.06 - Microsoft Corporation) Windows Mobile 5.0 SDK R2 for Smartphone (Version: 5.00.1700.5.14343.06 - Microsoft Corporation) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0 - Nokia) WinDVD BD for VAIO (Version: 8.0-B9.429 - InterVideo Inc.) WinDVD BD for VAIO (Version: 8.0-B9.429 - InterVideo Inc.) Hidden Wireless Switch Setting Utility (Version: 3.6.00.18210 - Sony Corporation) ==================== Restore Points ========================= 22-01-2014 15:07:57 Windows Update 23-01-2014 13:14:04 Geplanter Prüfpunkt 26-01-2014 09:30:22 Geplanter Prüfpunkt 27-01-2014 10:05:35 Geplanter Prüfpunkt 28-01-2014 08:21:47 Windows Update 30-01-2014 13:02:06 Geplanter Prüfpunkt 31-01-2014 09:04:09 Windows Update 01-02-2014 16:31:30 Geplanter Prüfpunkt 02-02-2014 10:31:58 Geplanter Prüfpunkt 04-02-2014 09:21:39 Geplanter Prüfpunkt 04-02-2014 11:57:56 Windows Update 07-02-2014 10:45:48 Installed Java 7 Update 51 09-02-2014 10:03:14 Geplanter Prüfpunkt 10-02-2014 08:41:40 Geplanter Prüfpunkt 11-02-2014 10:27:21 Windows Update 12-02-2014 21:34:50 Windows Update ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {11FED4F9-B900-4850-A7B6-FC923795793C} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2013-08-01] (Sony Corporation) Task: {1488AB4F-8C4B-427E-8EFA-09EF69ABB092} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {19312E64-99E0-4633-9359-F6641C9B062E} - System32\Tasks\SONY\WSSU\WSSU => C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2007-06-15] (Sony Corporation) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation) Task: {6D2FD202-599D-4C68-8EC6-D7E3FB9062ED} - System32\Tasks\MATLAB R2012b Startup Accelerator => C:\Program Files\MATLAB\R2012b\bin\win32\MATLABStartupAccelerator.exe [2012-07-20] () Task: {8BF57061-387E-452F-AACD-FD01E7625CC5} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-08-01] (Sony Corporation) Task: {96D74B09-4990-4DDF-972E-2745C4E4636B} - System32\Tasks\{4D551BE4-F862-4CFE-9E76-81E2C18B071C} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.) Task: {AA665ECE-B3EA-4C5E-BC30-4AD07EEE2570} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - TÜRKIYE 2008 => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {CD10EDFF-EE8B-4D57-B4FC-22362BBB1C29} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] () Task: {EE5CAC31-291C-42A7-B733-50A88A170888} - System32\Tasks\SecureW2 Task => C:\Program Files\SecureW2\sw2_tray.exe [2013-09-23] (SecureW2 B.V.) Task: {FF376017-08DB-439F-88A8-305A9C01BB9D} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-08-01] (Sony Corporation) Task: {FFE006E4-5C21-4749-8C51-660FD2E6B2A7} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation) Task: C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job => C:\Program Files\MATLAB\R2012b\bin\win32\MATLABStartupAccelerator.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-14 16:49 - 2014-02-14 16:49 - 00118784 _____ () C:\Users\TÜRKIYE 2008\AppData\Local\Temp\~WS79E.tmp 2014-02-14 16:49 - 2014-02-14 16:49 - 00053248 _____ () C:\Users\TÜRKIYE 2008\AppData\Local\Temp\~WS2221.tmp 2014-02-14 16:49 - 2014-02-14 16:49 - 00045056 _____ () C:\Users\TÜRKIYE 2008\AppData\Local\Temp\~WS2E52.tmp ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:7311BB85 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: gusvc => 3 MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/14/2014 04:49:01 PM) (Source: VzCdbSvc) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (02/14/2014 00:49:17 PM) (Source: VzCdbSvc) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (02/13/2014 01:05:51 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung FlashPlayerPlugin_12_0_0_44.exe, Version 12.0.0.44, Zeitstempel 0x52e70cce, fehlerhaftes Modul FlashPlayerPlugin_12_0_0_44.exe, Version 12.0.0.44, Zeitstempel 0x52e70cce, Ausnahmecode 0x40000015, Fehleroffset 0x00017b60, Prozess-ID 0x10ac, Anwendungsstartzeit FlashPlayerPlugin_12_0_0_44.exe0. Error: (02/13/2014 08:59:25 AM) (Source: VzCdbSvc) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (02/10/2014 09:34:11 PM) (Source: VzCdbSvc) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (02/10/2014 08:54:22 AM) (Source: VzCdbSvc) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (02/07/2014 09:28:09 PM) (Source: VzCdbSvc) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (02/07/2014 11:39:39 AM) (Source: VzCdbSvc) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (02/07/2014 11:31:34 AM) (Source: MsiInstaller) (User: SONYVAIOAR) Description: Produkt: Java 7 Update 51 -- Fehler 25025. Eine vorherige Deinstallation von Java wurde nicht abgeschlossen. Starten Sie den Computer vor der Installation von Java neu. Error: (02/04/2014 09:17:47 AM) (Source: VzCdbSvc) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) System errors: ============= Error: (02/14/2014 04:49:01 PM) (Source: Service Control Manager) (User: ) Description: 30000vpnagent Error: (02/14/2014 04:49:01 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (02/14/2014 03:39:38 PM) (Source: Dhcp) (User: ) Description: Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 001F3B8250F5 zugeteilt werden. Der folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen. Error: (02/14/2014 00:52:24 PM) (Source: Service