| |
| |||||||
Log-Analyse und Auswertung: Trojaner in System32Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.04.2010, 14:03
| #1 |
| |  Trojaner in System32 Hallo, durch avast wurden bei mir über 200 infizierte Dateien entdeckt (da ich leider aufgrund von Problemen mit der Installation von avast einige Wochen keinen Anti-Viren-Programm hatte). Über die Suche bei google und auch hier im Forum bin ich leider nicht viel weiter gekommen, daher wäre es wirklich sehr nett, wenn mir jemand aus diesem Forum bei meinem Problem helfen könnte! Es haben sich noch keine konkreten, durch den Virus versursachten Beinträchtigungen auf meinem Laptop gezeigt, jedoch wurde ich gestern von meinem Internetanbieter darauf hingewiesen, dass dorthin vorgestern ein Virus über meine IP-Adresse verschickt wurde. Ich habe den CCleaner verwendet und anschließend mit Malwarebytes' Anti-Malware Folgendes ausgeben lassen: Code:
ATTFilter Laufzeit: 2 Stunde(n), 4 Minute(n), 34 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 2
Infizierte Dateien: 213
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
C:\Program Files\System32 (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Program Files\System32\PDFProfessional (Backdoor.Bifrose) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Windows\System32\01840.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\01988.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\01A91.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0203C.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\02589.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\02E40.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\042F8.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\04633.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06566.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\066AE.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\067F5.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06862.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06882.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\068B0.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0699A.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06A36.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06AB3.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06B30.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06B4F.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06C58.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06CA6.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06CB6.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06D14.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06D90.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06E1D.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06E1E.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06EA9.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06EF7.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06F26.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08046.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0895A.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08DDD.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09710.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09F4B.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0AA54.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A053.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A10F.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A12E.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A17C.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A247.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A248.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A266.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A267.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A2D3.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A3EC.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A449.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A469.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A46A.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A4C6.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A4D6.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A562.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A591.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A65C.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A6C9.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0A8CC.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0AA33.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0AA52.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0AA53.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08E1B.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08E4A.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08EB7.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08ED6.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08F43.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08F63.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08F91.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08FA1.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08FA2.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08FA3.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08FA4.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08FEF.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0900E.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0904D.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0907B.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\090F8.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09156.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09157.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\091A4.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0924F.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\092EB.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\092FB.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09359.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09368.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09397.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\093D5.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0950D.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0956B.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\095B9.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\096B3.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0AA90.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0AC16.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0AC74.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0AE57.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0AED4.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0AF8.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0AFCE.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0B0A8.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0B1E0.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0B412.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0B53A.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0B588.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0B653.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0B875.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0B9FB.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0BB62.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0C4C4.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0C6A8.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0D883.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0DF27.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0E35B.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0FB8D.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08047.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08111.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0816E.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0819D.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\081BC.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\081CC.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0821A.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\082C5.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\082F4.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08352.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\083BF.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0840D.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0848A.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\084C8.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08535.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08593.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0862F.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\086DB.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\087D4.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08832.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\088AF.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09720.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0976E.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\097AC.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\097DB.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\097FA.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09877.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\098C5.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\098D5.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\098E4.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09A2C.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09A4B.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09B06.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09BD1.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09BE1.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09BF4.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09C1F.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09C9C.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09DE3.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09E22.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09E31.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09E70.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09F0C.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\09F4A.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06F45.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06F46.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\06FC2.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07196.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07197.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0729F.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\074D1.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0755D.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07628.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07686.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07695.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\076E3.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0782B.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07963.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07A3D.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07A4D.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07A7C.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07B18.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07B95.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07BA4.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07BF2.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07C50.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07CDC.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07DD6.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07E05.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07EFE.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\07FC9.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\0895B.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08979.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\089B8.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\089F6.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\089F7.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08A83.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08AA2.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08AF0.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08B2E.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08B7C.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08BCA.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08BDA.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08C28.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08CA5.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08D02.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08D12.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08D21.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08D41.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Windows\System32\08DCD.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Programme 1\3GP_Converter034\Setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\System32\PDFProfessional\0x0407.ini (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Program Files\System32\PDFProfessional\0x0409.ini (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Program Files\System32\PDFProfessional\0x040c.ini (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Program Files\System32\PDFProfessional\1031.mst (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Program Files\System32\PDFProfessional\1033.mst (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Program Files\System32\PDFProfessional\1036.mst (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Program Files\System32\PDFProfessional\build.id (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Program Files\System32\PDFProfessional\Data132.CAB (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Program Files\System32\PDFProfessional\Nuance PDF Professional 6.msi (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Program Files\System32\PDFProfessional\setup.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Program Files\System32\PDFProfessional\Setup.ini (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Program Files\System32\PDFProfessional\WindowsInstaller-KB893803-x86.