| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bluesreens und Systemprobleme durch Trojan.Agent/Gen-FrauderWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.09.2010, 21:00
| #1 |
 |  Bluesreens und Systemprobleme durch Trojan.Agent/Gen-Frauder Hallo, leider brauche ich mal wieder eure Hilfe. Seit ca. 3 Tagen haben wir beim Hochfahren des Laptops ständig "Bluesreens". Nach einigen Versuchen klappt es irgendwann, dass der Laptop hochgefahren ist, was wir jetzt reduzieren, bevor gar nichts mehr geht. Es kommen auch irgendwelche Windows-Fehlermeldungen, die ich noch nie gesehen habe (kann sie leider auch nicht wiedergeben) Unser Virenprogramm McAfee zeigt nichts an. Aber SUPERAntiSpyware hat mehrere Adware und einen Trojan.Agent/Gen-Frauder gefunden. Die Internetverdindung bekomme ich auch nicht immer gleich zustande und der Explorer schließt sich des öfteren wegen eines Fehlers, weswegen ich das ganze hier zum wiederholten Male schreiben muss *grrr* Alles in Allem funktioniert fast gar nichts mehr richtig. Ich hoffe ihr könnt mir helfen. Gruß Anne Hier der Malware-Report: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4717 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 29.09.2010 19:24:32 mbam-log-2010-09-29 (19-24-32).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 150932 Laufzeit: 10 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und hier die beiden Logdateien von ODL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.09.2010 19:50:56 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Anne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,48 Gb Total Space | 6,75 Gb Free Space | 6,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MARC-PC
Current User Name: Anne
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Anne\Desktop\OTL by Oldtimer.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.)
PRC - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
PRC - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
========== Modules (SafeList) ==========
MOD - C:\Users\Anne\Desktop\OTL by Oldtimer.exe (OldTimer Tools)
MOD - c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (mcmscsvc) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (McODS) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (MSSQL$VAIO_VEDB) SQL Server (VAIO_VEDB) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Anne\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (SiFilter) -- C:\Windows\system32\drivers\siwinacc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\system32\drivers\siremfil.sys (Silicon Image, Inc.)
DRV - (SI3132) -- C:\Windows\system32\DRIVERS\SI3132.sys (Silicon Image, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\TosRfhid.sys (TOSHIBA Corporation.)
DRV - (SonyImgF) -- C:\Windows\System32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.07.03 20:33:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.29 21:49:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.27 12:19:35 | 000,000,000 | ---D | M]
[2008.08.19 16:43:16 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\mozilla\Extensions
[2010.09.27 10:24:20 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\mozilla\Firefox\Profiles\qc82bxfd.default\extensions
[2009.09.06 15:12:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anne\AppData\Roaming\mozilla\Firefox\Profiles\qc82bxfd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.24 16:25:09 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\FireFox\Profiles\qc82bxfd.default\searchplugins\icqplugin-1.xml
[2009.12.09 23:19:09 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\FireFox\Profiles\qc82bxfd.default\searchplugins\icqplugin-2.xml
[2010.01.11 20:41:41 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\FireFox\Profiles\qc82bxfd.default\searchplugins\icqplugin-3.xml
[2010.01.13 20:22:34 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\FireFox\Profiles\qc82bxfd.default\searchplugins\icqplugin-4.xml
[2010.02.25 19:07:45 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\FireFox\Profiles\qc82bxfd.default\searchplugins\icqplugin-5.xml
[2010.05.29 21:49:42 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\FireFox\Profiles\qc82bxfd.default\searchplugins\icqplugin-6.xml
[2010.05.30 19:17:10 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\FireFox\Profiles\qc82bxfd.default\searchplugins\icqplugin-7.xml
[2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\FireFox\Profiles\qc82bxfd.default\searchplugins\icqplugin.xml
