Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.05.2010, 06:47   #1
ionloner
 
HILFE bitte ich drehe durch !!!!!!!   .... Virus Rootkit Win32.TDSS.d - Standard

HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d



Hi Leute,

bitte ich brauche Hilfe ich drehe bald noch durch von diesem Virus Rootkit Win32.TDSS.d.
Ich habe schon viel probiert, mein Kaspaerov hat den Virus gefunden kann ihn aber nicht neutralisieren. Was soll ich machen,

tdskiller > wirkungslos
kasperaov > wirkungslos
Avira AntiVir Rescue System CD > wirkungslos
Hijackthis online analyse > wirkungslos
AD WARE Tool > wirkungslos

Bitte helft mir, ich habe keine Ahnung was ich machen soll.

Alt 11.05.2010, 10:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HILFE bitte ich drehe durch !!!!!!!   .... Virus Rootkit Win32.TDSS.d - Standard

HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 11.05.2010, 12:17   #3
ionloner
 
HILFE bitte ich drehe durch !!!!!!!   .... Virus Rootkit Win32.TDSS.d - Standard

HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d



Hey, hier mein Logfile mit Malwarebytes

-------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4089

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.05.2010 21:08:07
mbam-log-2010-05-11 (21-08-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 299838
Laufzeit: 1 Stunde(n), 28 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
--------------------------------------------------------------------------
Hier das Logfile von OTL

OTL logfile created on: 11.05.2010 21:12:26 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\ionloner\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,24 Gb Total Space | 84,54 Gb Free Space | 29,64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,58% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IONLONER-PC
Current User Name: ionloner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\ionloner\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Google\Google Earth\client\googleearth.exe (Google)
PRC - C:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
PRC - C:\Programme\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor)
PRC - C:\Programme\sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Programme\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Programme\sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Programme\sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\Programme\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\ArcSoft\Magic-i Visual Effects 2\Magic-i Visual Effects.exe (ArcSoft, Inc.)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (SafeList) ==========

MOD - C:\Users\ionloner\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor)
SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ASKUpgrade) -- C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (ASKService) -- C:\Programme\AskBarDis\bar\bin\AskService.exe ()
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (klmdb) -- C:\Windows\System32\drivers\klmdb.sys (Kaspersky Lab, SLA)
DRV - (iaStor) -- C:\Windows\system32\drivers\tsk1B4F.tmp (Intel Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (shpf) -- C:\Windows\system32\DRIVERS\shpf.sys (Sony Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.64.21:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..network.proxy.ftp: "172.16.64.21"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "172.16.64.21"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "172.16.64.21"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.16.64.21"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "172.16.64.21"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.05 19:00:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.05 19:00:15 | 000,000,000 | ---D | M]

[2010.05.05 19:00:42 | 000,000,000 | ---D | M] -- C:\Users\ionloner\AppData\Roaming\mozilla\Extensions
[2010.02.11 00:00:03 | 000,000,000 | ---D | M] -- C:\Users\ionloner\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.05.11 00:34:18 | 000,000,000 | ---D | M] -- C:\Users\ionloner\AppData\Roaming\mozilla\Firefox\Profiles\jkaytggo.default\extensions
[2010.05.05 19:08:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ionloner\AppData\Roaming\mozilla\Firefox\Profiles\jkaytggo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.07 13:08:32 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\ionloner\AppData\Roaming\mozilla\Firefox\Profiles\jkaytggo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.05.08 16:12:03 | 000,000,873 | ---- | M] () -- C:\Users\ionloner\AppData\Roaming\Mozilla\FireFox\Profiles\jkaytggo.default\searchplugins\conduit.xml
[2010.05.10 13:46:50 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.10 13:46:50 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2007.03.02 23:17:24 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPAPIX.dll
[2007.01.17 21:18:04 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2007.09.08 00:25:50 | 000,103,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPMPDRM.dll
[2007.09.07 23:46:48 | 000,098,968 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
[2010.04.02 02:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.02 02:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.02 02:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.02 02:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.02 02:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe File not found
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [StartServicePHABWLA] C:\Users\ionloner\AppData\Local\PHABWLA\StartService.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\ionloner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.05.11 01:20:02 | 000,014,639 | RHS- | M] () - E:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{29717797-ce57-11de-8e85-001dbaf14fbe}\Shell - "" = AutoRun
O33 - MountPoints2\{29717797-ce57-11de-8e85-001dbaf14fbe}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{df3073b6-ff37-11de-81e1-001dbaf14fbe}\Shell - "" = AutoRun
O33 - MountPoints2\{df3073b6-ff37-11de-81e1-001dbaf14fbe}\Shell\AutoRun\command - "" = H:\MI.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\MI.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.11 15:53:05 | 000,036,488 | ---- | C] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmdb.sys
[2010.05.11 14:55:19 | 000,000,000 | ---D | C] -- C:\Avenger
[2010.05.10 13:45:37 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2010.05.10 13:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.05.10 13:45:09 | 000,280,592 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.05.10 13:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.05.07 13:08:00 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.05.07 13:08:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.05.07 09:09:30 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.05.07 09:09:30 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.05.01 17:04:04 | 000,000,000 | ---D | C] -- C:\Users\ionloner\AppData\Roaming\Malwarebytes
[2010.05.01 17:03:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.01 17:03:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.01 17:03:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.01 17:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.01 17:02:42 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.04.24 08:16:33 | 000,000,000 | ---D | C] -- C:\Users\ionloner\Documents\NeroVision
[2010.04.22 17:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.04.22 00:14:06 | 000,000,000 | ---D | C] -- C:\Users\ionloner\AppData\Local\Nero_AG
[2010.04.20 12:40:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.04.18 19:29:35 | 000,000,000 | ---D | C] -- C:\Programme\IndieVolume
[2010.04.18 13:53:04 | 000,000,000 | ---D | C] -- C:\Programme\Winload
[2010.04.18 13:52:59 | 000,000,000 | ---D | C] -- C:\Users\ionloner\AppData\Roaming\SparweltGutschein
[2010.04.17 21:15:03 | 000,000,000 | ---D | C] -- C:\Users\ionloner\AppData\Local\PHABWLA
[2010.04.17 20:57:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.04.16 13:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.04.16 10:15:09 | 000,000,000 | ---D | C] -- C:\Users\ionloner\AppData\Roaming\Nero
[2010.04.16 09:52:41 | 000,000,000 | ---D | C] -- C:\Programme\Nero
[2010.04.16 09:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010.04.16 09:51:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nero
[2010.04.15 21:30:12 | 000,000,000 | ---D | C] -- C:\Programme\TuneUpMedia
[2010.04.15 21:30:10 | 000,000,000 | ---D | C] -- C:\Users\ionloner\AppData\Roaming\TuneUpMedia
[2010.04.15 21:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010.04.15 21:24:59 | 000,000,000 | ---D | C] -- C:\Programme\Vuze_Remote
[2010.04.15 11:23:21 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.15 11:23:21 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.15 11:23:20 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2 C:\Users\ionloner\AppData\Roaming\*.tmp files -> C:\Users\ionloner\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.11 21:14:28 | 003,932,160 | -HS- | M] () -- C:\Users\ionloner\ntuser.dat
[2010.05.11 20:49:29 | 000,101,305 | ---- | M] () -- C:\Users\ionloner\Desktop\Image085.jpg
[2010.05.11 20:48:39 | 000,063,170 | ---- | M] () -- C:\Users\ionloner\Desktop\yukata.jpg
[2010.05.11 20:19:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.11 16:04:31 | 000,011,120 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.11 16:04:31 | 000,011,120 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.11 15:56:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.11 15:55:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.11 15:55:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.11 15:55:43 | 2389,995,520 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.11 15:53:46 | 006,291,456 | -H-- | M] () -- C:\Users\ionloner\AppData\Local\IconCache.db
[2010.05.11 15:53:05 | 000,036,488 | ---- | M] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmdb.sys
[2010.05.11 15:40:24 | 000,028,520 | ---- | M] () -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.05.11 15:02:48 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.11 15:02:48 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.11 15:02:48 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.11 15:02:48 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.11 15:02:48 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.11 15:01:08 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2010.05.11 15:01:06 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2010.05.11 15:01:05 | 000,135,168 | ---- | M] () -- C:\zip.exe
[2010.05.11 13:43:02 | 000,455,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.11 00:47:01 | 000,312,344 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
[2010.05.11 00:20:02 | 388,705,029 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.05.10 15:59:34 | 000,011,678 | ---- | M] () -- C:\Users\ionloner\Desktop\Dear Madam.docx
[2010.05.10 14:09:20 | 000,280,592 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.05.10 14:09:20 | 000,128,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\kl1.sys
[2010.05.10 14:09:18 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.05.10 14:09:18 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.05.10 13:47:24 | 000,604,140 | -HS- | M] () -- C:\Windows\System32\drivers\ISwift3.dat
[2010.05.09 11:45:24 | 000,002,039 | ---- | M] () -- C:\Users\ionloner\Desktop\HijackThis.lnk
[2010.05.05 19:00:19 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.03 00:54:51 | 000,000,233 | ---- | M] () -- C:\Windows\WININIT.INI
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.19 13:20:43 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.17 10:44:34 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010.04.15 21:25:28 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2 C:\Users\ionloner\AppData\Roaming\*.tmp files -> C:\Users\ionloner\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.11 20:49:15 | 000,101,305 | ---- | C] () -- C:\Users\ionloner\Desktop\Image085.jpg
[2010.05.11 20:48:26 | 000,063,170 | ---- | C] () -- C:\Users\ionloner\Desktop\yukata.jpg
[2010.05.11 14:53:24 | 000,135,168 | ---- | C] () -- C:\zip.exe
[2010.05.11 14:53:24 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2010.05.11 14:53:24 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2010.05.10 15:59:33 | 000,011,678 | ---- | C] () -- C:\Users\ionloner\Desktop\Dear Madam.docx
[2010.05.10 13:47:24 | 000,604,140 | -HS- | C] () -- C:\Windows\System32\drivers\ISwift3.dat
[2010.05.10 13:46:31 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.05.10 13:46:31 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.05.05 19:00:19 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.02 14:01:55 | 000,002,039 | ---- | C] () -- C:\Users\ionloner\Desktop\HijackThis.lnk
[2010.04.30 02:01:24 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.04.19 13:20:43 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.17 20:56:59 | 388,705,029 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.04.17 10:44:34 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.02.06 22:05:34 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
[2010.01.16 08:20:23 | 000,028,520 | ---- | C] () -- C:\Windows\System32\drivers\ssmdrv.sys
[2009.11.11 09:28:39 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.10 23:56:53 | 000,000,233 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.14 10:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.04.24 22:54:47 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.03.24 03:53:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
[2009.03.24 03:52:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
< End of report >