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by *** at 2010-04-23 14:25:56 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 21 GB (27%) free of 79 GB Total RAM: 2046 MB (40% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:26:30, on 23.04.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\mobsync.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\sony\ISB Utility\ISBMgr.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Windows\System32\rundll32.exe C:\Program Files\Brownie\BrStsWnd.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\Apvfb.exe C:\Program Files\Brownie\brpjp04a.exe C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\humyo.de SmartDrive\HrfsClient.exe C:\Windows\system\w98eject.exe C:\VistaOSX09\RKLauncher.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\***\Desktop\HijackThis.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QPT0UFZK\RSIT[1].exe C:\Users\***\Desktop\***.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.club-vaio.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.club-vaio.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: IEHelperObject - {4DC16316-5372-4476-9CA5-88B2786B838F} - C:\Program Files\humyo.de SmartDrive\HrfsDownloader.dll O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file) O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 6\pdfpro6hook.exe O4 - HKLM\..\Run: [PDF6 Registry Controller] C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe O4 - HKLM\..\Run: [Nuance PDF Professional 6-reminder] "C:\Program Files\Nuance\PDF Professional 6\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Professional 6\Ereg\Ereg.ini" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Dock.lnk = C:\VistaOSX09\RKLauncher.exe O4 - Startup: Dropbox.lnk = ***\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: humyo SmartDrive.lnk = C:\Program Files\humyo.de SmartDrive\HrfsClient.exe O4 - Global Startup: w98Eject.lnk = C:\Windows\system\w98eject.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with Nuance PDF Converter 6.0 - res://C:\Program Files\Nuance\PDF Professional 6\cnvres_eng.dll /100 O8 - Extra context menu item: Open with PDF Professional 6 - res://C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm O8 - Extra context menu item: Save Image To humyo.de - C:\Program Files\humyo.de SmartDrive\download.html O8 - Extra context menu item: Save Target To humyo.de - C:\Program Files\humyo.de SmartDrive\download.html O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{2EFE0A4B-A6D7-4F13-8331-3D69AC430BF1}: NameServer = 192.168.0.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: humyo.com - humyo.com Ltd. - C:\Program Files\humyo.de SmartDrive\hrfscore.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe O23 - Service: SCM_Service - Unknown owner - C:\Windows\System32\WinService.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 17035 bytes ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{18908008-8A08-4050-9C1B-B271C41F12BB}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}] C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-11-17 96984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2010-01-07 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DC16316-5372-4476-9CA5-88B2786B838F}] IEHelperObject Class - C:\Program Files\humyo.de SmartDrive\HrfsDownloader.dll [2009-11-02 499608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}] PlusIEEventHelper Class - C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll [2009-02-06 249856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FE6A929-59D1-4763-91AD-29B61CFFB35B}] CmjBrowserHelperObject Object - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll [2008-12-08 70944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9}] ZeonIEEventHelper Class - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll [2009-03-26 475136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-18 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}] kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2010-02-10 750256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-11-17 565960] {2318C2B1-4965-11d4-9B18-009027A5CD4F} {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - Nuance PDF - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll [2009-03-26 475136] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-01-12 118784] "VAIOCameraUtility"=C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe [2007-05-16 411768] "ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2007-01-22 321656] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-17 107112] "IS CfgWiz"=C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe [2006-11-17 46728] "osCheck"=C:\Program Files\Norton Internet Security\osCheck.exe [2006-11-17 22696] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768] "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-05-11 86016] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-05-11 8429568] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-05-11 81920] "BrStsWnd"=C:\Program Files\Brownie\BrstsWnd.exe [2007-07-31 815104] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352] "MMReminderService"=C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe [2008-12-08 37656] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-01-07 198160] "NBKeyScan"=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2008-02-21 1647912] "PDFHook"=C:\Program Files\Nuance\PDF Professional 6\pdfpro6hook.exe [2009-08-06 1368064] "PDF6 Registry Controller"=C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe [2009-07-27 110880] "Nuance PDF Professional 6-reminder"=C:\Program Files\Nuance\PDF Professional 6\Ereg\Ereg.exe [2008-11-03 54560] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] "avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-04-14 2790472] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe humyo SmartDrive.lnk - C:\Program Files\humyo.de SmartDrive\HrfsClient.exe w98Eject.lnk - C:\Windows\system\w98eject.exe C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dock.lnk - C:\VistaOSX09\RKLauncher.exe Dropbox.lnk - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon] C:\Windows\system32\VESWinlogon.dll [2007-02-13 98304] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{000567f1-0144-11dd-9db0-0013a9c0d80e}] shell\AutoRun\command - H:\Autorun.exe /run shell\Shell00\command - H:\Autorun.exe /run shell\Shell01\command - H:\Autorun.exe /action shell\Shell02\command - H:\Autorun.exe /uninstall [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e3d688a-65d6-11dc-b688-0013a9c0d80e}] shell\AutoRun\command - H:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{358bfab3-b648-11de-8950-9ee0322b6db0}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5702cc1e-3e9e-11df-903e-c627131a4392}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61c80495-9560-11dd-9417-000000000000}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{789c571a-7a0e-11de-b4e8-000000000000}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97833ff4-3c82-11dc-b540-0013a9c0d80e}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af20932f-3f6e-11df-bb61-8c44a89c7a92}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9c6699f-d8f5-11de-a56f-cf33e1c98270}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccc7acf7-f6b8-11dd-8f59-ce9a449fd699}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa54e3ad-747d-11dd-aa8c-000000000000}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn ======File associations====== .scr - open - "%1" /S %* ======List of files/folders created in the last 3 months====== 2010-04-23 14:25:56 ----D---- C:\rsit 2010-04-22 19:59:00 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-04-22 19:58:49 ----D---- C:\ProgramData\Malwarebytes 2010-04-22 19:58:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-04-22 19:32:25 ----D---- C:\Program Files\CCleaner 2010-04-22 15:04:47 ----D---- C:\Program Files\Alwil Software 2010-04-22 15:04:07 ----D---- C:\ProgramData\Alwil Software 2010-04-18 19:26:21 ----D---- C:\ProgramData\Sun 2010-04-18 19:25:22 ----A---- C:\Windows\system32\javaws.exe 2010-04-18 19:25:22 ----A---- C:\Windows\system32\deployJava1.dll 2010-04-18 19:25:21 ----A---- C:\Windows\system32\javaw.exe 2010-04-18 19:25:21 ----A---- C:\Windows\system32\java.exe 2010-04-18 18:59:15 ----D---- C:\ProgramData\boost_interprocess 2010-04-14 21:21:19 ----D---- C:\Program Files\FRITZ!DSL 2010-04-14 21:21:19 ----D---- C:\Program Files\Common Files\AVM 2010-04-12 19:09:12 ----D---- C:\Users\***\AppData\Roaming\Nuance 2010-04-12 19:09:10 ----D---- C:\Users\***\AppData\Roaming\FLEXnet 2010-04-12 19:07:50 ----D---- C:\ProgramData\ScanSoft 2010-04-12 19:07:14 ----D---- C:\Users\***\AppData\Roaming\Zeon 2010-04-12 19:06:28 ----D---- C:\ProgramData\Nuance 2010-04-12 19:04:45 ----D---- C:\ProgramData\zeon 2010-04-12 19:04:37 ----D---- C:\Program Files\Common Files\ScanSoft Shared 2010-04-12 19:04:34 ----D---- C:\ProgramData\FLEXnet 2010-04-12 19:04:34 ----D---- C:\Program Files\Nuance 2010-04-12 19:00:34 ----D---- C:\Program Files\Tools 2010-04-12 19:00:01 ----D---- C:\Program Files\ReadMe 2010-04-12 19:00:01 ----D---- C:\Program Files\Prerequisite 2010-04-12 19:00:01 ----D---- C:\Program Files\Docs 2010-04-12 18:29:04 ----A---- C:\Windows\cadkasdeinst01.exe 2010-03-21 23:49:29 ----D---- C:\Users\***\AppData\Roaming\DivX 2010-03-17 12:23:42 ----D---- C:\Users\***\AppData\Roaming\Dropbox 2010-03-10 15:16:45 ----D---- C:\Users\***\AppData\Roaming\EndNote 2010-03-10 15:14:25 ----D---- C:\Program Files\Common Files\Risxtd 2010-03-10 15:14:13 ----D---- C:\Program Files\Common Files\ResearchSoft 2010-03-10 15:13:12 ----D---- C:\Program Files\EndNote X3 2010-03-10 15:12:32 ----D---- C:\ProgramData\Thomson.ResearchSoft.Installers 2010-03-10 15:11:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2010-03-10 15:11:03 ----D---- C:\Program Files\Endnote 2010-03-02 22:18:59 ----D---- C:\Program Files\Common Files\PX Storage Engine 2010-03-02 22:18:33 ----D---- C:\Program Files\DivX 2010-03-02 22:18:33 ----D---- C:\Program Files\Common Files\DivX Shared 2010-02-26 17:54:33 ----D---- C:\Windows\{665DADBF-390D-4C50-98A6-88C7B2690B3E} 2010-02-18 17:54:36 ----D---- C:\Users\***\AppData\Roaming\T-Online ======List of files/folders modified in the last 3 months====== 2010-04-23 14:26:20 ----AD---- C:\ProgramData\TEMP 2010-04-23 14:22:22 ----D---- C:\Windows\Temp 2010-04-23 14:08:00 ----A---- C:\Windows\Brownie.ini 2010-04-23 14:06:54 ----D---- C:\Windows\system32\drivers 2010-04-23 14:05:00 ----D---- C:\Windows\Resources 2010-04-23 14:00:54 ----RD---- C:\Program Files 2010-04-23 14:00:53 ----D---- C:\Windows\System32 2010-04-23 10:40:30 ----D---- C:\Windows\inf 2010-04-23 10:40:30 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-04-23 09:45:51 ----D---- C:\Windows 2010-04-22 19:59:09 ----D---- C:\Windows\Prefetch 2010-04-22 19:58:49 ----HD---- C:\ProgramData 2010-04-22 19:51:45 ----D---- C:\Windows\Minidump 2010-04-22 19:51:45 ----D---- C:\Windows\Debug 2010-04-22 15:51:58 ----D---- C:\Program Files\Avast 2010-04-22 15:06:01 ----SHD---- C:\Windows\Installer 2010-04-22 15:05:59 ----D---- C:\Windows\winsxs 2010-04-22 15:04:42 ----SHD---- C:\System Volume Information 2010-04-22 14:41:25 ----D---- C:\Windows\system32\Tasks 2010-04-20 22:32:24 ----D---- C:\Users\***\AppData\Roaming\Canon 2010-04-19 18:30:50 ----A---- C:\Windows\BRWMARK.INI 2010-04-18 19:26:19 ----D---- C:\Program Files\Common Files\Java 2010-04-18 19:24:42 ----D---- C:\Program Files\Java 2010-04-18 18:58:31 ----D---- C:\Program Files\humyo.de SmartDrive 2010-04-18 18:51:10 ----A---- C:\Windows\ricdb.ini 2010-04-14 21:21:19 ----D---- C:\Program Files\Common Files 2010-04-14 21:21:13 ----D---- C:\Windows\system32\catroot2 2010-04-14 18:47:03 ----A---- C:\Windows\system32\aswBoot.exe 2010-04-12 18:51:25 ----D---- C:\Users\***\AppData\Roaming\kikin 2010-04-09 07:36:27 ----D---- C:\Program Files\Mozilla Firefox 2010-04-08 07:02:57 ----D---- C:\Windows\system32\Samsung_USB_Drivers 2010-04-07 08:21:20 ----D---- C:\Users\***\AppData\Roaming\Skype 2010-04-07 08:00:04 ----D---- C:\Users\***\AppData\Roaming\skypePM 2010-04-07 06:52:07 ----HD---- C:\Program Files\InstallShield Installation Information 2010-04-07 06:51:24 ----D---- C:\Windows\system32\catroot 2010-04-01 04:42:58 ----D---- C:\Windows\system32\LogFiles 2010-03-31 14:18:56 ----A---- C:\Windows\system32\hrfsnp.dll 2010-03-23 00:01:42 ----D---- C:\Program Files\kikin 2010-03-12 01:09:24 ----SD---- C:\Users\***\AppData\Roaming\Microsoft 2010-03-09 14:37:25 ----D---- C:\ProgramData\maxdome 2010-02-23 01:36:04 ----D---- C:\Program Files\ICQ6.5 2010-02-21 18:05:21 ----A---- C:\Windows\PHLASH.