[2010.05.21 17:20:38 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.10.30 17:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.21 17:20:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.21 17:20:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.02 18:23:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.12.02 18:23:12 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.12.02 18:23:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.12.02 18:23:13 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.12.02 18:23:13 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.05.12 23:37:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.74.11 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6729dedc-86d1-11df-bdbf-ea42bbaaf3ca}\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.09.29 19:17:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL by Oldtimer.exe
[2010.09.29 16:36:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.26 18:21:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010.09.26 18:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010.09.26 18:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.09.26 18:21:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022
[2010.09.26 18:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.09.26 18:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010.09.24 16:30:20 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010.09.24 16:28:59 | 000,000,000 | ---D | C] -- C:\Tivola
[2010.09.15 17:56:33 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
========== Files - Modified Within 30 Days ==========
[2010.09.29 19:50:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{15A120CC-DE56-4CA8-A7F1-B6A324B7FAC3}.job
[2010.09.29 19:49:43 | 003,145,728 | -HS- | M] () -- C:\Users\Anne\ntuser.dat
[2010.09.29 19:17:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL by Oldtimer.exe
[2010.09.29 18:37:38 | 000,005,789 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010.09.29 18:03:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.29 18:02:59 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.09.29 18:02:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.29 18:02:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.29 18:02:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.29 18:01:52 | 185,009,911 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.09.29 14:21:39 | 000,524,288 | -HS- | M] () -- C:\Users\Anne\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.29 14:21:39 | 000,065,536 | -HS- | M] () -- C:\Users\Anne\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.29 00:23:21 | 002,198,337 | -H-- | M] () -- C:\Users\Anne\AppData\Local\IconCache.db
[2010.09.29 00:21:08 | 000,039,936 | ---- | M] () -- C:\Users\Anne\Desktop\Wochenenddienstplan_Gr.2-2011.xls
[2010.09.28 19:10:50 | 000,000,846 | ---- | M] () -- C:\Users\Anne\Desktop\CCleaner.lnk
[2010.09.27 19:47:11 | 001,720,004 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.27 19:47:11 | 000,732,836 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.27 19:47:11 | 000,682,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.27 19:47:11 | 000,170,910 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.27 19:47:11 | 000,138,830 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.27 12:19:35 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.09.26 20:01:41 | 000,000,472 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Anne.job
[2010.09.26 18:21:36 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010.09.26 18:21:27 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010.09.26 13:08:35 | 000,001,430 | ---- | M] () -- C:\Users\Anne\Desktop\DivX Movies.lnk
[2010.09.26 13:07:20 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.09.24 16:30:20 | 000,000,736 | ---- | M] () -- C:\Users\Anne\Desktop\Abenteuer Stadt.lnk
[2010.09.22 14:04:57 | 000,002,032 | ---- | M] () -- C:\Users\Anne\AppData\Local\d3d9caps.dat
[2010.09.18 10:10:59 | 001,325,716 | ---- | M] () -- C:\Users\Anne\Desktop\Einführung Tauchen.pdf
[2010.09.15 13:26:01 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010.09.05 12:35:22 | 000,022,528 | ---- | M] () -- C:\Users\Anne\Desktop\Handyrechnung Mutter.xls
[2010.09.01 08:48:54 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
========== Files Created - No Company Name ==========
[2010.09.29 00:21:06 | 000,039,936 | ---- | C] () -- C:\Users\Anne\Desktop\Wochenenddienstplan_Gr.2-2011.xls
[2010.09.28 23:48:45 | 185,009,911 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.09.27 02:31:39 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.09.26 18:21:39 | 000,000,472 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Anne.job
[2010.09.26 18:21:35 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010.09.26 18:21:27 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010.09.26 13:07:20 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.09.24 16:30:20 | 000,000,736 | ---- | C] () -- C:\Users\Anne\Desktop\Abenteuer Stadt.lnk