Control Manager) (User: ) Description: VUAgent%%1053 Error: (02/14/2014 00:52:24 PM) (Source: Service Control Manager) (User: ) Description: 30000VUAgent Error: (02/14/2014 00:52:23 PM) (Source: DCOM) (User: ) Description: 1053VUAgent{4EE3B587-5512-4A71-BB81-ADFC0559687B} Error: (02/14/2014 00:51:53 PM) (Source: Service Control Manager) (User: ) Description: Windows-Dienst für Schriftartencache%%1053 Error: (02/14/2014 00:51:51 PM) (Source: Service Control Manager) (User: ) Description: 30000Windows-Dienst für Schriftartencache Error: (02/14/2014 00:49:23 PM) (Source: Service Control Manager) (User: ) Description: 30000vpnagent Error: (02/14/2014 00:49:23 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Microsoft Office Sessions: ========================= Error: (02/14/2014 04:49:01 PM) (Source: VzCdbSvc)(User: ) Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019 Error: (02/14/2014 00:49:17 PM) (Source: VzCdbSvc)(User: ) Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019 Error: (02/13/2014 01:05:51 PM) (Source: Application Error)(User: ) Description: FlashPlayerPlugin_12_0_0_44.exe12.0.0.4452e70cceFlashPlayerPlugin_12_0_0_44.exe12.0.0.4452e70cce4000001500017b6010ac01cf28b33dbbc69e Error: (02/13/2014 08:59:25 AM) (Source: VzCdbSvc)(User: ) Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019 Error: (02/10/2014 09:34:11 PM) (Source: VzCdbSvc)(User: ) Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019 Error: (02/10/2014 08:54:22 AM) (Source: VzCdbSvc)(User: ) Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019 Error: (02/07/2014 09:28:09 PM) (Source: VzCdbSvc)(User: ) Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019 Error: (02/07/2014 11:39:39 AM) (Source: VzCdbSvc)(User: ) Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019 Error: (02/07/2014 11:31:34 AM) (Source: MsiInstaller)(User: SONYVAIOAR) Description: Produkt: Java 7 Update 51 -- Fehler 25025. Eine vorherige Deinstallation von Java wurde nicht abgeschlossen. Starten Sie den Computer vor der Installation von Java neu.(NULL)(NULL)(NULL)(NULL) Error: (02/04/2014 09:17:47 AM) (Source: VzCdbSvc)(User: ) Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019 CodeIntegrity Errors: =================================== Date: 2014-02-02 09:24:26.797 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-02 09:24:26.516 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-02 09:24:26.266 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-02 09:24:25.985 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-02 09:24:25.736 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-02 09:24:25.502 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-02 09:16:11.094 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-02 09:16:10.844 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-02 09:16:10.595 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-02 09:16:10.252 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 41% Total physical RAM: 3069.51 MB Available physical RAM: 1806.88 MB Total Pagefile: 6340.02 MB Available Pagefile: 4904.71 MB Total Virtual: 2047.88 MB Available Virtual: 1904.11 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:269.01 GB) (Free:34.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 279 GB) (Disk ID: A4FDBA1D) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=269 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:44 on 14/02/2014 (TÜRKIYE 2008) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01 Ran by TÜRKIYE 2008 (administrator) on SONYVAIOAR on 14-02-2014 16:55:46 Running from C:\Users\TÜRKIYE 2008\Contacts\Desktop\Board Software Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (brother Industries Ltd) C:\Windows\system32\brsvc01a.exe (brother Industries Ltd) C:\Windows\system32\brss01a.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe () C:\Users\TÜRKIYE 2008\AppData\LocalLow\Flagfox\IE\FlagfoxUpdater.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Sony Corporation) C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe (Sony NSCE) C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (SecureW2 B.V.) C:\Program Files\SecureW2\sw2_tray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Sony Corporation) C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (IDT, Inc.) C:\Windows\system32\stacsv.exe (ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4669440 2007-08-25] (Realtek Semiconductor) HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-08-25] (Realtek Semiconductor Corp.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-10] (Synaptics, Inc.) HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-02-12] (Intel Corporation) HKLM\...\Run: [AppMon Utility] - C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe [542560 2007-09-20] (Sony Corporation) HKLM\...\Run: [MarketingTools] - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [36864 2007-11-21] (Sony NSCE) HKLM\...\Run: [ISBMgr.exe] - C:\Program Files\Sony\ISB Utility\ISBMgr.exe [311296 2007-09-19] (Sony Corporation) HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.) HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [92704 2009-05-26] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8530464 2009-05-26] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [88608 2009-05-26] (NVIDIA Corporation) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SecureW2 Tray] - C:\Program Files\SecureW2\sw2_tray.exe [199512 2013-09-23] (SecureW2 B.V.