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-04-14 23376] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-04-14 162768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-04-14 46672] R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2006-10-18 10216] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2006-11-17 387432] R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070809.002\IDSvix86.sys [2007-06-07 212280] R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-02-01 25400] R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632] R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-04-14 19024] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-04-14 51792] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-01-10 12672] R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-10 8192] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-01-12 140800] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 hrfsmrx;hrfsmrx; C:\Windows\System32\Drivers\hrfsmrx.sys [2010-03-31 144368] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-01-10 986624] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-01-10 206848] R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-21 2222080] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-05-11 7115072] R3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2007-03-15 74240] R3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2007-03-15 43904] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192] R3 SNC;Sony Firmware Extension Parser Device; C:\Windows\System32\Drivers\SonyNC.sys [2007-02-06 27520] R3 SonyImgF;Sony Image Conversion Filter Driver; C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 31104] R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-13 330240] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-05-14 109744] R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-04-23 812544] R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600] R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016] R3 WDMWANMP;NDIS WAN miniport; C:\Windows\system32\DRIVERS\wdmwanmp.sys [2003-01-13 26435] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-01-10 659968] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-02-08 195584] S3 BIPAC_u;ISDN USB CAPI; C:\Windows\system32\DRIVERS\BIPAC_u.sys [2003-04-19 732416] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070812.007\NAVENG.SYS [2007-07-23 81232] S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070812.007\NAVEX15.SYS [2007-07-23 865904] S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760] S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\Windows\system32\DRIVERS\wg111v2.sys [2007-02-06 206336] S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-12-12 407640] S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-02-01 247608] S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-02-01 276792] S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-01-12 113792] S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480] S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-01-24 73728] S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612] S3 tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-01-12 40576] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384] R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-17 107624] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-17 107624] R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-17 107624] R2 IGDCTRL;AVM IGD CTRL Service; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344] R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712] R2 PDFProFiltSrv;PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-07-27 134944] R2 SCM_Service;SCM_Service; C:\Windows\System32\WinService.exe [2007-03-29 180224] R2 SQLBrowser;SQL Server-Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904] R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\stacsv.exe [2007-09-13 102400] R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2006-11-17 46736] R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-08-24 185640] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 118784] R2 VAIO Event Service;VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [2007-02-13 182392] R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2006-11-28 172032] R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2006-11-28 135168] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-10 386560] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384] R3 humyo.com;humyo.com; C:\Program Files\humyo.de SmartDrive\hrfscore.exe [2010-03-31 3141616] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2006-11-28 274432] S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2006-11-17 49296] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 ISPwdSvc;Symantec IS Kennwortprüfung; C:\Program Files\Norton Internet Security\isPwdSvc.exe [2006-11-17 80552] S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe [2006-12-14 45056] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-02-21 800040] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe [2006-12-14 57344] S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe [2007-01-24 112184] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe [2006-12-14 69632] S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe [2007-01-24 75320] S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-05-14 1174152] S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2007-01-10 73728] S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe [2007-01-16 2523136] S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312] S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536] S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2007-01-08 491520] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection; C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP); C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP); C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408] -----------------EOF----------------- |
|
23.04.2010, 14:04
| #2 |
| |  Trojaner in System32Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2010-04-23 14:26:39
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->Dummy
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55B781F0-060E-11D4-99D7-00C04FCCB775}\Setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C183A21C-395A-490F-99D4-CCAB35E32859}\Setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x7 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x7 /cont -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x7 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x7 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x7 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x7 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x7 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x7 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x7 -removeonly
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001}
Alps Pointing-device for VAIO-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Anki-->"C:\Program Files\Anki\uninstall.exe"
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoBase 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}\setup.exe" -l0x9 -uninst
ArcSoft PhotoStudio 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x9 -uninst
AS Lernen-->MsiExec.exe /I{1686816B-367A-4EA6-9C20-F694A5511C13}
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
AVM FRITZ!DSL-->MsiExec.exe /X{2457326B-C110-40C3-89B0-889CC913871A}
Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}\setup.exe" -l0x7 -removeonly
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Brother HL-2140-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{38ADCC8D-2D58-4D45-9E75-C5638100B899}\setup.exe" -l0x7 -removeonly /uninst
Browser Address Error Redirector-->regsvr32 /u /s "C:\PROGRA~1\GOOGLE~1\BAE.dll"
Canon Inkjet Printer Driver Add-On Module-->C:\Program Files\Common Files\Canon\IJ\InboxPrnV100\SETUP.EXE -R
CanoScan LiDE20,30 Manual-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}\setup.exe" -l0x9
CanoScan Toolbox Ver4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x7 anything
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Citavi 2.5-->C:\Program Files\Citavi\Deinstallieren.exe
Click to DVD 2.0.05 Menu Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x7 -removeonly
Click to DVD 2.6.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x7 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DSD Direct-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}\setup.exe" -l0x7 -removeonly
DSD Playback Plug-in-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{009E7FB7-1775-4D89-8956-F5C9A1C019FC}\setup.exe" -l0x7 -removeonly
EndNote X3-->MsiExec.exe /I{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}
freenet.de Zugangssoftware-->C:\freenet\SXUNINST.EXE
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x7 -removeonly
HijackThis 2.0.2-->"C:\Users\Angelika\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
humyo SmartDrive-->"C:\Program Files\humyo.de SmartDrive\unins000.exe"
i.Beat organix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82108DD2-3377-4A1D-9F2E-8F087E128AA0}\setup.exe" -l0x7
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07D8511D-C9FE-4A93-933F-EAA5C8F20095}\setup.exe" -l0x7 -remove -removeonly
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
kikin Plugin (NO23 Edition) 2.0-->C:\Program Files\kikin\uninst.exe
Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
maxdome - Online Videothek Version 3.1.0-->"C:\Program Files\maxdome\maxdome - Online Videothek\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{7FB12670-0F93-4E1E-B2F5-4F339199A03A}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{849A32C3-E75A-4791-9B11-E568BA3525A4}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}
Mindjet MindManager 8-->MsiExec.exe /I{1864FD5B-56B2-4EC4-9301-FB26909EC0A8}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero BackItUp 2 Essentials-->MsiExec.exe /X{DF9F9A90-CEFD-4808-815F-E16932271031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
No23 Recorder-->MsiExec.exe /X{22B0E143-2B0B-435B-9F56-136A3D16065F}
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
n-tv plus-->MsiExec.exe /X{04FDCC5E-4B50-4A08-804D-D82DDFB1589F}
Nuance PDF Professional 6-->MsiExec.exe /X{753815D6-20EF-405E-9A3B-C1CB5B05D299}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenMG Limited Patch 4.7-07-13-24-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-13-24-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
Pegasus Imaging PICVideo Motion JPEG 3.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{37FF74E1-843A-4431-AA07-E73E2B847CA4}
Picture Package Music Transfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x7 -removeonly
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PrimoPDF-->"C:\Windows\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
R for Windows 2.9.2-->"C:\Program Files\R\R-2.9.2\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
ResearchSoft Direct Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
Roxio Easy Media Creator Home-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0007 -removeonly
Samsung Samples Installer-->"C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -runfromtemp -l0x0007 -removeonly
Schreibmaschinenkurs 3.5 Shareware-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{661E5E8A-C9AF-4815-8996-C2A809196864}\setup.exe" -l0x7
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Setting Utility Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59452470-A902-477F-9338-9B88101681BD}\setup.exe" -l0x7 UNINSTALL -removeonly
Shape Collage-->C:\Program Files\Shape Collage\uninstall.exe
Sibelius Scorch (Firefox, Opera, Netscape only)-->MsiExec.exe /I{5F4B558D-8AEB-4DEE-AAB3-C00D1D9A86BA}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SonicStage 4.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x7 UNINSTALL -removeonly
SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}\setup.exe" -l0x7 -removeonly
SonicStage Mastering Studio Plug-Ins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}\setup.exe" -l0x7 -removeonly
SonicStage Mastering Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6332AFF1-9D9A-429C-AA03-F82749FA4F49}\setup.exe" -l0x7 -removeonly
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x7 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x7 UNINSTALL -removeonly
Sony Utilities DLL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9 -removeonly
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x7 -removeonly
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
The Anonymous Mailer-->C:\Windows\unin0407.exe -f"c:\program files\anonymous mailer\DeIsL1.isu" -c"c:\program files\anonymous mailer\_ISREG32.DLL"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VAIO Aqua Breeze Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97BCD719-6ECB-458F-97D6-F38D2E07375E}\setup.exe" -l0x9 -removeonly
VAIO AV Mode Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{428A6DA3-FD56-44AE-B602-15DCCD6A7515}\setup.exe" -l0x7 -removeonly
VAIO Camera Capture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D2576EC-A0E9-418A-A09A-409933A3B6F4}\setup.exe" -l0x7 -removeonly
VAIO Camera Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1417F599-1DBD-4499-9375-B2813E9F890C}\setup.exe" -l0x7 -removeonly
VAIO Content Importer / VAIO Content Exporter-->C:\Program Files\InstallShield Installation Information\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}\setup.exe -runfromtemp -l0x0007 -removeonly
VAIO Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC37C108-821D-4EDE-8F40-D5B497586805}\setup.exe" -l0x7 -removeonly
VAIO Cozy Orange Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}\setup.exe" -l0x9 -removeonly
VAIO Data Restore Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\setup.exe" -l0x7 -removeonly
VAIO Entertainment Platform-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe" -l0x7 -removeonly
VAIO Event Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x7 -removeonly
VAIO Hardware Diagnostics-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A947C2B3-7445-42C4-9063-EE704CACCB22}\Setup.exe" -l0x7
VAIO Media 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x7 UNINSTALL
VAIO Media Content Collection 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500162A0-4DD5-460A-BAFD-895AAE48C532}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media Integrated Server 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media Redistribution 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media Registration Tool 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Original Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\Setup.exe" -l0x7
VAIO Photo 2007-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}\setup.exe" -l0x9 -removeonly
VAIO Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E319E96-ED8E-4B01-9775-C521A1869A25}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Tender Green Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934A3213-1CB6-4264-84A2-EE080C017BCA}\setup.exe" -l0x9 -removeonly
VAIO Update 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x7 -removeonly
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live installer-->MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live Mail-->MsiExec.exe /I{82F2B38B-1426-443D-874C-AC25675E7BEB}
Windows Live Messenger-->MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
WinDVD for VAIO-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0407
WinSCP 4.1.9-->"C:\Program Files\WinSCP\unins000.exe"
Wireless Switch Setting Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\setup.exe" -l0x7 -removeonly
======Security center information======
AV: Norton Internet Security
FW: Norton Internet Security (disabled)
AS: Windows-Defender
AS: Norton Internet Security (outdated)
======System event log======
Computer Name: ***-PC
Event Code: 7036
Message: Dienst "KtmRm für Distributed Transaction Coordinator" befindet sich jetzt im Status "Ausgeführt".