[2010.09.18 10:11:15 | 001,325,716 | ---- | C] () -- C:\Users\Anne\Desktop\Einführung Tauchen.pdf
[2010.09.05 11:01:06 | 000,022,528 | ---- | C] () -- C:\Users\Anne\Desktop\Handyrechnung Mutter.xls
[2010.05.12 13:26:11 | 000,000,625 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009.08.04 23:25:07 | 000,000,552 | ---- | C] () -- C:\Users\Anne\AppData\Local\d3d8caps.dat
[2009.07.10 11:56:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.02.26 22:36:43 | 000,006,314 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.12.02 22:30:34 | 000,000,092 | ---- | C] () -- C:\Users\Anne\AppData\Local\fusioncache.dat
[2008.07.03 23:30:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2008.07.03 23:30:57 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2008.07.03 23:30:57 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008.07.03 23:30:57 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2007.12.20 18:46:49 | 000,022,328 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\PnkBstrK.sys
[2007.10.20 15:29:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007.09.21 20:04:31 | 000,007,886 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\wklnhst.dat
[2007.09.01 19:55:34 | 000,090,624 | ---- | C] () -- C:\Users\Anne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.29 19:58:13 | 000,002,032 | ---- | C] () -- C:\Users\Anne\AppData\Local\d3d9caps.dat
[2007.06.19 09:59:36 | 000,070,400 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007.04.20 08:57:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.12.22 21:59:14 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2006.12.22 21:48:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2006.12.22 21:44:18 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2006.12.22 21:38:51 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2006.12.01 10:24:02 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2006.11.09 11:42:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.08 16:02:38 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.11.08 16:02:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.31 18:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.08.10 16:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2005.07.22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2004.12.20 11:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004.12.20 11:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[1999.01.22 20:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2008.11.10 22:53:51 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Alawar
[2009.01.27 12:49:14 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Atari
[2009.05.11 19:40:44 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\CoSoSys
[2010.09.29 17:01:54 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\ICQ
[2007.10.24 21:29:23 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\ICQ Toolbar
[2007.09.30 17:35:16 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\ICQLite
[2010.01.05 01:25:13 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Image Zone Express
[2008.10.03 17:22:58 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\InterVideo
[2009.11.28 20:53:48 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\LG Electronics
[2008.04.11 11:36:00 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Opera
[2009.07.17 19:51:57 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Printer Info Cache
[2008.11.10 20:59:26 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\PTV Game
[2010.05.25 11:36:08 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\SumatraPDF
[2010.09.12 16:42:11 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\temp
[2007.09.21 20:05:05 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Template
[2009.01.12 15:27:19 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Wildlife Park 2
[2010.09.15 13:26:01 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010.09.01 08:48:54 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010.09.29 14:21:41 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.09.29 19:50:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{15A120CC-DE56-4CA8-A7F1-B6A324B7FAC3}.job
========== Purity Check ==========
< End of report >
OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.09.2010 19:50:56 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Anne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,48 Gb Total Space | 6,75 Gb Free Space | 6,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MARC-PC
Current User Name: Anne