und der zweite log von olt

OTL Extras logfile created on: 11.05.2010 21:12:26 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\ionloner\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,24 Gb Total Space | 84,54 Gb Free Space | 29,64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,58% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IONLONER-PC
Current User Name: ionloner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0A1B60E0-F250-BD91-79C9-C29B9C05A5AA}" = Catalyst Control Center InstallProxy
"{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{183372B8-A3C2-063B-5C9E-B5C3E09F7158}" = CCC Help Norwegian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19B683DF-B562-4C0B-8AAA-2A92409D190A}" = Sony Home Network Library
"{1A364B62-F80D-4AD7-B067-0BA369719286}" = VAIO Content Metadata Manager Settings
"{1D2DF848-BA1C-6D29-8DC6-A8EBC85B2128}" = CCC Help Thai
"{1F07C5EC-A79E-9A66-7BE8-352E18A21CC9}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2176C142-DEE5-8AF0-9257-CA2E65368A52}" = CCC Help Finnish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2702B8FC-6003-4AC6-ADBC-EC65746D800A}" = Lost Via Domus
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{27EA389E-B0D3-E606-A801-C397BC417B00}" = Catalyst Control Center Graphics Previews Common
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{32DD0B80-68A4-2BAD-6D43-D2A6A7732AA2}" = CCC Help Hungarian
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{33F55462-96AF-0D67-AAF3-5ACBDE186FF7}" = CCC Help Dutch
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{359391F9-1A4D-A988-D62D-0F33C59AFDF6}" = CCC Help English
"{36BDB1C2-CC66-41EB-B7DD-76339A7BB046}" = VAIO Edit Components
"{36FBD8D7-CEFC-2BFD-9E50-CDEA040D5F47}" = CCC Help Swedish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C7C4990-D713-E889-63E7-214D35B55B18}" = Catalyst Control Center Graphics Previews Vista
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{484D0DD1-57D3-4AE5-8B5A-40232C83B674}" = VAIO Entertainment Platform
"{4C5FC19D-AE05-3F78-4336-90116C43400E}" = CCC Help French
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E64FCCA-AE91-609C-6646-3BA7B2542C17}" = CCC Help Russian
"{4F29AF49-2F30-4E33-416B-E373ACE30B03}" = Catalyst Control Center Core Implementation
"{51CBB909-7A5D-1B81-2F79-219231F0C7A6}" = Catalyst Control Center InstallProxy
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5CCB5E3A-8FA6-E1B8-082E-507493C836CD}" = Catalyst Control Center Localization All
"{5D9F5605-4B95-A700-B10E-FC5DBE052D18}" = CCC Help Italian
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{627C5AC0-772C-4661-B696-42E04AEB1872}" = lingDIALOG
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{653C3AFC-E8BB-E745-DEE8-A9EA8ED5D432}" = CCC Help Greek
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6CCAF3C8-8B77-3601-6E9C-E85E9444B0E6}" = CCC Help Chinese Traditional
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7010F660-F97B-4565-9BA2-F985FFFB42B1}" = VAIO Mode Switch
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7C8744A5-DED2-028E-C0B7-42AAA764E806}" = CCC Help Korean
"{7CF4115F-8947-2E35-718E-9AE7907FDD34}" = Catalyst Control Center Graphics Full New
"{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B1CF7D7-9D45-6FB7-8B8A-72E804B74ACD}" = CCC Help Danish
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{96AE9B73-23A5-3781-07EE-D873CDF1935A}" = CCC Help Polish
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{97F52122-E41C-C805-3981-E8686E073978}" = CCC Help Chinese Standard
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99804FF5-11AC-4FC9-B66B-72E9A6B386BC}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A82C622C-22E2-409E-7113-EB749DEBC9F7}" = CCC Help Portuguese
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA66EAEF-E6F9-BB8A-1463-72BE38F70856}" = CCC Help Japanese
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A90100000001}" = Adobe Reader 9.0.1 - Deutsch
"{AEF0D6B2-1087-3D96-624F-B83A5EBD175D}" = Catalyst Control Center Graphics Full Existing
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.5
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{d0cf1a75-38d3-4d7b-a0d6-7d81bea65c0c}" = Nero 9 Trial
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2004393-13BB-E18E-B1BF-19D758AFCD8D}" = CCC Help Spanish
"{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = WIDCOMM Bluetooth Software
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{D6FBA785-DF2D-48C5-B238-40ABBD8EB780}" = Langenscheidt Vokabeltrainer 4.0 Englisch
"{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD21CAA4-C666-656A-0717-064BFCB850A9}" = ccc-utility
"{DDAF9A24-31F2-998B-79F3-F02580284D50}" = CCC Help Turkish
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9DC3DE6-B510-FF40-F696-CFA52F9916FE}" = CCC Help German
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F29F2FAC-3F7E-4302-689C-C6579A19B3FC}" = CCC Help Czech
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F50D41C8-AC24-3FCD-D3AB-10C2D7CBDFB8}" = Catalyst Control Center Graphics Light
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F88A7EB0-90F4-4012-9194-33AF2F1C5BF1}" = VAIO Movie Story 1.5 Upgrade
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Ask Toolbar_is1" = Vuze Toolbar
"BearShare" = BearShare
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dt icon module" =
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Grammatiktrainer 4.0 Englisch" = Langenscheidt Grammatiktrainer 4.0 Englisch
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"Red Alert" = Red Alert Windows 95
"SurfMusik 3.1a_is1" = SurfMusik 3.1a
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUpMedia" = TuneUp Companion 1.6.4
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.1
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >




Ich hoffe du kannst mir helfen, das nervt gewaltig beim surfen und der PC is so langsam.....