Record Number: 470877
Source Name: Service Control Manager
Time Written: 20100423121001.000000-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 7036
Message: Dienst "TPM-Basisdienste" befindet sich jetzt im Status "Beendet".
Record Number: 470878
Source Name: Service Control Manager
Time Written: 20100423121001.000000-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 14204
Message: Dienst "WMPNetworkSvc" wurde gestartet.
Record Number: 470879
Source Name: Microsoft-Windows-WMPNSS-Service
Time Written: 20100423121002.000000-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 7036
Message: Dienst "Windows Media Player-Netzwerkfreigabedienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 470880
Source Name: Service Control Manager
Time Written: 20100423121002.000000-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 537
Message: Auf diesem Computer konnte kein kompatibles TPM-Sicherheitsgerät (Trusted Platform Module) gefunden werden. TBS konnte nicht gestartet werden.
Record Number: 470881
Source Name: Microsoft-Windows-TBS
Time Written: 20100423121001.250340-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST
=====Application event log=====
Computer Name: ***-PC
Event Code: 15457
Message: Die Konfigurationsoption 'max server memory (MB)' wurde von 255 in 255 geändert. Führen Sie zum Installieren die RECONFIGURE-Anweisung aus.
Record Number: 162781
Source Name: MSSQL$VAIO_VEDB
Time Written: 20100423120742.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: ***-PC
Event Code: 1
Message: Der Dienst wurde gestartet.
Record Number: 162782
Source Name: VzCdbSvc
Time Written: 20100423120742.000000-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 1
Message: Der Dienst wurde gestartet.
Record Number: 162783
Source Name: VzFw
Time Written: 20100423120742.000000-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 0
Message:
Record Number: 162784
Source Name: NMIndexingService
Time Written: 20100423120806.000000-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 0
Message:
Record Number: 162785
Source Name: humyo.com
Time Written: 20100423120824.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: ***-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 108595
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100423122624.814740-000
Event Type: Überwachung gescheitert
User:
Computer Name: ***-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 108596
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100423122624.933740-000
Event Type: Überwachung gescheitert
User:
Computer Name: ***-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 108597
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100423122625.054740-000
Event Type: Überwachung gescheitert
User:
Computer Name: ***-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 108598
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100423122625.165740-000
Event Type: Überwachung gescheitert
User:
Computer Name: ***-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 108599
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100423122625.303740-000
Event Type: Überwachung gescheitert
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
-----------------EOF-----------------
Ich wäre wirklich sehr, sehr, sehr dankbar, wenn mir jemand auf diesem Wege bei meinem Problem helfen könnte. DANKE! |
|
23.04.2010, 19:09
| #3 | |
 | Trojaner in System32 Der Kopf von Malwarebytes-Log fehlt. Poste in Zukunft nur vollständige Logs.
__________________Alle Progs mit Rechtsklick "Als Administrator ausführen" starten. 1.http://www.trojaner-board.de/51187-a...i-malware.html (Quick Scan) Denk daran die evt. Funde zu entfernen (s. Anleitung). Log posten. 2. http://www.trojaner-board.de/74908-a...t-scanner.html Log posten. 3. Hol dir OTL Starte OTL Kopiere unten in das Skript-Feld rein: Zitat:
Schließe alle anderen Programme. Klicke auf Quick Scan. Poste die beiden Logs - OTL.txt und Extras.txt (werden im gleichen Verzeichnis erstellt, in dem OTL ausgeführt wurde). Allerdings: Du hattest/hast Bifrose auf dem Rechner. Neuaufsetzen mit anschließendem Ändern aller Passwörter (e-mail, e-bay usw) wäre hier die sicherste Vorgehensweise. |
|
28.04.2010, 10:44
| #4 |
| | Trojaner in System32 Hallo Sion, Erst einmal vielen, vielen Dank für die schnelle und ausführliche Antwort! Leider komme ich erst jetzt dazu, mich wieder damit zu beschäftigen. Zunächst mein Malwarebytes' Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 4023
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
23.04.2010 20:25:50
mbam-log-2010-04-23 (20-25-50).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 106910
Laufzeit: 5 Minute(n), 54 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Unerwartetes Herunterfahren
Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.0.6001.2.1.0.768.3
Gebietsschema-ID: 1031
Zusatzinformationen zum Problem:
BCCode: 50
BCP1: D5979040
BCP2: 00000000
BCP3: A145ED3D
BCP4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1
Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\Mini042310-01.dmp
C:\Users\***\AppData\Local\Temp\WER-608201-0.sysdata.xml
C:\Users\***\AppData\Local\Temp\WER8DEC.tmp.version.txt
1. "Extras.txt" Code:
ATTFilter OTL Extras logfile created on: 24.04.2010 15:26:22 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 77,20 Gb Total Space | 19,70 Gb Free Space | 25,52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 62,07 Gb Total Space | 7,54 Gb Free Space | 12,14% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = scrfile] -- "%1" /S "%3"
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S "%3"
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08ED7000-8B44-46C5-B8BB-54798ADAFF28}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0E7FAEF1-B2C6-4FE2-993E-D45A85580BBB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{16328C51-B613-421B-8F1B-9CBB2B3C175A}" = lport=2274 | protocol=6 | dir=in | name=rdxbg |
"{4CD4E23C-F9D1-4D79-B7F3-D52AC0312C39}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7CFF2BF1-181F-426E-8AA7-9CAD60FA5EA5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8679C320-12F4-4480-9A88-5322AEB184DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D22D1F1-8DB1-4975-936B-657234336792}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8D867A04-3114-4EED-A7DA-1BA4643DA977}" = lport=80 | protocol=6 | dir=in | name=uni |
"{9226379E-15B7-4936-9C12-A8F7DE015416}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9DCB7945-D98B-4F37-B636-9F1426E506C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD6A385E-1D0C-427A-9222-495A688E16BE}" = lport=2274 | protocol=6 | dir=in | name=rdxbg |
"{CCFFC466-DB6E-4607-A645-841AE9150EB8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE47676A-6381-4588-AC70-F54C04BF9E89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3DEE5B9-848B-4915-B3A0-F21786D2910F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FA624009-7E81-46A2-A07D-8D5886EA84F1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB031A48-8B3C-4200-B5A1-D58EECC57063}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064CB368-95D3-41E3-A44B-D9CCFCB19158}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{0917C4AC-5409-441E-8EEA-D590DD57C26F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0AE274DF-B174-4F18-89F2-455F38C9EBC0}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{0D89C171-88D2-4243-B249-623162E67430}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{17B1ED26-318C-46F0-9ACD-15286115FF37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1A48ACAE-6A81-47DA-B664-4289746C097E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2234AF00-2E3B-4D86-A489-FF93ADA07D01}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{2649BDBC-EA1B-40D9-AF68-B5B645062EF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3134E31E-9975-42D9-9CE9-2919FFEADBC1}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{328E0A2D-9E70-4067-9105-C4274E33BB55}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{423477D6-0A13-46CF-84B1-1FD5981DB28F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48AEA22A-D3B3-44A0-81ED-D8D2008AA1DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50CD381A-93C9-4F51-A040-F79CE34B8451}" = protocol=17 | dir=in | app=c:\program files\humyo.de smartdrive\unins000.exe |
"{55996F04-DA73-491B-80D6-5700FFD76628}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{57A7360B-0F25-4310-BDAD-0B0E8334F93B}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{5839F773-2737-49CE-94B8-5FC221A552C4}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{58F725AB-C927-4C15-BD80-52DAFEE00C5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B3A9718-A475-49E3-9C55-D7CF29731171}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{5DA7920E-4001-419E-AE69-3A97A2E95A9A}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{5E97DE0E-00AC-4336-922E-223A793D7DF3}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{63E92C31-81F3-44E3-AEE4-6EF059E00F5F}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{66E4C544-19FA-4C04-9D8C-0FE180091233}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{6F243377-9CF4-4EAD-A2D5-1BE17845747E}" = protocol=6 | dir=out | app=system |
"{838F44FC-0CA6-44EC-8978-580C596F476D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83BBEA79-E8FF-49EE-A410-366EE20C9BB0}" = protocol=17 | dir=in | app=c:\program files\humyo.de smartdrive\hrfsclient.exe |
"{867F8271-6A5F-480C-8921-699E4A5A3082}" = protocol=6 | dir=in | app=c:\program files\humyo.de smartdrive\unins000.exe |