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0141EDB0-F960-4172-8804-B45B3A232AF7}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{1F2BCF97-3B63-43ED-A967-45E7B3EB1A79}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{206F1429-4A88-4892-8AFD-4F55A879F9E3}" = rport=445 | protocol=6 | dir=out | app=system |
"{2CA950DA-D07A-401B-94B1-00971756F81D}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{2FE04B2E-8852-468C-B196-A1C2C1F8738E}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{41A9ED02-183F-413A-863A-C3FD2CF56199}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{43C67D2C-93F6-45CB-AD6B-679557A0A4B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{4631936B-86E4-4874-AD7E-08AA514BE214}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{47228324-D5D5-46F6-B118-B5A112BD19A4}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{5140A2D5-B875-4204-8861-9C6A5FA737F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D4009C5-2E18-43FA-BD3D-7A5C3BAC3285}" = lport=2869 | protocol=6 | dir=in | app=system |
"{651D9F11-EACB-4F6F-8E4E-84BA9D0D479D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71ECEB4B-8BA8-40A3-8A43-877EA060EA23}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D6F06F9-D075-4B3C-BE10-EE161FB43399}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{8F0BD98C-19AA-4128-933D-9F2C5B9D914C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{94F08B2E-5D5B-409B-8834-E453152D6231}" = lport=2869 | protocol=6 | dir=in | app=system |
"{959313ED-3B20-4DBD-B96C-8CBE72353C98}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9895AE91-A12D-4333-8BC4-DAA499F0786B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A729F6A6-4818-4E52-B291-234775EDF72E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B0B5536D-07C2-4495-8310-87F4784B286F}" = rport=139 | protocol=6 | dir=out | app=system |
"{B451B642-36C0-4958-88DB-AFCCFC76AA1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD16ADA6-DC8C-4F77-8412-CA6B38BE7B31}" = lport=445 | protocol=6 | dir=in | app=system |
"{CCC25534-C0E3-4932-8591-8C0F9072C4D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CDE06401-43F0-40F0-AED9-61C59149F50A}" = lport=138 | protocol=17 | dir=in | app=system |
"{CE0A00FB-87ED-4D89-95B2-1B5061A30643}" = lport=137 | protocol=17 | dir=in | app=system |
"{D03BB095-81B4-479D-8C53-F125BB48DFC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E6661A68-D8EB-451A-9377-649D59423F63}" = rport=138 | protocol=17 | dir=out | app=system |
"{E7E650D8-8902-4DF3-97D4-EEE95B7FB120}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{E8F328FB-DD77-4A9E-9FA7-E0EFC9F4AF39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB6E9ED1-027A-47A3-9ABF-876F3B03C16C}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DF6CFA-40D9-4F6E-812E-244ADD190DBA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{01F765A1-51AC-4FE2-B4D6-82B9F796A45A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0934A995-5E1D-40C5-8C76-F57662C645B3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0C1A4BFC-9245-4B8C-8BBC-62F0B881B795}" = protocol=6 | dir=out | app=system |
"{12FED8DC-4327-4852-90A9-6C030F1C8076}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1BE306BD-B0AF-4FE8-9AB4-B91672B9C59A}" = protocol=6 | dir=in | app=k:\spiele\unrealengine3\binaries\moha.exe |
"{1DE5A667-C9B2-42D1-899E-B9EF26285B35}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1E4543BB-B0D4-4EF2-8F3A-F6C2CAA1337E}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F1B7C13-3500-4A57-83E7-22258EF223CB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{21BA97E3-3912-4B1A-BC8F-95E869F7BA48}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{2D6EE771-09AB-418C-A907-213BABBCADF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{38977865-B776-4C23-8F96-916D5FF2022F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{38B3FCB6-8660-47CB-A596-F6F8C5DD2FFB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3AF93B63-2332-4DBA-8179-189AA9B6883C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{3F151DB8-CB22-42F4-A71C-5D0CEB191CE5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{42CC82C8-2E6B-40BC-9F80-6950136DBDAB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{466FB82E-8856-43EC-AD4F-9566F31A6C50}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{470617E8-BBC3-43B2-97AD-D70B94D51ECE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\silent hill homecoming\bin\silenthill.exe |
"{47DA29F6-350E-4B10-87F8-33A543052EA0}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{4BC438A4-EBE2-4DDA-934E-AA101BF0EBD1}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{4DF8AE98-2C7B-4264-94C3-702485656403}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{528473FB-D777-470F-97E0-18DE3EB034CA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\silent hill homecoming\bin\silenthill.exe |