__________________

Alt 11.05.2010, 12:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HILFE bitte ich drehe durch !!!!!!!   .... Virus Rootkit Win32.TDSS.d - Standard

HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d



Poste bitte noch das Kaspersky Logfile mit den Funden.
Schön wären auch Logs mit GMER und OSAM wenn da tatsächlich ein Rootkit werkelt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.05.2010, 13:50   #5
ionloner
 
HILFE bitte ich drehe durch !!!!!!!   .... Virus Rootkit Win32.TDSS.d - Standard

HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d



Hi danke für die Hilfe. Leider habe ich Kasperov gelöscht und mir G-Data besorgt, da es ständig abgestürzt ist. So nun die zwei geforderten Logs. Zuerst der GMER gefolgt von OSAM Log

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-11 22:35:25
Windows 6.1.7600
Running: f7y08ijk.exe; Driver: C:\Users\ionloner\AppData\Local\Temp\uxriikod.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83224AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83224104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832243F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8320C634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8320C898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832241DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83224958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832246F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83224F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832251A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83284599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832A8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spzm.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91E2B000, 0x2D556C, 0xE8000020]
.text USBPORT.SYS!DllUnload 92438CA0 5 Bytes JMP 873BD1D8
.text peauth.sys 9F612C9D 28 Bytes [84, 92, 1D, 24, 43, 84, AD, ...]
.text peauth.sys 9F612CC1 28 Bytes [84, 92, 1D, 24, 43, 84, AD, ...]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[2196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2196] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2196] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743F2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743D5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743D56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743F250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743E8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743E4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743E50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743E51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [743E66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743E82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743E8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743E907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743EE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [743E4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 857451F8
Device \FileSystem\fastfat \FatCdrom 857911F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433766ab6
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0x20 0x48 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433766ab6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0x20 0x48 0x07 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F833615-E2C7-9501-7C12-C6CC78C1508C}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F833615-E2C7-9501-7C12-C6CC78C1508C}@malamdockeagcpkpdknkkgeiee 0x64 0x61 0x64 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F833615-E2C7-9501-7C12-C6CC78C1508C}@lalamdockeagcpkpnjpkbpji 0x64 0x62 0x64 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F833615-E2C7-9501-7C12-C6CC78C1508C}@labbnmpmfjppknainpggkjgo 0x64 0x62 0x65 0x65 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: copy of MBR

---- EOF - GMER 1.0.15 ----








Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:46:15 on 11.05.2010
OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Boot Execute
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
|||||| "BootExecute" C:\Windows\system32\lsdelete.exe File found, but it contains no detailed information
Common
%SystemRoot%\Tasks
|||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "PhysX.cpl" C:\Windows\system32\PhysX.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL File exists
|||||| "Nero BurnRights 10" "Nero AG" C:\Program Files\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl File exists
|||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "ElbyCDIO Driver" (ElbyCDIO) "Elaborate Bytes AG" C:\Windows\System32\Drivers\ElbyCDIO.sys File exists
"G DATA WFP CD" (gdwfpcd) "G DATA Software AG" C:\Windows\System32\drivers\gdwfpcd32.sys File exists
"GDBehave" (GDBehave) "G Data Software AG" C:\Windows\System32\drivers\GDBehave.sys File exists
"GDMnIcpt" (GDMnIcpt) "G Data Software AG" C:\Windows\system32\drivers\MiniIcpt.sys File exists
"HookCentre" (HookCentre) "G Data Software AG" C:\Windows\system32\drivers\HookCentre.sys File exists
"PxHelp20" (PxHelp20) "Sonic Solutions" C:\Windows\System32\Drivers\PxHelp20.sys File exists
|||||| "regi" (regi) "InterVideo" C:\Windows\System32\drivers\regi.sys File exists
|||||| "Sony DMI Call service" (DMICall) "Sony Corporation" C:\Windows\System32\DRIVERS\DMICall.sys File exists
|||||| "Sony HDD Protection Filter Driver" (shpf) "Sony Corporation" C:\Windows\System32\DRIVERS\shpf.sys File exists
|||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked
"uxriikod" (uxriikod) C:\Users\ionloner\AppData\Local\Temp\uxriikod.sys Hidden registry entry, rootkit activity | File not found
|||||| "VClone" (VClone) "Elaborate Bytes AG" C:\Windows\System32\DRIVERS\VClone.sys File exists
|||||| "WimFltr" (WimFltr) "Microsoft Corporation" C:\Windows\System32\DRIVERS\wimfltr.sys File exists
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists
|||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File exists
|||||| {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll File exists
|||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File exists
|||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists
{8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
|||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found
|||||| {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found
|||||| {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" "Advanced Micro Devices, Inc." C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll File exists
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found
{C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" "ACE GmbH" C:\PROGRA~1\COMMON~1\fluxDVD\Lib\XEB\XEBShell.dll File exists
|||||| {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists
|||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL File exists
|||||| {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL File exists
|||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" "Broadcom Corporation." C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll File exists
|||||| {F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" "Nero AG" C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL File exists
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" File not found | COM-object registry key not found
|||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" "Advanced Micro Devices, Inc." C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll File exists
|||||| {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" "Elaborate Bytes AG" C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll File exists
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Program Files\WinRAR\rarext.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" File not found | COM-object registry key not found
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
|||| "Google Toolbar" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File exists
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
|| "Vuze Remote Toolbar" "Conduit Ltd." C:\Program Files\Vuze_Remote\tbVuze.dll File exists
|| "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
|| {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoft\tbDVDV.dll File exists
|||| {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" "ICQ" C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File exists
|| {ba14329e-9550-4989-b3f2-9732e92d17cc} "Vuze Remote Toolbar" "Conduit Ltd." C:\Program Files\Vuze_Remote\tbVuze.dll File exists
|| {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_11.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
|||| {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" "ICQ" C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||||| "@btrez.dll,-4015" C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File exists
|||| {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File exists
|||| "ICQ6" "ICQ, LLC." C:\Program Files\ICQ6.5\ICQ.exe File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
"Ask Toolbar" C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
|| {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoft\tbDVDV.dll File exists
{0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" "G Data Software AG" C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll File exists
|||| "Google Toolbar" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File exists
|||| {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" "ICQ" C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File exists
|| {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|| {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoft\tbDVDV.dll File exists
{0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" "G Data Software AG" C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll File exists
|||| {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File exists
|||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll File exists
|||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
|||| {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\ssv.dll File exists
|| {ba14329e-9550-4989-b3f2-9732e92d17cc} "Vuze Remote Toolbar" "Conduit Ltd." C:\Program Files\Vuze_Remote\tbVuze.dll File exists
|||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists
|| {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Users\ionloner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
|||| "LimeWire On Startup.lnk" "Lime Wire, LLC" C:\Program Files\LimeWire\LimeWire.exe Shortcut exists | File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
|||| "Adobe Gamma Loader.lnk" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Shortcut exists | File exists
|||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"DAEMON Tools Lite" "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun File not found
|||| "msnmsgr" "Microsoft Corporation" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File exists
"NSUFloatingUI" "Sony Corporation" "C:\Program Files\Sony\Network Utility\LANUtil.exe" File exists
|||| "Skype" "Skype Technologies S.A." "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File exists
"StartServicePHABWLA" C:\Users\ionloner\AppData\Local\PHABWLA\StartService.exe File not found
|||| "swg" "Google Inc." "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
"StartupPrograms" rdpclip File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists
"G Data AntiVirus Tray Application" "G Data Software AG" C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe File exists
|||| "GrooveMonitor" "Microsoft Corporation" "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" File exists
|||| "ISBMgr.exe" "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" File exists
|||||| " Malwarebytes Anti-Malware (reboot)" "Malwarebytes Corporation" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File exists
|| "MarketingTools" "Sony Corporation" C:\Program Files\Sony\Marketing Tools\MarketingTools.exe File exists
|||| "NBAgent" "Nero AG" "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart File exists
|| "PDFPrint" "Geek Software GmbH" C:\Program Files\pdf24\pdf24.exe File exists
|||| "QuickTime Task" "Apple Inc." "C:\Program Files\QuickTime\QTTask.exe" -atboottime File exists
|||| "StartCCC" "Advanced Micro Devices, Inc." "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Java\jre6\bin\jusched.exe" File exists
|||| "VirtualCloneDrive" "Elaborate Bytes AG" "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s File exists
"VMSwitch" "Sony Corporation" "C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe" File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\Windows\system32\msonpmon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) "Nero AG" C:\Program Files\Nero\Update\NASvc.exe File exists
|||||| "Adobe Active File Monitor V7" (AdobeActiveFileMonitor7.0) "Adobe Systems Incorporated" C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe File exists
|||||| "Adobe LM Service" (Adobe LM Service) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe File exists
|||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists
|||||| "ArcSoft Connect Daemon" (ACDaemon) "ArcSoft Inc." C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File exists
"VAIO Power Management" (VAIO Power Management) "Sony Corporation" C:\Program Files\Sony\VAIO Power Management\SPMService.exe File exists
|||||| "Bluetooth Service" (btwdins) "Broadcom Corporation." C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe File exists
|||||| "CamMonitor" (uCamMonitor) "ArcSoft, Inc." C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe File exists
|||||| "FLEXnet Licensing Service" (FLEXnet Licensing Service) "Macrovision Europe Ltd." C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe File exists
"G Data AntiVirus Proxy" (AVKProxy) "G Data Software AG" C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe File exists
"G Data Dateisystem Wächter" (AVKWCtl) "G Data Software AG" C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe File exists
"G Data Scanner" (GDScan) "G Data Software AG" C:\Program Files\Common Files\G Data\GDScan\GDScan.exe File exists
"G Data Scheduler" (AVKService) "G Data Software AG" C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe File exists
|||| "Google Software Updater" (gusvc) "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
|||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||| "ICQ Service" (ICQ Service) C:\Program Files\ICQ6Toolbar\ICQ Service.exe File exists
|||||| "IviRegMgr" (IviRegMgr) "InterVideo" C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe File exists
|||||| "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) "Lavasoft" C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File exists
|||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists
|||||| "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe File exists
|||||| "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) "Nero AG" C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe File exists
"NSUService" (NSUService) "Sony Corporation" C:\Program Files\sony\Network Utility\NSUService.exe File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "VAIO Content Folder Watcher" (VCFw) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe File exists
|||||| "VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) "Sony Corporation" C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe File exists
"VAIO Content Metadata XML Interface" (VcmXmlIfHelper) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe File exists
|||||| "VAIO Entertainment Database Service" (VzCdbSvc) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe File exists
|||||| "VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe File exists
|||||| "VAIO Entertainment UPnP Client Adapter" (Vcsw) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe File exists
|||||| "VAIO Event Service" (VAIO Event Service) "Sony Corporation" C:\Program Files\sony\VAIO Event Service\VESMgr.exe File exists
"VAIO Media plus Content Importer" (SOHCImp) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe File exists
"VAIO Media plus Database Manager" (SOHDBSvr) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe File exists
"VAIO Media plus Device Searcher" (SOHDs) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe File exists
"VAIO Media plus Digital Media Server" (SOHDms) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe File exists
"VAIO Media plus Playlist Manager" (SOHPlMgr) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe File exists
Winlogon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
|||||| "VESWinlogon" "Sony Corporation" C:\Windows\system32\VESWinlogon.dll File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