"{87DF80D6-46FF-4EE2-96D2-5D2A69C8CA80}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{98568EE0-37B9-4AA5-A635-89A8BAE44102}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{9F0D4954-4CE7-42B7-8330-BFB173C91329}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A345D94A-5867-46DD-8666-59F9D5F37C3D}" = protocol=6 | dir=in | app=c:\program files\humyo.de smartdrive\hrfsclient.exe |
"{B030B0F6-02A9-43F0-849F-2ED5C4044199}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{C8A22676-FA29-464E-9D32-DBEEB6EE80D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC597697-45A2-42F5-B046-9A68F7B23513}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D0E4209C-6883-4924-807F-8CC404836A3B}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{D4BA67CD-529A-43EB-9620-4723AFBBC91E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6B2A92B-B94D-4DD0-9326-38E1F88F0835}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEA30E13-94A1-4250-BAD0-080DD10EDA42}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DEEA62A0-D775-448E-B283-40677A0587BF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC5B9882-E486-41B7-897A-ED0F18E669E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F1D5CE91-22E6-4636-BF91-BA56E5322CCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6F739B5-DB3A-4307-A8E7-0CCBAE5C8427}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"TCP Query User{16263C58-CB40-4142-ADEF-D19ADB742CE3}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{41C4850E-7E7F-4B95-94F8-AA01BB549DB6}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{430F32D2-6E06-4A44-A99F-CE57595550CA}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{43C3D580-1CCF-4641-BC75-FAACEDAD7C67}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{7C1DF8DA-E90A-4120-8DAD-2754437DBC3D}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{BA5A077A-BDE7-4188-AE37-9C9E6A3AA04F}C:\program files\emule.de 0.48a v18\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule.de 0.48a v18\emule.exe |
"TCP Query User{BB1BE0D8-C6BF-4081-A4A7-C8310FA62E9F}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{CF242299-02C5-4757-A790-022F9A9777E5}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{FC4F6EE4-9F3E-4799-A8AF-24B329357BAD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{FD2E52B5-6666-469D-A449-47FFB996694F}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{1095B565-C537-4D08-817C-9F5B34DB110D}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{122ED112-F615-4A65-ACBB-26A60FFA5274}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{24873694-778B-4F85-8E7D-4209BF5CF504}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{3C505759-8899-432F-9C30-B399F71CC18F}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{7EB9DB37-7DFC-42B3-B4D1-44303BC3FC5D}C:\program files\emule.de 0.48a v18\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule.de 0.48a v18\emule.exe |
"UDP Query User{87738BB9-5E9E-495A-8C09-C73D49981CBF}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{9A1837E0-4F04-458A-AA2C-3C8DB744934C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9DC8F32B-D358-4264-9D27-DEC8F3958104}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{C58B3E26-BBC6-41B1-B56F-8F975870EA40}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{E377F2D6-A05A-464E-A54C-C93913A59B19}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{04FDCC5E-4B50-4A08-804D-D82DDFB1589F}" = n-tv plus
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{0AAE6279-45D3-4E87-A8C5-0E6F29BC2C32}" = VAIO Content Importer VAIO Content Exporter
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{1686816B-367A-4EA6-9C20-F694A5511C13}" = AS Lernen
"{1864FD5B-56B2-4EC4-9301-FB26909EC0A8}" = Mindjet MindManager 8
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{37FF74E1-843A-4431-AA07-E73E2B847CA4}" = Pegasus Imaging PICVideo Motion JPEG 3.0
"{38ADCC8D-2D58-4D45-9E75-C5638100B899}" = Brother HL-2140
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428A6DA3-FD56-44AE-B602-15DCCD6A7515}" = VAIO AV Mode Launcher
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" =
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" =
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4B558D-8AEB-4DEE-AAB3-C00D1D9A86BA}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{661E5E8A-C9AF-4815-8996-C2A809196864}" = Schreibmaschinenkurs 3.5 Shareware
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{753815D6-20EF-405E-9A3B-C1CB5B05D299}" = Nuance PDF Professional 6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{82108DD2-3377-4A1D-9F2E-8F087E128AA0}" = i.Beat organix
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plug-Ins
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{C183A21C-395A-490F-99D4-CCAB35E32859}" =
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D3EC9E5A-27BA-4834-828E-5D7A77CDE964}" = Samsung PC Studio 3
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{DF9F9A90-CEFD-4808-815F-E16932271031}" = Nero BackItUp 2 Essentials
"{E2C89ACC-BE86-4335-8A3E-418220DD132D}" = Symantec Real Time Storage Protection Component
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin Plugin (NO23 Edition) 2.0
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Anki" = Anki
"avast5" = avast! Free Antivirus
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"Citavi" = Citavi 2.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"freenet.de Zugangssoftware" = freenet.de Zugangssoftware
"HFRS_is1" = humyo SmartDrive
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{37FF74E1-843A-4431-AA07-E73E2B847CA4}" = Pegasus Imaging PICVideo Motion JPEG 3.0
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-13-24-01
"PrimoPDF4.1.0.9" = PrimoPDF
"R for Windows 2.9.2_is1" = R for Windows 2.9.2
"RealPlayer 12.0" = RealPlayer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"ShapeCollage" = Shape Collage
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"TeamViewer 4" = TeamViewer 4
"The Anonymous Mailer" = The Anonymous Mailer
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinRAR archiver" = Archiveur WinRAR
"winscp3_is1" = WinSCP 4.1.9
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 18.04.2010 13:07:58 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
Error - 19.04.2010 04:10:35 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
Error - 19.04.2010 04:10:35 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
Error - 19.04.2010 17:52:21 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
Error - 19.04.2010 17:52:22 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
Error - 20.04.2010 07:17:14 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
Error - 20.04.2010 07:17:14 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
Error - 21.04.2010 04:06:14 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
Error - 21.04.2010 04:06:14 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
Error - 22.04.2010 03:35:36 | Computer Name = ***-PC | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 24.04.2010 08:16:29 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.04.2010 08:16:29 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.04.2010 08:16:34 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.04.2010 08:16:34 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.04.2010 08:16:49 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.04.2010 08:16:49 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.04.2010 08:16:50 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.04.2010 08:16:50 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.04.2010 08:16:52 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.04.2010 08:16:52 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
[ Media Center Events ]
Error - 03.11.2009 12:41:20 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 04.11.2009 19:23:55 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 30.11.2009 06:06:33 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 30.11.2009 09:42:36 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 06.01.2010 17:14:34 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide
Error - 21.03.2010 20:34:14 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 22.04.2010 13:31:10 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ OSession Events ]
Error - 14.07.2008 11:07:47 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.04.2009 18:48:19 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 160
seconds with 60 seconds of active time. This session ended with a crash.
Error - 28.09.2009 16:54:17 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 536
seconds with 480 seconds of active time. This session ended with a crash.
Error - 29.10.2009 20:54:14 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 9403 seconds with 6120 seconds of active time. This session ended with a
crash.
Error - 23.11.2009 09:34:15 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 60353
seconds with 4620 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 23.04.2010 10:35:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.04.2010 10:35:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 23.04.2010 15:17:11 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 23.04.2010 um 21:15:21 unerwartet heruntergefahren.
Error - 23.04.2010 15:18:18 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 23.04.2010 15:18:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.04.2010 15:18:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 23.04.2010 17:13:17 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 23.04.2010 um 21:32:03 unerwartet heruntergefahren.