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\Run: [] - [X] HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\Run: [gzrwrzedkb] - C:\Users\TÜRKIYE 2008\AppData\Local\Temp\gzrwrzedkb..vbs [101659 2013-08-06] () <===== ATTENTION HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\MountPoints2: G - G:\Autorun\Autorun.exe HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\MountPoints2: H - H:\Autorun\Autorun.exe HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\MountPoints2: {0acbd2d6-5123-11de-8814-001a80f66d21} - H:\eyt.exe HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\MountPoints2: {0dd1b3a6-61a0-11df-b5ab-001a80f66d21} - H:\AutoRun.exe HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\MountPoints2: {34170647-7463-11df-bc14-001a80f66d21} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\MountPoints2: {3fe3aa3c-c94d-11dd-8153-001f3b8250f5} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\resycled\boot.com j: HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\MountPoints2: {489d33f6-6327-11df-ad6d-001a80f66d21} - H:\AutoRun.exe HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\MountPoints2: {ad4802af-5230-11dd-a1a2-001f3b8250f5} - G:\Installer.exe HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\MountPoints2: {bc80d0cb-fe7b-11de-abc8-001a80f66d21} - H:\AutoRun.exe HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\MountPoints2: {bc80d0d5-fe7b-11de-abc8-001a80f66d21} - H:\AutoRun.exe HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\MountPoints2: {d2cd48cc-ad2c-11de-a8dc-001a80f66d21} - H:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\MountPoints2: {d2cd48e1-ad2c-11de-a8dc-001a80f66d21} - I:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\MountPoints2: {d2cd4906-ad2c-11de-a8dc-001a80f66d21} - H:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\MountPoints2: {d2cd4911-ad2c-11de-a8dc-001a80f66d21} - H:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\MountPoints2: {e530dc26-b94a-11de-b410-001a80f66d21} - I:\LaunchU3.exe -a Startup: C:\Users\TÜRKIYE 2008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk ShortcutTarget: Audio Filter.lnk -> C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation) Startup: C:\Users\TÜRKIYE 2008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gzrwrzedkb..vbs () Startup: C:\Users\TÜRKIYE 2008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com SearchScopes: HKLM - DefaultScope {1AEE305D-D608-4FA2-8B4D-1EA9505061E3} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= SearchScopes: HKLM - {1AEE305D-D608-4FA2-8B4D-1EA9505061E3} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Flagfox - {A02B5E09-122E-4A2D-B996-D997485B8C9E} - C:\Users\TÜRKIYE 2008\AppData\LocalLow\Flagfox\IE\Flagfox.dll (Dave G) BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} hxxp://www.radyotvonline.com/play/ampx_en_dl.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) FireFox: ======== FF ProfilePath: C:\Users\TÜRKIYE 2008\AppData\Roaming\Mozilla\Firefox\Profiles\apq0vmxq.default FF user.js: detected! => C:\Users\TÜRKIYE 2008\AppData\Roaming\Mozilla\Firefox\Profiles\apq0vmxq.default\user.js FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\TÜRKIYE 2008\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll (NHN USA Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\TÜRKIYE 2008\AppData\Roaming\Mozilla\Firefox\Profiles\apq0vmxq.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF Extension: Adblock Plus - C:\Users\TÜRKIYE 2008\AppData\Roaming\Mozilla\Firefox\Profiles\apq0vmxq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-24] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [] FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [] FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [] ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] () R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG) R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) R2 FlagfoxUpdater; C:\Users\TÜRKIYE 2008\AppData\LocalLow\Flagfox\IE\FlagfoxUpdater.exe [18432 2012-02-28] () S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-08] (Microsoft Corporation) S3 npggsvc; C:\Windows\system32\GameMon.des [4012424 2010-11-23] (INCA Internet Co., Ltd.) S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361728 2009-04-09] (TuneUp Software GmbH) R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [125440 2007-10-31] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-02-15] (Sony Corporation) R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-08-14] (Sony Corporation) S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-06-20] (Sony Corporation) S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-20] (Sony Corporation) S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-20] (Sony Corporation) S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [499712 2007-06-20] (Sony Corporation) S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation) S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-20] (Sony