"{56EC9C8F-DDA4-43F5-BFFD-B179C45BCDCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{660673FA-7965-4957-BA4A-EFD96BC6C499}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{66D6A128-2489-401E-8DA4-5AD9F4FBA5CA}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{68F548E5-FE33-4889-BB29-DE409C695386}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6E2FA903-96EC-4C86-AACE-D47569627ADE}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{719B336D-4A89-4DC1-AE97-D503B6CBB8CA}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{72B391EA-350C-4AF4-84CE-E067857BB4D5}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{7BC495E8-9028-46B3-BEA4-C094F1AB9B2D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{7DC6A0BE-92C8-4C2A-B988-766BEA24E577}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8774E354-9337-4169-AEE6-9E0ED2EB756A}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{89F67C38-4681-4EA9-8B2D-394F76E63B6B}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{8EA2BA9A-EEE5-4838-9856-E76823E77204}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8F1390D7-20DD-4F71-A31C-95FF949E0031}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FAD7E95-34F5-40E9-B2B1-D13E708B14D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{965EC27F-A33D-4944-9635-B90D07FF64D3}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{96CE558F-7A8F-4ED4-A8F1-5888117ECBB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9D27720D-A072-4C83-A49D-4F85F39F05C0}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{A5F0F7A4-760A-4B1E-93EB-7C1E0A749692}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A60A0443-36D7-4E5D-B6B4-794CFC8ADE2E}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{ABBF4276-7C41-4245-8DBA-9FD3DFFC7355}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{AD9CE05B-8592-4136-9CEC-56D760E64749}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{B1F9FA6E-E0F1-45E4-A772-E18DCD96E036}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B4C26E50-97F8-422C-B368-8B3A24A7E349}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5AC7D36-CDC4-4A87-AE35-C03F49F42D6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B76C387E-F4CF-4559-80C9-09C892FFCB7D}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{CF63EF43-9E90-451A-A6E4-08B4A51E04A0}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{D26C2798-68E4-410F-BC60-C1CA77A11255}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E32F4DD7-F9EF-43C8-900F-B00F87733314}" = protocol=6 | dir=out | app=system |
"{E7E34E0E-74DC-4621-B066-7E15046B796E}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{EA746E8A-D78F-46AD-BB88-A98E2EB525C1}" = protocol=17 | dir=in | app=k:\spiele\unrealengine3\binaries\moha.exe |
"{F30C496E-16AA-401D-BDAA-7367B6CF0852}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{FAC39D9D-26A3-4B42-9251-EDCE7B23E862}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{FD7BA1F4-65E2-42D8-B3E6-C22511F02535}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"TCP Query User{08F15A51-F56B-4806-9750-7C5A00915B2A}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{0F82C4F6-5137-4678-9C2E-9C475C6E7698}C:\gamigo games\smash online\smashonline.exe" = protocol=6 | dir=in | app=c:\gamigo games\smash online\smashonline.exe |
"TCP Query User{3C9CB928-5274-4B86-918D-F121F30957C2}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"TCP Query User{41F8FF9A-E754-4197-A181-07C122107456}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4B71AA99-3C8A-4C25-9417-754C4888EBD9}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"TCP Query User{4E9E2498-84A8-4EA8-BA51-82FE9EFFC4AD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{85D0BB6C-00A7-4157-8D74-1B30BA151771}C:\gamigo games\smash online\smashonline.exe" = protocol=6 | dir=in | app=c:\gamigo games\smash online\smashonline.exe |
"TCP Query User{9BD2CAB1-D359-4228-BF86-C886C6FD7165}C:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"TCP Query User{A1E0452E-A800-4479-A94B-FD5A994DEBB8}K:\spiele marc\mohpa.exe" = protocol=6 | dir=in | app=k:\spiele marc\mohpa.exe |