Error - 23.04.2010 17:13:43 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 23.04.2010 17:14:23 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.04.2010 17:14:23 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description =
< End of report >
|
|
28.04.2010, 12:37
| #5 |
| | Trojaner in System32 Leider bekomme ich folgende Fehlermeldung, wenn ich versuche, "OTL.txt" zu posten (habe aber die max. Länge von Einträgen eingehalten): Fatal error: Maximum execution time of 30 seconds exceeded in /www/htdocs/tbcom/includes/functions.php on line 1838 Ich werde es später noch einmal versuchen. |
|
28.04.2010, 12:48
| #6 |
| | Trojaner in System32 2. "OTL.txt" Code:
ATTFilter OTL logfile created on: 24.04.2010 15:26:22 - Run 1 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 77,20 Gb Total Space | 19,70 Gb Free Space | 25,52% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 62,07 Gb Total Space | 7,54 Gb Free Space | 12,14% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.04.24 15:24:47 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2010.04.14 18:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010.03.31 14:18:48 | 003,141,616 | ---- | M] (humyo.com Ltd.) -- C:\Program Files\humyo.de SmartDrive\hrfscore.exe PRC - [2010.01.07 13:04:47 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009.10.03 00:34:42 | 000,015,216 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe PRC - [2009.08.24 16:51:46 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe PRC - [2009.08.06 18:01:14 | 001,368,064 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe PRC - [2009.07.27 02:15:46 | 000,050,976 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 6\NuanceWDS.exe PRC - [2009.07.27 02:15:30 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe PRC - [2009.03.03 04:38:13 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe PRC - [2008.12.08 03:54:14 | 000,037,656 | ---- | M] (Mindjet) -- C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.08.04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2008.02.21 16:41:10 | 001,647,912 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe PRC - [2008.01.22 17:23:04 | 000,550,752 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe PRC - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE PRC - [2007.07.31 20:37:34 | 000,815,104 | ---- | M] (brother) -- C:\Program Files\Brownie\BrStsWnd.exe PRC - [2007.07.23 18:45:48 | 000,090,112 | ---- | M] (brother) -- C:\Program Files\Brownie\brpjp04a.exe PRC - [2007.06.27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007.06.27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2007.06.15 13:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe PRC - [2007.05.16 20:07:16 | 000,411,768 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe PRC - [2007.03.29 18:42:44 | 000,180,224 | ---- | M] () -- C:\Windows\System32\WinService.exe PRC - [2007.03.16 22:05:20 | 000,708,608 | ---- | M] (RaduKing) -- C:\VistaOSX09\RKLauncher.exe PRC - [2007.02.13 15:19:48 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe PRC - [2007.02.13 15:19:48 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe PRC - [2007.02.09 10:54:42 | 000,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe PRC - [2007.02.02 21:38:14 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2007.02.02 20:28:06 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe PRC - [2007.02.02 14:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007.01.22 20:39:32 | 000,321,656 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\ISB Utility\ISBMgr.exe PRC - [2007.01.12 22:41:40 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2007.01.12 07:52:26 | 000,180,224 | ---- | M] (ALPS) -- C:\Program Files\Apoint\Apvfb.exe PRC - [2007.01.12 07:52:25 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe PRC - [2007.01.12 07:52:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe PRC - [2007.01.12 07:52:23 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.11.28 19:27:46 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2006.11.28 19:09:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe PRC - [2006.11.28 19:09:46 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2006.11.17 04:08:00 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2006.11.17 04:07:00 | 000,046,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe PRC - [2006.10.27 20:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe PRC - [2006.04.26 03:37:00 | 000,061,440 | ---- | M] (Sigmatel) -- C:\Windows\system\w98eject.exe PRC - [2006.01.23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe ========== Modules (SafeList) ========== MOD - [2010.04.24 15:24:47 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2008.01.19 09:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll MOD - [2006.09.07 06:58:56 | 000,057,344 | ---- | M] (RaduKing) -- C:\VistaOSX09\RKLauncher.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (gusvc) SRV - File not found [Auto | Stopped] -- -- (guobzea) SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010.03.31 14:18:48 | 003,141,616 | ---- | M] (humyo.com Ltd.) [On_Demand | Running] -- C:\Program Files\humyo.de SmartDrive\hrfscore.exe -- (humyo.com) SRV - [2009.08.24 16:51:46 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - [2009.07.27 02:15:30 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe -- (PDFProFiltSrv) SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$VAIO_VEDB) SQL Server (VAIO_VEDB) SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2007.10.25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2007.10.18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc) SRV - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2007.05.14 16:25:52 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2007.03.29 18:42:44 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WinService.exe -- (SCM_Service) SRV - [2007.02.13 15:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.02.02 14:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007.01.24 16:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007.01.24 16:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2007.01.16 14:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2007.01.16 14:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) SRV - [2007.01.16 14:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) SRV - [2007.01.10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2007.01.10 10:43:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2007.01.08 17:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) SRV - [2007.01.08 17:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) SRV - [2007.01.08 17:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006.11.28 19:27:46 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2006.11.28 19:09:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw) SRV - [2006.11.28 19:09:46 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2006.11.17 04:08:00 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2006.11.17 04:08:00 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2006.11.17 04:08:00 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2006.11.17 04:07:00 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore) SRV - [2006.11.17 04:06:00 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2006.11.17 04:05:00 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010.04.14 18:31:23 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010.03.31 14:18:52 | 000,144,368 | ---- | M] (humyo.com Ltd.) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\hrfsmrx.sys -- (hrfsmrx) DRV - [2007.09.13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.07.23 10:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070812.007\NAVEX15.SYS -- (NAVEX15) DRV - [2007.07.23 10:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070812.007\NAVENG.SYS -- (NAVENG) DRV - [2007.06.21 05:51:28 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.06.07 10:24:04 | 000,212,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070809.002\IDSvix86.sys -- (IDSvix86) DRV - [2007.05.14 16:28:16 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2007.05.11 22:57:00 | 007,115,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.04.23 14:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.04.05 03:03:44 | 000,031,104 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyImgF.sys -- (SonyImgF) DRV - [2007.03.15 21:19:32 | 000,074,240 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86) DRV - [2007.03.15 21:19:32 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86) DRV - [2007.02.28 05:26:30 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor) DRV - [2007.02.08 05:10:48 | 000,195,584 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh) DRV - [2007.02.06 22:20:44 | 000,206,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTL8187) DRV - [2007.02.06 07:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC) DRV - [2007.02.01 04:36:14 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2007.02.01 04:36:14 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007.02.01 04:36:13 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2007.01.24 14:57:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007.01.18 12:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\scmndisp.sys -- (SCMNdisP) DRV - [2007.01.12 21:41:32 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007.01.12 21:16:54 | 000,040,576 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb) DRV - [2007.01.12 07:52:24 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.01.10 13:09:12 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.01.10 13:09:11 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2007.01.10 13:09:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2007.01.10 13:09:08 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2006.12.12 01:56:28 | 000,407,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2006.11.20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006.11.17 04:08:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.10.18 11:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2006.10.10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.08.01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005.01.06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2003.04.19 11:14:48 | 000,732,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BIPAC_u.sys -- (BIPAC_u) DRV - [2003.01.13 18:41:58 | 000,026,435 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdmwanmp.sys -- (WDMWANMP) ========== Standard Registry (SafeList) ========== |
|
28.04.2010, 12:52
| #7 |
| | Trojaner in System32 So, jetzt hat es geklappt. Hier die Fortsetzung: Code:
ATTFilter ========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.zu-taten.de/"
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: hrfsdownloader@hrfs.com:2.1.1.0
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.3.1
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.5
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.2
FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.0a3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: nuance@pdf6:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.15 22:25:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.18 19:25:23 | 000,000,000 | ---D | M]
[2009.04.28 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.04.28 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010.04.24 14:00:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bexdf75g.default\extensions
[2009.09.08 15:06:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bexdf75g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.07 20:20:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bexdf75g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.11.28 21:00:49 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bexdf75g.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010.01.18 19:18:38 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bexdf75g.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2010.01.22 12:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bexdf75g.default\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2010.03.23 00:01:43 | 000,000,000 | ---D | M] (kikin plugin (NO23 Edition)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bexdf75g.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.03.23 14:22:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bexdf75g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.01.08 14:57:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bexdf75g.default\extensions\Foxdie@tanjihay.com