Corporation) S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-20] (Sony Corporation) S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [292128 2007-09-28] (Sony Corporation) R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2008-02-15] (Sony Corporation) R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.) R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1020976 2013-08-01] (Sony Corporation) R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [184320 2008-02-15] (Sony Corporation) R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [147456 2008-02-15] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [40304 2013-10-10] (Cisco Systems, Inc.) S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58736 2013-10-10] (Cisco Systems, Inc.) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2007-10-29] (ArcSoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider) R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [16688 2007-04-24] (IBM) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-07-15] (Duplex Secure Ltd.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-06] (Avira GmbH) R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-06] (Texas Instruments) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 RTL8187B; system32\DRIVERS\wg111v3.sys [X] U2 srservice; U5 UnlockerDriver5; C:\Users\TÜRKIYE 2008\Downloads\unlocker1.8.8-portable\UnlockerDriver5.sys [4096 2009-10-25] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-14 16:54 - 2014-02-14 16:55 - 00000000 ____D () C:\FRST 2014-02-14 16:44 - 2014-02-14 16:44 - 00000020 _____ () C:\Users\TÜRKIYE 2008\defogger_reenable 2014-02-14 14:21 - 2014-02-14 14:22 - 00405360 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-12 22:36 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-12 22:36 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-12 22:36 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-12 22:36 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-12 22:36 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-12 22:36 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-12 22:36 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-12 22:36 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-12 22:36 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-12 22:36 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-12 22:36 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-12 22:36 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-12 22:36 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-12 22:36 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-12 22:36 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-12 22:36 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-12 22:28 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-07 12:02 - 2014-02-07 12:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-07 11:53 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-02-07 11:53 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-02-07 11:53 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-02-07 11:53 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-02-07 11:52 - 2014-02-07 11:53 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-02-07 11:31 - 2014-02-07 11:32 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-01 20:45 - 2014-02-01 20:45 - 00000000 ____D () C:\Users\TÜRKIYE 2008\AppData\Roaming\Malwarebytes 2014-02-01 20:44 - 2014-02-01 20:44 - 00000866 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-01 20:44 - 2014-02-01 20:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-01 20:44 - 2014-02-01 20:44 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-01 20:44 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-24 17:10 - 2014-01-24 17:10 - 00000931 _____ () C:\Users\TÜRKIYE 2008\Downloads\telekom-root-2-cer.crt ==================== One Month Modified Files and Folders ======= 2014-02-14 16:55 - 2014-02-14 16:54 - 00000000 ____D () C:\FRST 2014-02-14 16:48 - 2008-07-03 20:29 - 00255572 _____ () C:\Users\TÜRKIYE 2008\AppData\Roaming\nvModes.001 2014-02-14 16:47 - 2012-10-17 23:08 - 00000560 _____ () C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job 2014-02-14 16:46 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-14 16:46 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-14 16:46 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-14 16:45 - 2008-07-03 19:12 - 02030899 _____ () C:\Windows\WindowsUpdate.log 2014-02-14 16:45 - 2007-11-21 11:05 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-02-14 16:45 - 2006-11-02 14:01 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-14 16:44 - 2014-02-14 16:44 - 00000020 _____ () C:\Users\TÜRKIYE 2008\defogger_reenable 2014-02-14 16:44 - 2008-07-03 20:29 - 00000000 ____D () C:\Users\TÜRKIYE 2008 2014-02-14 16:29 - 2012-07-05 19:55 - 00000000 ____D () C:\Users\TÜRKIYE 2008\Downloads\Neuer Ordner 2014-02-14 15:58 - 2006-11-02 11:33 - 01714978 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-14 15:06 - 2013-12-10 17:44 - 00000000 ____D () C:\Users\TÜRKIYE 2008\Downloads\print 2014-02-14 14:45 - 2013-12-30 21:42 - 00000000 ____D () C:\Users\TÜRKIYE 