Alt 11.05.2010, 14:49   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HILFE bitte ich drehe durch !!!!!!!   .... Virus Rootkit Win32.TDSS.d - Standard

HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d



Da wurde vermutlich am MBR geschruabt, lass mal bitte CF durchlaufen, das Tool nimmt uns viel Arbeit ab:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d

Alt 12.05.2010, 01:21   #7
ionloner
 
HILFE bitte ich drehe durch !!!!!!!   .... Virus Rootkit Win32.TDSS.d - Standard

HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d



Hey hier ist der Scan mit Comfix, have vorher alles mit dem CCleaner bereinigt!


ComboFix 10-05-10.05 - ionloner 12.05.2010 9:47.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3039.1839 [GMT 10:00]
ausgeführt von:: c:\users\ionloner\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\ionloner\AppData\Local\Temp\jna885315247853848092.tmp

.
((((((((((((((((((((((( Dateien erstellt von 2010-04-12 bis 2010-05-12 ))))))))))))))))))))))))))))))
.

2010-05-12 00:05 . 2010-05-12 00:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-12 00:05 . 2010-05-12 00:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-11 16:19 . 2010-05-11 16:19 -------- d-----w- c:\program files\CCleaner
2010-05-11 12:53 . 2010-05-11 12:53 29992 ----a-w- c:\windows\system32\drivers\GRD.sys
2010-05-11 11:57 . 2010-05-11 11:57 38856 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2010-05-11 11:57 . 2010-05-11 11:57 61512 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2010-05-11 11:57 . 2010-05-11 11:57 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2010-05-11 11:57 . 2010-05-11 11:57 40904 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2010-05-11 11:56 . 2010-05-11 12:19 -------- d-----w- c:\programdata\G DATA
2010-05-11 11:56 . 2010-05-11 11:56 -------- d-----w- c:\program files\Common Files\G Data
2010-05-11 11:56 . 2010-05-11 11:56 -------- d-----w- c:\program files\G Data
2010-05-11 11:55 . 2010-05-11 11:55 -------- d-----w- c:\users\ionloner\AppData\Local\Downloaded Installations
2010-05-11 05:53 . 2010-05-11 05:53 36488 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-05-11 04:53 . 2010-05-11 05:01 574 ----a-w- C:\cleanup.bat
2010-05-10 03:45 . 2010-05-11 11:47 -------- d-----w- c:\programdata\Kaspersky Lab
2010-05-07 03:08 . 2010-05-07 03:08 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-07 03:08 . 2010-05-07 03:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-06 23:09 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-05-06 23:09 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-01 07:04 . 2010-05-01 07:04 -------- d-----w- c:\users\ionloner\AppData\Roaming\Malwarebytes
2010-05-01 07:03 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-01 07:03 . 2010-05-11 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-01 07:03 . 2010-05-01 07:03 -------- d-----w- c:\programdata\Malwarebytes
2010-05-01 07:03 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-01 07:02 . 2010-05-01 07:02 -------- d-----w- c:\program files\Trend Micro
2010-04-29 16:01 . 2010-01-28 04:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-22 07:34 . 2010-04-22 07:34 -------- d-----w- c:\programdata\FLEXnet
2010-04-21 14:14 . 2010-04-21 14:14 -------- d-----w- c:\users\ionloner\AppData\Local\Nero_AG
2010-04-20 02:40 . 2010-04-20 02:40 -------- d-----w- c:\program files\Common Files\Skype
2010-04-18 09:29 . 2010-04-20 02:44 -------- d-----w- c:\program files\IndieVolume
2010-04-18 03:53 . 2010-04-18 03:53 -------- d-----w- c:\program files\Winload
2010-04-18 03:52 . 2010-04-18 03:52 -------- d-----w- c:\users\ionloner\AppData\Roaming\SparweltGutschein
2010-04-17 11:15 . 2010-04-18 23:12 -------- d-----w- c:\users\ionloner\AppData\Local\PHABWLA
2010-04-16 03:13 . 2010-04-16 03:14 -------- d-----w- c:\programdata\DivX
2010-04-16 00:15 . 2010-04-21 14:05 -------- d-----w- c:\users\ionloner\AppData\Roaming\Nero
2010-04-15 23:52 . 2010-04-21 14:01 -------- d-----w- c:\program files\Nero
2010-04-15 23:51 . 2010-04-21 14:01 -------- d-----w- c:\programdata\Nero
2010-04-15 23:51 . 2010-04-21 13:53 -------- d-----w- c:\program files\Common Files\Nero
2010-04-15 11:30 . 2010-04-15 11:30 -------- d-----w- c:\program files\TuneUpMedia
2010-04-15 11:30 . 2010-05-07 03:03 -------- d-----w- c:\users\ionloner\AppData\Roaming\TuneUpMedia
2010-04-15 11:30 . 2010-04-15 11:30 -------- d-----w- c:\programdata\TuneUpMedia
2010-04-15 11:24 . 2010-04-15 11:25 -------- d-----w- c:\program files\Vuze_Remote
2010-04-15 01:23 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 01:23 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 01:23 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 01:23 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 01:23 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 01:23 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 06:02 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 06:02 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 00:11 . 2010-02-10 13:59 -------- d-----w- c:\users\ionloner\AppData\Roaming\LimeWire
2010-05-11 23:34 . 2009-10-22 16:20 -------- d-----w- c:\users\ionloner\AppData\Roaming\Skype
2010-05-11 15:14 . 2010-03-04 08:32 -------- d-----w- c:\users\ionloner\AppData\Roaming\vlc
2010-05-11 14:03 . 2009-10-22 16:22 -------- d-----w- c:\users\ionloner\AppData\Roaming\skypePM
2010-05-11 05:53 . 2010-05-11 05:53 312344 ----a-w- c:\windows\system32\drivers\tsk1B4F.tmp
2010-05-11 05:02 . 2009-08-18 03:52 643866 ----a-w- c:\windows\system32\perfh007.dat
2010-05-11 05:02 . 2009-08-18 03:52 126394 ----a-w- c:\windows\system32\perfc007.dat
2010-05-10 14:47 . 2009-03-23 17:53 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-05-10 10:46 . 2010-01-31 01:32 -------- d-----w- c:\users\ionloner\AppData\Roaming\dvdcss
2010-05-10 02:18 . 2009-10-23 14:05 -------- d-----w- c:\users\ionloner\AppData\Roaming\.pknowledge
2010-05-07 03:08 . 2010-05-07 03:08 52224 ----a-w- c:\users\ionloner\AppData\Roaming\Mozilla\Firefox\Profiles\jkaytggo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
2010-05-07 03:08 . 2010-05-07 03:08 101376 ----a-w- c:\users\ionloner\AppData\Roaming\Mozilla\Firefox\Profiles\jkaytggo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
2010-05-06 00:36 . 2010-01-15 22:51 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-02 14:49 . 2009-04-24 12:39 -------- d-----w- c:\programdata\Symantec
2010-05-02 14:46 . 2010-02-02 01:03 -------- d-----w- c:\program files\iTunes
2010-05-02 14:46 . 2010-02-02 01:00 -------- d-----w- c:\program files\Common Files\Apple
2010-05-02 14:44 . 2010-03-04 08:19 -------- d-----w- c:\program files\Graboid
2010-05-02 14:42 . 2009-11-08 20:52 -------- d-----w- c:\program files\TechSmith
2010-04-30 15:54 . 2009-04-24 12:25 -------- d-----w- c:\program files\Google
2010-04-29 14:16 . 2010-02-06 03:01 -------- d-----w- c:\program files\Common Files\fluxDVD
2010-04-29 14:15 . 2009-12-27 02:28 -------- d-----w- c:\programdata\Norton
2010-04-27 12:10 . 2009-10-22 12:34 -------- d-----w- c:\users\ionloner\AppData\Roaming\ICQ
2010-04-21 14:13 . 2009-11-10 19:53 -------- d-----w- c:\users\ionloner\AppData\Roaming\Azureus
2010-04-21 08:00 . 2010-01-27 07:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-18 15:05 . 2010-04-18 15:05 0 ----a-w- c:\users\ionloner\AppData\Roaming\nigA788.tmp
2010-04-18 14:48 . 2010-04-18 14:48 0 ----a-w- c:\users\ionloner\AppData\Roaming\nig583F.tmp
2010-04-18 03:52 . 2010-04-18 03:52 5550 ----a-r- c:\users\ionloner\AppData\Roaming\Microsoft\Installer\{5943B7F7-678B-477E-9AEE-6E4C6962322B}\_6FEFF9B68218417F98F549.exe
2010-04-17 00:45 . 2009-04-24 12:32 -------- d-----w- c:\programdata\Microsoft Help
2010-04-15 11:42 . 2009-11-10 19:54 178 ----a-w- c:\users\ionloner\AppData\Roaming\Azureus\restart.bat
2010-04-15 11:25 . 2009-11-10 19:53 -------- d-----w- c:\program files\Vuze
2010-04-13 13:05 . 2010-04-13 13:05 10686001 ----a-w- c:\users\ionloner\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2010-04-06 21:17 . 2009-03-23 10:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 21:16 . 2009-10-23 16:47 2485883 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-02-23 07:56 . 2010-04-01 22:38 977920 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 05:45 2355224 ----a-w- c:\program files\Winload\tbWinl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-03-17 05:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-03-09 01:06 2355224 ----a-w- c:\program files\DVDVideoSoft\tbDVDV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-22 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2009-08-10 284592]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-05 26102056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2009-08-24 538472]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 136600]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-08-21 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-21 7596576]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2009-04-24 26112]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-02-21 207504]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"G Data AntiVirus Tray Application"="c:\program files\G Data\AntiVirus\AVKTray\AVKTray.exe" [2010-03-31 963144]

c:\users\ionloner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-17 503808]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-6 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-08-04 07:58 98304 ------w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 135664]
R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-02-09 29736]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-06-17 83240]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
R3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
R4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
R4 klmdb;klmdb;c:\windows\system32\drivers\klmdb.sys [2010-05-11 36488]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-05-11 33480]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2008-08-26 23712]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-10 691696]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-05-11 61512]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2010-05-11 40904]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-05-11 29992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-26 176128]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-04-07 1146440]
S2 AVKService;G Data Scheduler;c:\program files\G Data\AntiVirus\AVK\AVKService.exe [2010-03-31 410696]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe [2010-03-15 1279816]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-05 1181328]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2009-06-11 303104]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2009-08-21 133664]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-07-06 415592]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2010-04-22 339016]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-05-11 38856]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-09-08 4231680]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-11-19 9344]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mfeavfk
*Deregistered* - mfebopk
*Deregistered* - mferkdk
*Deregistered* - mfesmfk
*Deregistered* - MPFP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
Inhalt des "geplante Tasks" Ordners

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 11:04]

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 11:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
uInternet Settings,ProxyServer = 172.16.64.21:8080
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\program files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\program files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
FF - ProfilePath - c:\users\ionloner\AppData\Roaming\Mozilla\Firefox\Profiles\jkaytggo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\avkwebfilterff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\ionloner\AppData\Roaming\Mozilla\Firefox\Profiles\jkaytggo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\ionloner\AppData\Roaming\Mozilla\Firefox\Profiles\jkaytggo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iaStor]
"ImagePath"="system32\drivers\tsk1B4F.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-309949491-1789916084-3723748198-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F833615-E2C7-9501-7C12-C6CC78C1508C}*]
"malamdockeagcpkpdknkkgeiee"=hex:64,61,64,65,65,70,65,6c,00,61
"lalamdockeagcpkpnjpkbpji"=hex:64,62,64,65,66,70,64,6d,6f,61,6e,66,61,69,6f,6a,
6b,64,6a,6d,67,6a,69,67,6c,66,63,6e,6a,69,70,66,65,6d,63,70,66,64,64,6b,00,\
"labbnmpmfjppknainpggkjgo"=hex:64,62,65,65,66,6f,68,67,68,6b,6c,67,6f,6a,69,6d,
6a,64,65,65,64,65,6f,64,68,65,65,70,66,6c,6a,6c,6a,6a,6f,61,68,63,62,62,00,\

[HKEY_USERS\S-1-5-21-309949491-1789916084-3723748198-1000\Software\SecuROM\License information*]
"datasecu"=hex:b8,65,06,cd,ff,3a,14,28,eb,b3,7b,46,44,a4,d9,71,65,b8,aa,0f,74,
84,7a,ac,c6,3e,4e,43,26,26,a7,cb,74,2a,28,b0,90,90,6a,73,6d,28,42,b7,d4,d3,\
"rkeysecu"=hex:a2,cf,6b,9e,a0,ba,34,e0,41,e2,e8,8c,29,a1,7e,87

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(6984)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\taskhost.exe
c:\program files\sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-12 10:18:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-05-12 00:18
ComboFix2.txt 2010-05-11 23:24

Vor Suchlauf: 20 Verzeichnis(se), 111.776.587.776 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 111.717.056.512 Bytes frei

- - End Of File - - D9B2C7F6E23711C8159244319D569F63

Alt 12.05.2010, 04:35   #8
ionloner
 
HILFE bitte ich drehe durch !!!!!!!   .... Virus Rootkit Win32.TDSS.d - Standard

HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d



Hi, ich habe jetzt nochmal nen Virenscan mit D-Data durchlaufen lassen. Das logfile findest du folgend. Da sind zwei weitere Viren gefunden worden...