[2010.01.08 14:57:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bexdf75g.default\extensions\foxdie_ext_ocelot@foxdie.us
[2009.11.28 18:08:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bexdf75g.default\extensions\FoxdieGraphite@tanjihay.com
[2010.03.14 20:56:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bexdf75g.default\extensions\zotero@chnm.gmu.edu
[2010.01.03 18:12:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bexdf75g.default\extensions\zoteroWinWordIntegration@zotero.org
[2009.09.30 15:43:16 | 000,002,443 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\bexdf75g.default\searchplugins\google-scholar.xml
[2010.04.24 01:12:26 | 000,001,595 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\bexdf75g.default\searchplugins\ixquick---deutsch.xml
[2010.04.24 14:00:06 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007.09.23 17:58:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.07.08 19:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2010.04.18 19:25:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009.11.18 15:36:58 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\hrfsdownloader@hrfs.com
[2008.09.04 17:23:59 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2006.05.06 18:42:04 | 007,260,160 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libvlc.dll
[2010.04.18 19:24:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.06.30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2006.05.06 18:42:04 | 000,478,720 | ---- | M] (VideoLAN Team) -- C:\Program Files\mozilla firefox\plugins\npvlc.dll
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2008.09.10 14:49:14 | 005,817,064 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2010.03.13 12:49:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.13 12:49:31 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.13 12:49:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.13 12:49:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.13 12:49:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll (Symantec Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEHelperObject Class) - {4DC16316-5372-4476-9CA5-88B2786B838F} - C:\Program Files\humyo.de SmartDrive\HrfsDownloader.dll (humyo.com Ltd.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe File not found
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe (Mindjet)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Nuance PDF Professional 6-reminder] C:\Program Files\Nuance\PDF Professional 6\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF6 Registry Controller] C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 6\pdfpro6hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dock.lnk = C:\VistaOSX09\RKLauncher.exe (RaduKing)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 6.0 - C:\Program Files\Nuance\PDF Professional 6\cnvres_eng.dll ()
O8 - Extra context menu item: Open with PDF Professional 6 - C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Save Image To humyo.de - C:\Program Files\humyo.de SmartDrive\download.html ()
O8 - Extra context menu item: Save Target To humyo.de - C:\Program Files\humyo.de SmartDrive\download.html ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\2007VAIO_SS07.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\2007VAIO_SS07.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{000567f1-0144-11dd-9db0-0013a9c0d80e}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found
O33 - MountPoints2\{000567f1-0144-11dd-9db0-0013a9c0d80e}\Shell\Shell00\Command - "" = H:\Autorun.exe -- File not found
O33 - MountPoints2\{000567f1-0144-11dd-9db0-0013a9c0d80e}\Shell\Shell01\Command - "" = H:\Autorun.exe -- File not found
O33 - MountPoints2\{000567f1-0144-11dd-9db0-0013a9c0d80e}\Shell\Shell02\Command - "" = H:\Autorun.exe -- File not found
O33 - MountPoints2\{0e3d688a-65d6-11dc-b688-0013a9c0d80e}\Shell\AutoRun\command - "" = H:\setupSNK.exe -- File not found
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008.06.20 20:15:38 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: guobzea - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 90 Days ==========
[2010.04.24 15:24:44 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.04.23 14:25:59 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\***.exe
[2010.04.23 14:25:56 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.22 19:59:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.04.22 19:58:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.22 19:58:49 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.22 19:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.22 19:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.22 19:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.04.22 19:15:48 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HijackThis.exe
[2010.04.22 15:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.04.22 15:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.04.21 12:28:02 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Knieoperation
[2010.04.18 19:29:14 | 000,000,000 | ---D | C] -- C:\Users\***\.thinupload
[2010.04.18 19:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.04.18 18:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2010.04.14 21:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\FRITZ!DSL
[2010.04.14 21:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVM
[2010.04.12 19:17:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Nuance.PDF.Converter.Professional.Enterprise.v5.0-AGAiN
[2010.04.12 19:09:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nuance
[2010.04.12 19:09:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FLEXnet
[2010.04.12 19:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2010.04.12 19:07:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Zeon
[2010.04.12 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2010.04.12 19:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon
[2010.04.12 19:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2010.04.12 19:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2010.04.12 19:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.04.12 19:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Tools
[2010.04.12 19:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\ReadMe
[2010.04.12 19:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Prerequisite
[2010.04.12 19:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Docs
[2010.03.21 23:49:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DivX
[2010.03.17 12:27:00 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\My Dropbox
[2010.03.17 12:23:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.03.14 13:09:14 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Nachhilfe
[2010.03.10 15:16:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\EndNote
[2010.03.10 15:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Risxtd
[2010.03.10 15:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ResearchSoft
[2010.03.10 15:14:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2010.03.10 15:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\EndNote X3
[2010.03.10 15:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2010.03.10 15:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.03.10 15:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Endnote
[2010.03.02 22:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010.03.02 22:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010.03.02 22:18:33 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DivX Movies
[2010.03.02 22:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010.02.26 17:54:33 | 000,000,000 | ---D | C] -- C:\Windows\{665DADBF-390D-4C50-98A6-88C7B2690B3E}
[2010.02.18 17:54:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\T-Online
[2008.08.26 23:47:20 | 000,009,216 | ---- | C] ( ) -- C:\Windows\System32\capi2032.dll
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010.04.24 15:30:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{18908008-8A08-4050-9C1B-B271C41F12BB}.job
[2010.04.24 15:28:11 | 004,980,736 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010.04.24 15:25:27 | 000,184,816 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.04.24 15:24:47 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.04.24 13:47:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.24 13:47:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.24 13:47:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.23 23:32:57 | 000,000,275 | ---- | M] () -- C:\Windows\Brownie.ini
[2010.04.23 23:13:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.23 23:13:13 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.23 23:12:38 | 263,653,185 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.23 21:29:13 | 000,019,140 | ---- | M] () -- C:\Users\***\Desktop\Unerwartetes Herunterfahren.docx
[2010.04.23 20:33:03 | 000,293,376 | ---- | M] () -- C:\Users\***\Desktop\zzpqutko.exe
[2010.04.23 15:12:09 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{947d241a-f05e-11dd-9c5c-a9525b0458ea}.TMContainer00000000000000000001.regtrans-ms
[2010.04.23 15:12:09 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{947d241a-f05e-11dd-9c5c-a9525b0458ea}.TM.blf
[2010.04.23 15:11:03 | 001,921,822 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.04.23 15:10:45 | 000,049,242 | ---- | M] () -- C:\Users\***\Desktop\Trojaner-Board.docx
[2010.04.23 10:40:30 | 001,566,174 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.23 10:40:30 | 000,675,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.23 10:40:30 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.23 10:40:30 | 000,146,234 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.23 10:40:30 | 000,118,832 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.22 19:58:54 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.22 19:32:26 | 000,001,670 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.04.22 15:06:11 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.04.22 15:06:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.04.19 23:27:59 | 000,038,400 | ---- | M] () -- C:\Users\***\Desktop\Ein Beschwerdebrief von Stern.doc
[2010.04.19 18:31:26 | 000,078,542 | ---- | M] () -- C:\Users\***\Desktop\periodensystem.png
[2010.04.19 18:30:50 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010.04.18 18:57:07 | 000,000,837 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\humyo SmartDrive.lnk
[2010.04.18 18:51:10 | 000,000,079 | ---- | M] () -- C:\Windows\ricdb.ini
[2010.04.15 09:46:18 | 000,457,565 | ---- | M] () -- C:\Users\***\Desktop\NFM4WA.pdf
[2010.04.14 21:23:35 | 000,002,263 | ---- | M] () -- C:\Users\Public\Desktop\FRITZ!DSL Startcenter.lnk
[2010.04.14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.04.14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.04.14 18:31:23 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.04.14 14:32:17 | 000,335,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.12 19:16:59 | 000,087,616 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.12 19:16:47 | 000,006,594 | ---- | M] () -- C:\Users\***\Desktop\4793516e9a72f0c0a31426e77881dcd785c.zip
[2010.04.12 19:07:38 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.04.12 19:06:09 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\PDF Converter Professional.lnk
[2010.04.12 18:29:04 | 000,073,216 | ---- | M] () -- C:\Windows\cadkasdeinst01.exe
[2010.04.10 09:44:24 | 000,048,067 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2010.04.10 09:43:19 | 000,049,482 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2010.04.10 09:27:20 | 000,047,538 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2010.04.04 02:36:20 | 000,018,944 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.04 01:00:26 | 000,111,199 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2010.03.31 14:19:00 | 000,270,320 | ---- | M] (humyo.com Ltd.) -- C:\Windows\System32\HrfsControlApplet.cpl