2008\Documents\Neuer Ordner 2014-02-14 14:22 - 2014-02-14 14:21 - 00405360 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-14 13:40 - 2012-10-17 23:51 - 00000000 ____D () C:\Users\TÜRKIYE 2008\Documents\MATLAB 2014-02-13 13:05 - 2010-05-16 14:18 - 00000000 ____D () C:\Users\TÜRKIYE 2008\AppData\Local\CrashDumps 2014-02-13 09:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-12 22:54 - 2013-07-29 21:56 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-12 22:43 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-02-12 12:33 - 2008-07-03 20:29 - 00255572 _____ () C:\Users\TÜRKIYE 2008\AppData\Roaming\nvModes.dat 2014-02-10 09:18 - 2009-12-20 01:13 - 00000000 ____D () C:\Users\TÜRKIYE 2008\AppData\Roaming\vlc 2014-02-09 20:20 - 2010-03-07 16:33 - 00000000 ____D () C:\Users\TÜRKIYE 2008\AppData\Roaming\dvdcss 2014-02-07 21:25 - 2012-05-05 09:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-07 12:05 - 2007-11-21 14:34 - 00000000 ____D () C:\ProgramData\Adobe 2014-02-07 12:02 - 2014-02-07 12:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-07 11:59 - 2008-07-03 20:29 - 00000000 ____D () C:\Users\TÜRKIYE 2008\AppData\Local\Adobe 2014-02-07 11:54 - 2013-10-20 19:36 - 00000000 ____D () C:\ProgramData\Oracle 2014-02-07 11:53 - 2014-02-07 11:52 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-02-07 11:53 - 2007-11-21 14:41 - 00000000 ____D () C:\Program Files\Java 2014-02-07 11:35 - 2013-07-01 10:24 - 00083802 _____ () C:\Windows\PFRO.log 2014-02-07 11:32 - 2014-02-07 11:31 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-07 11:31 - 2009-12-05 23:06 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-02-05 09:58 - 2014-02-12 22:36 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-05 09:56 - 2014-02-12 22:36 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-05 09:53 - 2014-02-12 22:36 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-05 09:51 - 2014-02-12 22:36 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-05 09:50 - 2014-02-12 22:36 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-05 09:49 - 2014-02-12 22:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-05 09:49 - 2014-02-12 22:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-05 09:48 - 2014-02-12 22:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-05 09:48 - 2014-02-12 22:36 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-05 09:48 - 2014-02-12 22:36 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-05 09:48 - 2014-02-12 22:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-05 09:48 - 2014-02-12 22:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-05 09:47 - 2014-02-12 22:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-05 09:47 - 2014-02-12 22:36 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-05 09:47 - 2014-02-12 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-05 09:46 - 2014-02-12 22:36 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-02 10:00 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-02-01 20:45 - 2014-02-01 20:45 - 00000000 ____D () C:\Users\TÜRKIYE 2008\AppData\Roaming\Malwarebytes 2014-02-01 20:44 - 2014-02-01 20:44 - 00000866 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-01 20:44 - 2014-02-01 20:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-01 20:44 - 2014-02-01 20:44 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-01-28 16:15 - 2010-04-14 15:26 - 00000000 ____D () C:\Users\TÜRKIYE 2008\Downloads\bachelor noten v2.2 2014-01-24 17:10 - 2014-01-24 17:10 - 00000931 _____ () C:\Users\TÜRKIYE 2008\Downloads\telekom-root-2-cer.crt 2014-01-24 17:10 - 2013-08-10 12:07 - 00003426 _____ () C:\Windows\setupact.log 2014-01-16 09:04 - 2013-06-23 12:23 - 00000000 ____D () C:\Users\TÜRKIYE 2008\AppData\Roaming\Dropbox Files to move or delete: ==================== C:\Users\TÜRKIYE 2008\AppData\Local\Temp\gzrwrzedkb..vbs C:\Users\TÜRKIYE 2008\AppData\Roaming\desktop.ini Some content of TEMP: ==================== C:\Users\TÜRKIYE 2008\AppData\Local\Temp\avgnt.exe C:\Users\TÜRKIYE 2008\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-14 16:58 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-02-14 17:31:55 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0041 279,46GB Running: 0yc88usj.exe; Driver: C:\Users\TRKIYE~1\AppData\Local\Temp\pwldruob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F208340, 0x39C277, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\taskeng.exe[1176] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\system32\taskeng.exe[1176] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\system32\Dwm.exe[1440] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\system32\Dwm.exe[1440] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\Explorer.EXE[2028] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\Explorer.EXE[2028] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[2332] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[2332] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Windows Defender\MSASCui.exe[2352] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Windows