"TCP Query User{A69C32EA-7AE5-49B1-97B4-4D462B5ADA56}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{D12E3683-DABF-47AB-AD67-B5B12B1FBF95}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D1F18FD1-22AE-4A35-9C09-172266AB94E0}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{E2903D0C-9A2E-45B1-AD5A-DF7C7D848E42}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{FF51C641-9D11-4490-B4D0-0630AB0AA7B2}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{131D1105-E9E5-4B7B-825C-5DA043D0BAB8}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{2BEEB9F6-7898-4305-BAB2-1C5400053AE4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{43F61BBF-0EF3-44CE-A262-2EAF0BF574EA}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{50B42948-025E-4794-A238-8E6C4348DAC9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{598AF476-F7DE-4033-BED4-F71BB3B5B5BB}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{69305D07-EB96-471F-A7EC-31CCF0F58B9A}K:\spiele marc\mohpa.exe" = protocol=17 | dir=in | app=k:\spiele marc\mohpa.exe |
"UDP Query User{7154165B-8E16-4943-AE3D-CAD7B4640C0D}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"UDP Query User{A3972A2E-8CE7-4FEE-A610-B52032A1B841}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{AADBEFA2-8B0E-4285-B024-457FDBF5DB4D}C:\gamigo games\smash online\smashonline.exe" = protocol=17 | dir=in | app=c:\gamigo games\smash online\smashonline.exe |
"UDP Query User{AB630CDF-AF47-442E-8274-21599DF66D78}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"UDP Query User{B2A25010-496A-4DBC-BBDD-E48F167AF2DB}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{D4D94143-6833-4913-BB63-6DAF72A59827}C:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"UDP Query User{DD79E6BA-B979-46A6-B44C-6B6A2259DE43}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{E0855FDB-5ADA-48BC-8537-8D9F47C8B927}C:\gamigo games\smash online\smashonline.exe" = protocol=17 | dir=in | app=c:\gamigo games\smash online\smashonline.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D410F4D-9009-43F8-9DF1-BDADCE7FC43F}" = AAVUpdateManager
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{17C7703E-0B2A-4593-9CB7-E2FE14B6F8EA}" = Sony Snymsico for Vista
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{23DD6DAA-DDEF-41F5-A527-CECF07FA2CAF}" = 1500
"{24960AC2-C413-4A86-B1C1-E4CCADCA44D3}" = VAIO Information FLOW
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D79DB6E-73DA-46C9-B8FA-DAE52108246F}" = OpenMG Secure Module 4.6.01
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F0F82CF-F03A-4681-8606-C4FB3AE30E3A}" = Adobe Photoshop Elements 5.0.2 Patcher
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" =
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" =
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault(tm) Spearhead
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{97260AE9-A1EE-492E-8DCC-FD0AFF785720}" =
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.4 - Deutsch
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C183A21C-395A-490F-99D4-CCAB35E32859}" =
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2B38044-AEF2-40AF-BDD8-FEDE799A8633}" =
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"CCleaner" = CCleaner
"City" = Abenteuer Stadt
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"FHMcomCharMarsh_scenes" = FHMcomCharMarsh_scenes Screen Saver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{3D79DB6E-73DA-46C9-B8FA-DAE52108246F}" = OpenMG Secure Module 4.6.01
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSC" = McAfee SecurityCenter
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"PROSet" = Intel(R) PRO Network Connections Drivers
"Skype_is1" = Skype 2.5
"Steam App 19000" = Silent Hill Homecoming
"Steuer-Spar-Erklärung 2008 deinstallieren" = Steuer-Spar-Erklärung 2008
"SumatraPDF" = SumatraPDF
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"XviD_is1" = XviD MPEG-4 Video Codec
"Zulu" = Zulu DJ Software
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.09.2010 08:25:08 | Computer Name = Marc-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 2b8 Anfangszeit: 01cb5fd1052b8fcf Zeitpunkt
der Beendigung: 17
Error - 29.09.2010 08:25:15 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mobsync.exe, Version 6.0.6001.18000, Zeitstempel
0x47918e41, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000374, Fehleroffset 0x000afaf8, Prozess-ID 0x120, Anwendungsstartzeit
01cb5fd15e884d1f.
Error - 29.09.2010 08:26:38 | Computer Name = Marc-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: ae8 Anfangszeit: 01cb5fd1806287cf Zeitpunkt
der Beendigung: 12
Error - 29.09.2010 12:03:20 | Computer Name = Marc-PC | Source = McLogEvent | ID = 5022
Description = Initialisierung des MCSCAN32-Moduls ist fehlgeschlagen. Das Modul hat
folgenden Fehler ausgegeben: 8
Error - 29.09.2010 12:08:19 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_Dnscache, Version 6.0.6001.18000,
Zeitstempel 0x47918b89, fehlerhaftes Modul VSSAPI.DLL, Version 6.0.6002.18005,
Zeitstempel 0x49e0380a, Ausnahmecode 0xc0000005, Fehleroffset 0x0007504a, Prozess-ID
0x62c, Anwendungsstartzeit 01cb5fefbf82a727.