[2010.03.31 14:18:56 | 000,192,496 | ---- | M] (humyo.com Ltd.) -- C:\Windows\System32\hrfsnp.dll
[2010.03.31 14:18:52 | 000,144,368 | ---- | M] (humyo.com Ltd.) -- C:\Windows\System32\drivers\hrfsmrx.sys
[2010.03.30 02:23:12 | 007,732,451 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.28 06:00:49 | 000,432,550 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2010.03.28 05:59:21 | 000,618,340 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2010.03.24 22:12:59 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2010.03.23 03:59:43 | 000,133,501 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2010.03.19 19:46:20 | 000,028,568 | ---- | M] () -- C:\Users\***\Desktop\***.docx
[2010.03.17 12:27:00 | 000,000,985 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk
[2010.03.17 12:27:00 | 000,000,965 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010.03.14 20:27:46 | 000,001,481 | ---- | M] () -- C:\Users\***\.JGRprefsrc
[2010.03.14 20:27:46 | 000,001,407 | ---- | M] () -- C:\Users\***\.JGREditorprefsrc
[2010.03.14 20:00:29 | 000,000,819 | ---- | M] () -- C:\Users\***\.plugins.cfg
[2010.03.10 15:16:21 | 000,000,747 | ---- | M] () -- C:\Users\***\Desktop\EndNote.lnk
[2010.02.21 18:09:02 | 000,184,816 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2010.02.21 18:05:31 | 001,051,419 | ---- | M] () -- C:\Windows\BiosRead.ROM
[2010.02.21 18:05:21 | 000,000,270 | ---- | M] () -- C:\Windows\PHLASH.INI
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
|
|
28.04.2010, 12:53
| #8 |
| | Trojaner in System32 Und hier der letzte Teil: Code:
ATTFilter ========== Files Created - No Company Name ==========
[2010.04.23 21:29:09 | 000,019,140 | ---- | C] () -- C:\Users\***\Desktop\Unerwartetes Herunterfahren.docx
[2010.04.23 21:17:14 | 263,653,185 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.04.23 20:33:01 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\zzpqutko.exe
[2010.04.23 15:10:44 | 000,049,242 | ---- | C] () -- C:\Users\***\Desktop\Trojaner-Board.docx
[2010.04.22 19:58:54 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.22 19:32:26 | 000,001,670 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.04.22 15:06:11 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.04.19 23:27:58 | 000,038,400 | ---- | C] () -- C:\Users\***\Desktop\***.doc
[2010.04.19 18:31:23 | 000,078,542 | ---- | C] () -- C:\Users\***\Desktop\***.png
[2010.04.18 18:57:07 | 000,000,837 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\humyo SmartDrive.lnk
[2010.04.15 09:46:17 | 000,457,565 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2010.04.14 21:21:20 | 000,002,263 | ---- | C] () -- C:\Users\Public\Desktop\FRITZ!DSL Startcenter.lnk
[2010.04.12 19:17:39 | 000,005,106 | ---- | C] () -- C:\Users\***\Desktop\keygen.nfo
[2010.04.12 19:16:46 | 000,006,594 | ---- | C] () -- C:\Users\***\Desktop\4793516e9a72f0c0a31426e77881dcd785c.zip
[2010.04.12 19:06:09 | 000,000,970 | ---- | C] () -- C:\Users\Public\Desktop\PDF Converter Professional.lnk
[2010.04.12 18:29:04 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.04.10 09:44:24 | 000,048,067 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2010.04.10 09:43:19 | 000,049,482 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2010.04.10 09:27:18 | 000,047,538 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2010.04.04 01:00:24 | 000,111,199 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2010.03.30 02:23:11 | 007,732,451 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2010.03.28 06:00:49 | 000,432,550 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2010.03.28 05:59:21 | 000,618,340 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2010.03.23 03:59:43 | 000,133,501 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2010.03.17 12:27:00 | 000,000,985 | ---- | C] () -- C:\Users\***\Desktop\Dropbox.lnk
[2010.03.17 12:27:00 | 000,000,965 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010.03.10 15:16:21 | 000,000,747 | ---- | C] () -- C:\Users\***\Desktop\EndNote.lnk
[2009.12.19 20:39:18 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.12.04 13:57:02 | 001,228,800 | ---- | C] () -- C:\Windows\iscflash.dll
[2009.12.04 13:57:02 | 000,038,784 | ---- | C] () -- C:\Windows\PhlashNT.sys
[2009.12.04 13:57:02 | 000,002,077 | ---- | C] () -- C:\Windows\platform.ini
[2009.12.04 13:57:02 | 000,000,270 | ---- | C] () -- C:\Windows\PHLASH.INI
[2009.12.04 13:57:02 | 000,000,017 | ---- | C] () -- C:\Windows\CONFIG.INI
[2009.09.08 15:04:26 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009.04.28 00:17:24 | 003,086,336 | ---- | C] () -- C:\Windows\System32\NCMedia.dll
[2009.04.28 00:17:24 | 003,086,336 | ---- | C] () -- C:\Windows\System32\flvvideo.dll
[2009.04.28 00:17:24 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2008.09.14 14:23:51 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008.09.14 14:23:51 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2008.09.14 14:23:37 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008.09.14 14:23:36 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2140.INI
[2008.09.14 14:23:18 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.09.14 14:01:26 | 000,000,275 | ---- | C] () -- C:\Windows\Brownie.ini
[2008.09.11 17:15:36 | 000,000,079 | ---- | C] () -- C:\Windows\ricdb.ini
[2008.08.26 23:47:20 | 000,041,243 | ---- | C] () -- C:\Windows\System32\isdncoin.dll
[2008.08.26 23:47:20 | 000,008,976 | ---- | C] () -- C:\Windows\System32\capi20.dll
[2008.04.28 19:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2008.01.15 14:52:23 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2007.11.11 17:20:13 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2007.08.15 18:11:27 | 000,014,240 | ---- | C] () -- C:\Windows\System32\usbbc.sys
[2007.08.15 18:08:21 | 000,000,063 | ---- | C] () -- C:\Windows\USBBC.ini
[2007.05.18 14:21:44 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007.05.18 14:19:58 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2007.05.14 16:02:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007.03.16 09:16:12 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007.03.16 09:16:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2007.03.16 09:15:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2004.12.20 12:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004.12.20 12:03:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2003.04.19 11:14:48 | 000,732,416 | ---- | C] () -- C:\Windows\System32\drivers\BIPAC_u.sys
[2003.01.13 18:41:58 | 000,026,435 | ---- | C] () -- C:\Windows\System32\drivers\wdmwanmp.sys
[2002.12.14 23:46:02 | 000,237,568 | ---- | C] () -- C:\Windows\System32\oggDS.dll
[2002.12.14 23:46:02 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002.12.14 23:46:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002.12.14 22:46:04 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2002.11.15 14:11:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\MMSwitch.dll
========== LOP Check ==========
[2009.12.12 14:13:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.anki
[2009.09.29 21:17:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Academic Software Zurich
[2009.04.24 16:59:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Any DVD Converter Professional
[2009.04.28 00:06:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Broad Intelligence
[2010.04.20 22:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2010.04.23 23:33:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.03.10 22:25:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EndNote
[2008.02.29 00:56:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2007.09.22 22:15:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ Toolbar
[2007.07.29 03:31:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo
[2010.04.12 18:51:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kikin
[2007.10.28 00:52:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LimeWire
[2010.04.12 19:09:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance
[2009.12.27 01:29:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2009.02.22 18:07:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\sueddeutsche.de Bildschirmschoner
[2010.02.18 17:54:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2009.09.26 19:56:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2007.07.28 11:46:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2007.10.25 23:23:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2008.09.08 19:48:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.04.12 19:07:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
[2010.04.23 15:11:48 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.04.24 15:30:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{18908008-8A08-4050-9C1B-B271C41F12BB}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.15 04:08:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.15 04:08:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.15 04:08:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2007.02.28 05:26:30 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\SATA\iastor.sys
[2007.02.28 05:26:30 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\VAIO\Drivers\SATA\iastor.sys
[2007.02.28 05:26:30 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007.02.28 05:26:30 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007.02.28 05:26:30 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys
< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NDIS.SYS >
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys
[2008.01.19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVRAID.SYS >
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2008.05.08 23:59:33 | 000,430,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll
[2008.08.12 05:39:08 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2007.05.14 22:07:15 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.05.14 22:07:13 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.05.14 22:07:15 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.05.14 22:07:24 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.05.14 22:07:26 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
========== Alternate Data Streams ==========
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E60CC89E
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:FB1B13D8
< End of report >
|
|
28.04.2010, 20:08
| #9 | |
| | Trojaner in System32Zitat:
|
|
28.04.2010, 20:40
| #10 |
| | Trojaner in System32 Das ist ein Schlüssel, den ich mir mal runtergeladen habe, aber die Datei lässt sich nicht öffnen. Steckt dahinter der Virus...? |
|
28.04.2010, 23:09
| #11 |
| | Trojaner in System32 Ah ja... Cracks, Keygens und so weiter sind illegal und werden hier nicht bereinigt. Weiter gehts mit: http://www.trojaner-board.de/51262-a...sicherung.html Du solltest in der Zukunft von der Benutzung solcher Sachen absehen - die sind nicht nur illegal, sondern auch in den meisten Fällen verseucht. Ich bin weg. |
|
28.04.2010, 23:45
| #12 |
| | Trojaner in System32 Vielen Dank noch mal für die Hilfe! Ich bezweifle allerdings, dass der Virus (bzw. es waren ja mehrere) daher kam, da ich diese Datei überhaupt nicht verwendet hatte. Na ja, Hauptsache der Virus ist jetzt verschwunden... |
|
| Themen zu Trojaner in System32 |
| 1.tmp, 32 bit, 8.tmp, antivirus, avast!, backdoor.bifrose, bho, browser, converter, desktop, diagnostics, dropbox, eraser, firefox, google, hdaudio.sys, hijack.system.hidden, hijackthis, home, home premium, infizierte dateien, installation, internet explorer, intrusion prevention, ip-adresse, laufzeit, logfile, malwarebytes' anti-malware, mozilla, mssql, netgear, nvlddmkm.sys, plug-in, programdata, proxy, registry, searchscopes, security, senden, shell32.dll, software, staropen, start menu, symantec, system, system32, trojan.downloader, trojaner, usb, usb 2.0, usbvideo.sys, virus, vista 32, vista 32 bit, windows, worm.conficker |
Linear-Darstellung