Virenprüfung mit G Data AntiVirus
Version 21.0.2.1 (22.04.2010)
Virensignaturen vom
Startzeit: 12.05.2010 12:51:26
Engine(s): Engine A, Engine B
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein

Prüfung der Systembereiche...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 12.05.2010 13:10:58
156336 Dateien überprüft
2 infizierte Dateien gefunden
0 verdächtige Dateien gefunden


– Archiv: Nero v9.4.26.0 Reloaded.rar
Pfad: C:\Users\ionloner\Downloads\Nero v9.4.26.0 Reloaded + Working Keymaker
Status: Virus gefunden
Virus: Win32:Malware-gen (Engine-B)
Objekt: Nero v9.4.26.0 Reloaded.exe\winsys.exe
In Archiv: C:\Users\ionloner\Downloads\Nero v9.4.26.0 Reloaded + Working Keymaker\Nero v9.4.26.0 Reloaded.rar
Status: Virus gefunden
Virus: Win32:Malware-gen (Engine-B)

– Archiv: Nero v9.4.26.0 Reloaded.exe
Pfad: C:\Users\ionloner\Downloads\Nero v9.4.26.0 Reloaded + Working Keymaker\Nero v9.4.26.0 Reloaded
Status: Virus gefunden
Virus: Win32:Malware-gen (Engine-B)
Objekt: winsys.exe
In Archiv: C:\Users\ionloner\Downloads\Nero v9.4.26.0 Reloaded + Working Keymaker\Nero v9.4.26.0 Reloaded\Nero v9.4.26.0 Reloaded.exe
Status: Virus gefunden
Virus: Win32:Malware-gen (Engine-B)