Error - 29.09.2010 12:41:06 | Computer Name = Marc-PC | Source = McLogEvent | ID = 5022
Description = Initialisierung des MCSCAN32-Moduls ist fehlgeschlagen. Das Modul hat
folgenden Fehler ausgegeben: 8
Error - 29.09.2010 12:41:09 | Computer Name = Marc-PC | Source = McLogEvent | ID = 5022
Description = Initialisierung des MCSCAN32-Moduls ist fehlgeschlagen. Das Modul hat
folgenden Fehler ausgegeben: 8
Error - 29.09.2010 12:57:48 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18943, Zeitstempel
0x4c25813d, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18943, Zeitstempel
0x4c259878, Ausnahmecode 0xc0000096, Fehleroffset 0x001d2013, Prozess-ID 0x1234,
Anwendungsstartzeit 01cb5ff5b956a5fc.
Error - 29.09.2010 12:57:59 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18943, Zeitstempel
0x4c25813d, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18943, Zeitstempel
0x4c259878, Ausnahmecode 0xc0000005, Fehleroffset 0x001d2014, Prozess-ID 0x1644,
Anwendungsstartzeit 01cb5ff777506aec.
Error - 29.09.2010 13:12:57 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18943, Zeitstempel
0x4c25813d, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18943, Zeitstempel
0x4c259878, Ausnahmecode 0xc0000005, Fehleroffset 0x000f94dd, Prozess-ID 0xfe4, Anwendungsstartzeit
01cb5ff56741c51c.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
30.09.2010, 18:36
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bluesreens und Systemprobleme durch Trojan.Agent/Gen-FrauderZitat:
__________________ |
|
01.10.2010, 16:50
| #3 |
| | Bluesreens und Systemprobleme durch Trojan.Agent/Gen-Frauder Oh sorry, das habe ich vergessen...
__________________hier die letzten 2 Logs (Ergebnisse sind unterschiedlich) Gruß Anne SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 09/27/2010 at 10:24 PM Application Version : 4.43.1000 Core Rules Database Version : 5587 Trace Rules Database Version: 3399 Scan type : Complete Scan Total Scan Time : 02:14:22 Memory items scanned : 812 Memory threats detected : 0 Registry items scanned : 10463 Registry threats detected : 0 File items scanned : 149615 File threats detected : 5 Adware.Tracking Cookie C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@doubleclick[2].txt C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@sevenoneintermedia.112.2o7[2].txt C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@atwola[2].txt Trojan.Agent/Gen-Frauder C:\PROGRAMDATA\SONY\MYCLUBVAIO\STARTREG.EXE C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\REGISTRIEREN SIE IHREN VAIO.LNK SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 09/29/2010 at 05:30 PM Application Version : 4.43.1000 Core Rules Database Version : 5601 Trace Rules Database Version: 3413 Scan type : Complete Scan Total Scan Time : 02:23:50 Memory items scanned : 791 Memory threats detected : 0 Registry items scanned : 10463 Registry threats detected : 0 File items scanned : 145076 File threats detected : 5 Adware.Tracking Cookie C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ad.yieldmanager[4].txt C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@doubleclick[2].txt C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@sevenoneintermedia.112.2o7[2].txt C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@atwola[2].txt C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@content.yieldmanager[1].txt |
|
01.10.2010, 18:58
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bluesreens und Systemprobleme durch Trojan.Agent/Gen-FrauderZitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.10.2010, 17:22
| #5 |
| | Bluesreens und Systemprobleme durch Trojan.Agent/Gen-Frauder So, hier der Log von Malwarebytes. Gruß Anne Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4733 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 02.10.2010 14:11:16 mbam-log-2010-10-02 (14-11-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 294020 Laufzeit: 1 Stunde(n), 54 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
03.10.2010, 13:22
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bluesreens und Systemprobleme durch Trojan.Agent/Gen-Frauder Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6729dedc-86d1-11df-bdbf-ea42bbaaf3ca}\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe -- File not found
[2007.09.01 19:55:34 | 000,090,624 | ---- | C] () -- C:\Users\Anne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.26 18:21:39 | 000,000,472 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Anne.job