Defender\MSASCui.exe[2352] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\RtHDVCpl.exe[2368] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\RtHDVCpl.exe[2368] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2416] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2416] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2680] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2680] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe[2700] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe[2700] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[2728] KERNEL32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Sony\Marketing Tools\MarketingTools.exe[2728] KERNEL32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[2740] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[2740] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2752] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2752] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\System32\rundll32.exe[2784] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\System32\rundll32.exe[2784] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2800] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2800] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\SecureW2\sw2_tray.exe[2840] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\SecureW2\sw2_tray.exe[2840] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\ehome\ehtray.exe[2876] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\ehome\ehtray.exe[2876] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2896] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2896] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\System32\wscript.exe[2952] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\System32\wscript.exe[2952] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe[2968] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe[2968] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\ehome\ehmsas.exe[3216] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\ehome\ehmsas.exe[3216] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\System32\rundll32.exe[4048] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\System32\rundll32.exe[4048] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\system32\conime.exe[5036] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\system32\conime.exe[5036] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\Explorer.exe[5280] kernel32.dll!CreateProcessW 77061BF3 5 Bytes JMP 66002F20 C:\Windows\system32\SonyAIwd.dll .text C:\Windows\Explorer.exe[5280] kernel32.dll!CreateProcessA 77061C28 5 Bytes JMP 66002DD0 C:\Windows\system32\SonyAIwd.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb5739df Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb5739f9 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8ad670 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3da24b66 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3da24b66@002109da5b88 0xA8 0x6C 0x0C 0xE6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3da24b66@001fc655a1ed 0x7E 0x45 0x2E 0x67 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3da24b66@a87e3312d005 0xD9 0xDB 0xDB 0xF2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3da24b66@e4b021dd778b 0x06 0x5D 0x03 0x61 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x44 0x21 0x2F 0x60 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCD 0x2D 0x44 0x01 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAF 0x82 0x05 0x4F ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bfb5739df (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bfb5739f9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d8ad670 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3da24b66 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3da24b66@002109da5b88 0xA8 0x6C 0x0C 0xE6 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3da24b66@001fc655a1ed 0x7E 0x45 0x2E 0x67 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3da24b66@a87e3312d005 0xD9 0xDB 0xDB 0xF2 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3da24b66@e4b021dd778b 0x06 0x5D 0x03 0x61 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x44 0x21 0x2F 0x60 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCD 0x2D 0x44 0x01 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAF 0x82 0x05 0x4F ... ---- EOF - GMER 2.1 ---- |
14.02.2014, 18:20 | #2 |
/// TB-Ausbilder | USB Stick infiziert - PC auch? - Windows Vista Hallo,
__________________ja dein Rechner wurde von diesem Wurm infiziert. Deshalb werden bei jedem eingesteckten USB-Stick die bestehenden Dateien und Ordner versteckt und durch eine Verknüpfung ersetzt und es wird diese versteckte Datei erstellt. Wir reinigen jetzt den Rechner, danach kannst du deinen Stick nochmals formatieren. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter (Microsoft Corporation) C:\Windows\System32\wscript.exe HKU\S-1-5-21-2524389678-3439808397-722042905-1000\...\Run: [gzrwrzedkb] - C:\Users\TÜRKIYE 2008\AppData\Local\Temp\gzrwrzedkb..vbs [101659 2013-08-06] () <===== ATTENTION C:\Users\TÜRKIYE 2008\AppData\Local\Temp\gzrwrzedkb..vbs C:\Users\TÜRKIYE 2008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gzrwrzedkb..vbs Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Starte den Rechner neu. Starte dann noch einmal FRST.