– Der Zugriff auf die folgenden Dateien wurde verweigert:
C:\Windows\bthservsdp.dat
C:\System Volume Information\{0a20337d-42ee-11df-957f-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{256b3a67-5d5a-11df-9a0e-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{261dc963-3874-11df-8d76-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{26afadad-4792-11df-b051-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{26afade6-4792-11df-b051-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{26afae2d-4792-11df-b051-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{3624fcb7-589c-11df-ad67-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{38e266c3-46cf-11df-a177-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{38e268f7-46cf-11df-a177-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{62680068-5cb9-11df-abae-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{726d6459-4e4d-11df-9536-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{973ce566-40e9-11df-b2f0-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{99f96382-49b8-11df-bb96-002433766ab6}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{b6ca0e5f-4156-11df-b90e-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{baab9023-5963-11df-bad7-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{c825ae33-5cf4-11df-aa6e-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{cdb10dc2-5cc1-11df-bd1c-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{d831a3d4-3ef7-11df-93cf-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{e6e721dd-55e3-11df-9850-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{e6e721e1-55e3-11df-9850-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{eb3e9800-5966-11df-b57a-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\System Volume Information\{fcaec9d0-3ddd-11df-aa38-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\02e79b21e3b4fa57bfd053c8bac88a50_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\030ecfe055c3755c17440e2c289f0742_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0345db3f5cc62d5395112d8251e9e503_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03fefbd82ff7bceddaaf669551bbdc97_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\05580fb288fa6ef2479f608798c04f6d_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\05a2b432772600aa5d3e9f5f5ce304dd_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\061bb72256d0f727e3ef1b22c57850b4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\074ac26539bc5ef6b2ba682ef44998d9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07a890e6fa46adf8866a83ab265be7da_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07b1c5f55e04e23a8089e7a1159c4334_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07b2a6e42683d165e6bda5b78952df66_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0888519d947c54ba7fce16a83ccb3472_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09394c505df6c1d1e3d6604e5631331f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0baadb79f140e7671f1c99301d0b36b8_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09db22bd55f6979d0af25e4376abc62e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0dd1f107a2674f443d77999e98348ad8_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0dd365257c636acd183bce85e7fd20af_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e03c703a3f1d54b80dc4d2387038348_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0f6154589cf077e0f0aa586bbddfd83d_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\10aa583c09a6833ff887c6f0ef4f9228_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1245dffb27bdef38a9937c295b2276fe_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12e95e7de0faf9078b8438bbdfe93984_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12c9d9a5be67852be1a2a5ba388531db_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\148359fba601204ec709e9bee821de44_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\175775e46d1a402e0d449de41d1cd1f7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\17f164eb5124efab42a8fc56694633bf_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\18eb025e06d30d708bf6a8d008bda56c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\190b8b57b8b988bd411e86403dcb6c05_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1a19c26baa3bd07e738094da4f6b1b39_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1a091ed8380613c5c3d468bb79e6d9a1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1a77f9957b8bb44fbed59174c3af4b74_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1b6e6aeaa0040f5ed8d5da136aa48fc1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1aa6aa4ec9ef1f7f9ecb948e31b6dcb7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1b7ec8a9d42d2bf3629ab0738fbbaa78_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1b8d94ed6c32317fb7a180d0e68bd4f7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1d09b4e7472d8a3b2cb8b232c9051200_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\21e9940102905a0431c3e374e68fcfaa_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\204481b1a77b0c78f84a7bb13d3ebc97_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\223af610e8f0c72766db17ceff5414dd_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\232a6f9df7b0c995c7a54386df6c8cdf_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2355e00100c531a7bac408edff2e22ae_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\25a040418ab342defb85f655ad534b18_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\29f7d3c637b310efa288012e5ca6bd45_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2aefe305f84a78a5711efd4814dd0eb7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a5c5e1863ecc6d78898b0d8486b3cf0_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d93615a8ea24cd42a62b1ac2691c3b7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2c56497a359f383e8ca1d3766becba01_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2ef0dbbd742b21a5f528357fab532cc1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\308670d25565bebf6f19995ab54e4452_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\32bcdc77a8117f8b060d37e4a527c1bd_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3441a4bd58aa23af0fbef9ec6da5da7d_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\349742e57f0ab2d98361338ed408e664_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\351d1d0cc3c644347be08e2a3b7deb29_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3551ffcab650ceab5506385ec68b2c2c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\35eef1fb6d9fc82b90917200846c3f12_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\35f9600185d2dd3672c280953089762c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\37a79866b3866562a11a4c6f01455542_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\36328d73441db6ebb79ea86965a654df_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3820fabad724abdf1068d33d82b7fc5e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\38cfafb942ffcef04700fd859ae76747_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\39330feaa2efd209127183e88bf81a24_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\39849f07ac53dd4669ac4c533f75df06_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3987952e89593b6ade810f4077aaf640_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3b078e1432af8a43c3928cfca4e4d4d1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3cafa187406df742eb8ab5479bfe4542_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3d78fb0e3cfae341c2935e35c6a96d0b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3dd59ed566e097c268e3709d8daa07da_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3df58f1726ae4f4b4e88a785175d46bb_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3e7eafb715e00559926636986af4117c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3f3abf4a706821c864d3274cdc1431b9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\402903aade98cac9ccb605e82a8ed173_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\433cdf4c38fad8e17ed77d0e53b8ca8c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\42d536f94a0a862c006fa553011fe2b5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\44d02de2d08fa1efdf49af943183e209_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\44f5468e61cbc917fc656b6170ec70f1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\45764064b989e05a9e95c5d32251d6df_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\466e485dcded1802eac76bbea8ef67e7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\46b922c60e4f7455ec623c0b4f5007f8_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\469ae4ac1e0c7f8ea2f90ab7a95e627b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\47b060a93272d9df21dcd3509494298b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\492ca2707cdec1541e703f2040f85ead_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\49c5a05d8a3f9f0b96022d01d043e31f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4d3865adb7338ed14f196aad29f81e77_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4dce8e58a19e418473361503bf7ae865_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4e29d3ab8c4233cdd3d675e777867cf0_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4fbc9f9fb985cf1b9fa17ec838b600c1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\51026ff0ad747a342fd4de2dc5723a4a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\51499014507615140577ae1841c7c9ee_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5224594d6554a9ad912db6bbb464768d_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\52393ded82e668ca5af8a62061bd7cdd_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\52e4c637fc874b084ae6cfa7a0dc4371_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\532c38305df6f345a6cb28749ac80437_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\537ec112976fff32c2ba3048cdcefa89_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5467f41219d1becd982a03ff6ed137cb_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\54ee22b9ca08f77389fda4d830fcae9e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5524b25564b236b51b1ab41ff47f534c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\55db3f18cfd314da9e133f535d291f27_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\56d633765a1ed3130a7871986cac6da6_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\56d9d790164a9de7e93f16c19ac83939_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5770008e71d6168272a2109ff5958fa7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5932f4d0326c673b3590a2b09183881b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\57de35005660fa4b38ec5f4533978543_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5948b5bedbc2c4909105663b802c8499_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5abb294b56b4c999329415410ab35ca7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5b53c3a2043a394bd73bd68ba1b1cf5f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c1bcb2b4dddc1f8436c2c93a437ef57_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5df56965bb591fd7429951bbccf32bc6_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5e7a5f685a2bb2965f3dcac4c476c897_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5eeaa81f230d8d8052f37a6d68e42d2a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5ee142a2726d32a0f0f305e3f67b453b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5eeee22e334afd5cfe5f97e3d5e762f1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5f7232c3938968f502719a6d8e3e5b09_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5f7b8ac4b45472282ace4403cfd3e5ca_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\620adc2c4c3e3a7360fdd7fa74f0d09b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\63a5e283d6367dd76f9ca668dbe037b2_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\657dfbe12e570012a4772a5146f2f16a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\67fbf8242d3ff6f33e82bc77d5eb2603_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6af9433ed31c5b30fc5c0e063d087ae7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d6a6822053d84dca65e1ca1f1d4a009_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6e7b7a9b95cd28a694651e4a117aa2ea_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6f2bdb2fb73e65f8b0f1c19205235173_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70251eed2c94c807dfdab687b391d5c4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6f9df112c3657d7f75eb146343b1458c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70664d08d3790754c90869e65613f673_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70e07f6dc6ead3af97b83c10e61ddea4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70f8a9a2dc833c3139064d854af04f31_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7112a264bf3b4560578f63e22438beaa_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\73b0228df8756c908a59c9738d97cadd_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\73bba28119dc7d3f413ffbd5b1dcecd2_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\74afbae5192f952f97bf2e37194a2259_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\751c1c4fb7e289499ca67740e351a9a9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\75429b4bec16fd0a8d65ee1480b5e0d5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76433555994b2d76c36f56d41ef50871_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\773814cca9670a95ef18e5e7f6d909f3_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\79540a31443aa3ca7a2c0eab21d4953