__________________ |
14.02.2014, 18:31 | #3 |
| USB Stick infiziert - PC auch? - Windows Vista Hi...
__________________Danke für die schnelle Antwort. Aber mein PC spinnt jetzt =((( Ich kann kein fenster öffnen.. es werden keine Desktopsymbole angezeigt! Das einzige was ich jetz will ist meine Abshlussarbeit nicht zu verlieren. Edit. Es geht gar nichts mehr. Auch nicht im abgesicherten Modus. Wie gehe ich vor? Vielen Dank! Grüsse Ps. Schreibe vom Handy... Geändert von geldes (14.02.2014 um 18:46 Uhr) |
14.02.2014, 19:28 | #4 | |
/// TB-Ausbilder | USB Stick infiziert - PC auch? - Windows VistaZitat:
__________________ cheers, Leo |
14.02.2014, 20:44 | #5 |
| USB Stick infiziert - PC auch? - Windows Vista Also... Ich habe mein rechner neugestartet, weil ich nichts mehr öffnen konnte. Keine Ordner und keine Programme. Es passiert einfach nichts... und alle Dateien auf dem Desktop sind weg. |
14.02.2014, 23:21 | #6 |
/// TB-Ausbilder | USB Stick infiziert - PC auch? - Windows Vista Hast du den Fix aus Schritt 1 ausgeführt, oder ist das vorher schon passiert? Kannst du in diesem Zustand den Taskmanager öffnen (CTRL + ALT + DEL drücken)?
__________________ --> USB Stick infiziert - PC auch? - Windows Vista |
15.02.2014, 01:50 | #7 |
| USB Stick infiziert - PC auch? - Windows Vista Hi, nein ich konnte nicht fixen. Habe die Antwort später erhalten. Ja es lässt sich der Taskmanager öffnen... Weisst du genau was dieser Wurm macht? Grüße Muri |
15.02.2014, 12:52 | #8 |
/// TB-Ausbilder | USB Stick infiziert - PC auch? - Windows Vista Kannst du also den Taskmanager starten und dann Datei -> Neuer Task (Ausführen...) wählen, dort explorer.exe eingeben und bestätigen. Tut sich dann was? (Was der Wurm genau macht - ausser sich weiterzuverbreiten - kann ich noch nicht sagen. Dafür müsste ich dann das File untersuchen.)
__________________ cheers, Leo |
15.02.2014, 19:37 | #9 |
| USB Stick infiziert - PC auch? - Windows Vista Hi Leo, leider muss ich verreisen und werde mein Laptop nicht mitnehmen. Kann ich nochmal auf dich zurückkommen? Es wird am Laptop nichts unternommen während ich weg bin. Dieser bleibt so wie er ist... wir können daher weitermachen. Vielen Dank! Grüße Muri |
16.02.2014, 20:28 | #10 |
/// TB-Ausbilder | USB Stick infiziert - PC auch? - Windows Vista Hi, klar, melde dich einfach wieder hier, wenn es weiter geht.
__________________ cheers, Leo |
Themen zu USB Stick infiziert - PC auch? - Windows Vista |
4d36e972-e325-11ce-bfc1-08002be10318, antivirus, autorun, avira, computer, converter, defender, desktop, device driver, dvdvideosoft ltd., error, firefox, flash player, home, homepage, msiinstaller, pc infiziert, registry, required, rundll, safer networking, scan, security, server, services.exe, smartphone, starten, stick, svchost.exe, symantec, usb, vista, windows |