b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\790035c2435f5686c5fa4225b4f60ff5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\79e8c6579b5859a29e1ccfe19a60e073_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7a83383e3c170b859e73773bd80f842a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7bb19e53d6272f2be01c8a5269889472_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7bee4e0877d06420c387fe45eeeb6352_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7d8a37c1e43750b9c55210759e0ee6c5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7e5600963d03c3df2dfbfeb9bee56a0f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8089ac81fd80fd56a90f4a37a0aa3a16_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\80b08af678b0a7afd12303482d82f8e8_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\823c38d8e17e69b9fc4433666b8e6cc0_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8317d557e8f60762a0769e533a0b2e5c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\841528944846589960783f529968b396_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\85c08b2ebfa2409174395a16b2494067_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\85d93cb1e14e6fbbbaeb952901af6138_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8619bfaa37dce489ccfad021633c3ed4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\85df7a5623af066f4f21de31613fb1b1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\864586065d2e122aa2e2fe7acc4f63f3_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8670c0c5f9eacc961c10d5c23c6b693e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\897d122873fd85dee12772a730ee9f2e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\89de8b824edec0993a03c89cf4073170_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b8c91c48b21b7f426a3b207f865c8ce_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8bc21f7c6497d793f6bc0c21b76b77e3_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8bf4e9a6fba83217809e23911d67e341_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8c95711a3d37416da687111e0f8bded6_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d20731599ed8500abab3e3adb535704_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d41425aee275cc829a25a01cf839a78_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d965d142d82ba0959263343afb688c3_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\911d8111e9c644d1e1ce1261e065c3c5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\916eb15e67045089e460540191260432_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9211f2f71bbb295e8dda0d18965489b5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9313fc527213e76ea2e3f49b05aa4d48_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\946e758fdfa9112d23dcac9f88b8366a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\94a88be861d0a8f8b50cf20f78145b93_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\94f8682c9d2f9078555a22e224a238cf_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\95c985d9bf2cbbb69be97b228a95e292_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9724d5371bbaad0c489b744d41a7c5b4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\972fe357bd0668ab9665bce6600ef37a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\97b6185dec0ac9fa4c33c7a7028bb139_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\97e9abf1bdde962ad5d2d9603c2c1415_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9983f0a442d5e3febbbb398724099cf6_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9b1428533aba67f23de6f6ae23a0e949_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f140a4aa2fcde315ba35219237e0484_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9b551568e0c3a72655f4c3d6369c7849_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f472ea51823cad251d9cd82b468a68a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f82af78f3e58a064c2157b4fde52f8b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a0047a27e1995b60ab8ac4b974bbdb1f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a07c06164bcd55a125f65eb690336091_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a0e96ec44d779514f7c28bf364cbb7d1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a0eaea84a9d6f54a8fda09f24ca907f8_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a1ba29d3ee62b408f3f6f91e195c1c0d_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a3e43af5bb5085eadd3c11d7befa3ca4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a3e95262771d72ee196352d69833d778_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a4e4864b175d3994f015f485ac63aae7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a5fa6f95d71e4b21d561edfccca90800_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a69314d20cad77e39573c8c036b60fc4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a6bb310b709de96f64eb84455a8693ee_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a7675fe710ae029d6b31b2ef332fa38f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a6dfa787e7e9a143d2a7c62d530af32a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aa8ddc6b15785109ef1e8973f016713a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aa99043171d85605f009c33e17514c99_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aaab9ee74d7e0e4baa356139d5e81056_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae3b9ff1509c50d4978d6619909ae639_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae7df7846d7e4acfb070e681def107d0_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae619d8d82be29508ac12ef801983586_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae9a98912fc0ff1cf7fca2452b8c44c2_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aeaf2a8531c5429b12472047477362f4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b04977ec47aa9f739101d2e6a010b446_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b1b68d7cabc2e5ce19d8b9589b54d284_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b05ac433c5605eedb7930cf0472963d7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b21f3a1c2e6356feb38e39c2fef07ff6_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b85024676e547ddcf5790c16cf544cec_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6d7cc01f6c3ec798c86f406b2062d5e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b8bedf680bb43ae6a9c36fee023a0b89_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b98c55a039544ba88ea651951c369771_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b9ebd0c580352922aa234ba714d8f7f3_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ba3463a4841b886215feb213b7e068a3_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ba6504ee635fd37b039e8f5339bdb8f9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ba616a192475ace7e03f5a9f14cd1041_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ba84ce7d2d3d1b50d384a18f10e7afa5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bac9eebbfc7796864283e233f4f1604b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bb88c241c1612c83b3859912e90ad5af_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bc0f940aba5ca7bb53182eb358b2038b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bca409afc2f2425c4b7b93beb7cca8b9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c04a8780d350b84050bb8f1bd085f6a9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c0b8ea240fd82d9594da499b35ccbd3b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c31217892cff52e4eefc71c90f4dc0ea_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c36981eec6cb9990f4824e85475cd30c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c433dd94512b2d29a8bdf5b2e9968ea9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c68e59d449fbdefbaa3c90ad65f71e6b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca242c968fd41895777efb0d4b31bd84_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c7967d68158e8596120a820d803c59fc_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\caba79b199c045579c30dc60de28a615_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cb92d2b07c5d1368ac086fe48e7bbf22_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cbf3ceee611208e2d208278f1c38997a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cc9878bbad6578c9519956eccd03f5d0_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ccb9fa58a0724a90a3b3439c49c799c3_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cdb703b4cf4637d555fd9503154b5cd7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ce1dc2aa1ccc398f37f0e9f42c9d5b35_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ce4845ba9da57992585d22259dbb6474_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cefda84f3c4b560cec5796854bc315e5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cf77d0e9a1b175d3d5cc05edf169489e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d035b98abd494115add13ae36c282f43_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d06c4a3ab81471dec8da2cbe49043479_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d1740132238264bb00901d62db8f8379_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d2dac2bb1e866e7969a5174e7a709069_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d1c7a17c2d52e4c89601812dac332cfe_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d300926d995cb66304d30683d366a029_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d4c8b3fd57be4da24cbb7c950f1ad6db_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dc71d964f617a9eec0c5081b1798a570_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dcc17e78cb7834663d6da8064deef6a7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dda25ea98e4ba7a47acd07ebab94c92d_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ddbd1cfdeaaf1fb42a4a027b306e034a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\de37600298f086c10bf0f78cabaecb52_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df5ad78b028b1de7cf4a6a7196ffbab6_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\de8aa63c99c15342d445d66494b9cb29_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df69339a475bdd668861a3c27437577c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e1432fcac86ba51f9d96e1deb04f576f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e1afe6dfe02be8abbff401fbf2916989_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e3923190e3eb3517ccf96c8d25ca296f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e4f62897fc1947ccccdf78201f4149ab_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e48ff4b585f5aaeaa794ee33783d0373_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e56127b48e305cc6b6b92ee4d97a915c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e65064556e6ffe5d6d696242b225fe29_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e65a5f1a3e29fd32ea728eaa5de742f6_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e69e594e09ed6ff272db1d4b4ae33e8c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e6b6f7d083d06354a68cecb043b8ef0f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e7b68481809de1e335d2a74b812143dc_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e801a2609c66f05998646ccac3a4be6e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e921a5b3c10d999cd7f0aba45b70debd_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ebbccc5f12a438959e64271ef043c007_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ebfd5d7526554f29a96f906b09c541de_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ec3f8e37631d3ae72c1ec91e64efaaee_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee92c65881292f7c96be09fb19c3ecec_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eebf3e440b35063191be32d6ae28aad9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f141e1b209b67a13e969f3cdf25e4bed_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f1fa2af2161768cb617a8c5764ae3e8f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f288f75873d721aa960fca1414cfeb4b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f2ef25215d6e4a9d5c0bc1dac851b56d_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f322f1564998a0cbd7dc14ec7381f89f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f33227dd8c33ae4b2a1e9f919d57b5aa_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f4d656deb1f402122993f58c8b312aee_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f5c5d3edbebc66782f75ff7d96849e75_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f6201f0bd6c10146abefe93f043dd993_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f6f45b031426d50d1882938276197738_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f726593fb6f8de7f3339e5b2c8de0dc8_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f796eb7203da48fa9ec81d8c48fadd75_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f8128e9d3fc6277e4eed4793135249ff_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f99c33f7072581a35ebd84b1e6b66e04_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb0d5991a674b785614af1e0562f14e2_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fbbd6b548d384e50b3bae555be96d4b2_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fd01358dfe6ecac8fcdde5e5c3976e33_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fdf7f10a4d6b8bdfb930accb59b98432_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fdcfb3470916d8f66f0f60cf617b203c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ff090e776e52f60e03ffb738efb74170_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ff1247ae9d9ad5cd3d27c061a0497802_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fffa9b2e273de7c036ecb8d596592d4e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0

+ Die folgenden Dateien sind Passwortgeschützt:
C:\Users\ionloner\Documents\Azureus Downloads\Lost S06E12 HDTV XviD-2HD\Lost S06E12 HDTV XviD-2HD.rar
C:\Users\ionloner\Downloads\www.torrent.to - Adobe Photoshop CS3 Extended-Version (Deutsch).rar

Alt 12.05.2010, 04:42   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HILFE bitte ich drehe durch !!!!!!!   .... Virus Rootkit Win32.TDSS.d - Standard

HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d



Zitat:
– Archiv: Nero v9.4.26.0 Reloaded.rar
Pfad: C:\Users\ionloner\Downloads\Nero v9.4.26.0 Reloaded + Working Keymaker
Status: Virus gefunden
Sry, aber hier hört der Spaß und auch der Support auf...

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.05.2010, 05:45   #10
ionloner
 
HILFE bitte ich drehe durch !!!!!!!   .... Virus Rootkit Win32.TDSS.d - Standard

HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d



Trotzdem vielen Dank Arne, du hast mir sehr geholfen.


Ps. Ich habe den besagten Ordner gelöscht und hoffe das jetzt alles gut ist..

Vielen Dank nochmal


Alt 12.05.2010, 05:55   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HILFE bitte ich drehe durch !!!!!!!   .... Virus Rootkit Win32.TDSS.d - Standard

HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d



Wenn das tatsächlich von Deinem Sohn stammt, solltest Du ihn mal gehörig auf die Finger kloppen
Wenn Ihr so einen Mist über Tauschbörsen auch noch mitverbreitet, habt Ihr schnell richtigen Ärger am Hals.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d
ahnung, analyse, antivir, brauche, brauche hilfe, gefunde, helft, leute, neu, online, probiert, rescue, rootkit, system, tool, virus, virus gefunden, was soll ich machen, win




Ähnliche Themen: HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d


  1. Rootkit, Bootkit, Rootkit.win32.tdss.ld4 - ich weiss nicht weiter..
    Log-Analyse und Auswertung - 18.03.2013 (1)
  2. Rootkit Win32.TDss eingefangen :( (Malware)
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (1)
  3. Rootkit.Win32.TDSS.mbr - Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 01.11.2010 (13)
  4. rootkit.win32.tdss, Automatisch erstellte Ordner in /temp, Virenmeldungen, etc.
    Log-Analyse und Auswertung - 22.06.2010 (1)
  5. HILFE! Rootkit.win32.tdss.d kann nicht gelöscht werden und friert alles ein!
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (1)
  6. Rootkit.Win32.TDSS.d lässt sich nicht entfernen!
    Plagegeister aller Art und deren Bekämpfung - 12.05.2010 (15)
  7. rootkit.win32.tdss.d
    Plagegeister aller Art und deren Bekämpfung - 30.04.2010 (2)
  8. Rootkit.Win32.TDSS.d - Komme nicht mehr weiter
    Plagegeister aller Art und deren Bekämpfung - 24.04.2010 (1)
  9. rootkit.win32.tdss.d
    Plagegeister aller Art und deren Bekämpfung - 21.04.2010 (1)
  10. Rootkit.Win32.TDSS.d
    Plagegeister aller Art und deren Bekämpfung - 15.04.2010 (28)
  11. Rootkit.Win32.TDSS.d - und Firefox friert ein
    Plagegeister aller Art und deren Bekämpfung - 04.03.2010 (18)
  12. Virus Rootkit.Win32.TDSS.a
    Plagegeister aller Art und deren Bekämpfung - 08.07.2009 (10)
  13. Rootkit.Win32.TDSS.a
    Plagegeister aller Art und deren Bekämpfung - 16.05.2009 (15)
  14. 090226-Rootkit.Win32.TDSS.gwh und Systemfehler
    Plagegeister aller Art und deren Bekämpfung - 12.03.2009 (1)
  15. Rootkit win32 tdss.tbq und anschliessende Probleme mit dem Browser
    Log-Analyse und Auswertung - 02.02.2009 (13)
  16. Rootkit.Win32.Agent.q....bitte hilfe!!!
    Plagegeister aller Art und deren Bekämpfung - 02.11.2005 (1)
  17. Ich drehe durch....
    Plagegeister aller Art und deren Bekämpfung - 14.01.2005 (2)

Zum Thema HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d - Hi Leute, bitte ich brauche Hilfe ich drehe bald noch durch von diesem Virus Rootkit Win32.TDSS.d. Ich habe schon viel probiert, mein Kaspaerov hat den Virus gefunden kann ihn aber - HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d...
Archiv
Du betrachtest: HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.