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Bluesreens und Systemprobleme durch Trojan.Agent/Gen-Frauder |
|
03.10.2010, 14:41
| #7 |
| | Bluesreens und Systemprobleme durch Trojan.Agent/Gen-Frauder Hallo, hier der Logfile. Gruß Anne All processes killed ========== OTL ========== Prefs.js: "Secure Search" removed from browser.search.defaultenginename Prefs.js: "ICQ Search" removed from browser.search.selectedEngine Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6729dedc-86d1-11df-bdbf-ea42bbaaf3ca}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6729dedc-86d1-11df-bdbf-ea42bbaaf3ca}\ not found. File G:\Get_Started_for_Win.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. File G:\Get_Started_for_Win.exe not found. C:\Users\Anne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. C:\Windows\Tasks\Norton Security Scan for Anne.job moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Anne ->Temp folder emptied: 6281194 bytes ->Temporary Internet Files folder emptied: 22024330 bytes ->Java cache emptied: 12129553 bytes ->FireFox cache emptied: 42083280 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 1485 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User User: Marc ->Temp folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 97371220 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 172,00 mb OTL by OldTimer - Version 3.2.14.1 log created on 10032010_153208 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\JET333F.tmp not found! File\Folder C:\Windows\temp\mcafee_qoVQ0bzv4IlD5Be not found! File\Folder C:\Windows\temp\mcmsc_6S3nuFBkQdfEJ8Z not found! File\Folder C:\Windows\temp\mcmsc_bgG6GvWuAdPuLJb not found! File\Folder C:\Windows\temp\sqlite_59YqEPqiAOgJr3D not found! File\Folder C:\Windows\temp\sqlite_9KELLxes1vCtPsP not found! File\Folder C:\Windows\temp\sqlite_bemWxzkpSv7hk3y not found! File\Folder C:\Windows\temp\sqlite_C6ZKA7FwwZhdffV not found! Registry entries deleted on Reboot... |
|
03.10.2010, 15:05
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bluesreens und Systemprobleme durch Trojan.Agent/Gen-Frauder Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.10.2010, 19:29
| #9 |
| | Bluesreens und Systemprobleme durch Trojan.Agent/Gen-Frauder Guten Abend, nach einigen Versuchen hat es endlich funktionert. Hier das Ergebnis von Combofix: Gruß Anne Combofix Logfile: Code:
ATTFilter ComboFix 10-10-02.02 - Anne 03.10.2010 20:03:51.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2045.1380 [GMT 2:00]
ausgeführt von:: c:\users\Anne\Desktop\cofi.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows-Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-03 bis 2010-10-03 ))))))))))))))))))))))))))))))
.
2010-10-03 18:16 . 2010-10-03 18:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-03 18:16 . 2010-10-03 18:16 -------- d-----w- c:\users\Marc\AppData\Local\temp
2010-10-03 18:16 . 2010-10-03 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-01 12:10 . 2010-10-01 12:10 -------- d-----w- C:\found.000
2010-09-29 14:36 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-26 16:21 . 2010-09-26 16:21 -------- d-----w- c:\programdata\Norton
2010-09-26 16:21 . 2010-09-26 16:21 -------- d-----w- c:\windows\system32\drivers\NSS
2010-09-26 16:21 . 2010-09-26 16:21 -------- d-----w- c:\program files\Norton Security Scan
2010-09-26 16:21 . 2010-09-26 16:21 -------- d-----w- c:\programdata\NortonInstaller
2010-09-26 16:21 . 2010-09-26 16:21 -------- d-----w- c:\program files\NortonInstaller
2010-09-26 11:08 . 2010-09-26 11:06 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-09-26 11:08 . 2010-09-26 11:08 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-26 11:08 . 2010-09-26 11:08 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-09-26 11:07 . 2010-09-26 11:07 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-09-26 11:07 . 2010-09-26 11:07 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-09-26 11:06 . 2010-09-26 11:06 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-09-26 11:06 . 2010-09-26 11:06 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-24 14:28 . 2010-09-24 14:28 -------- d-----w- C:\Tivola
2010-09-15 15:56 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 15:56 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 15:56 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 15:55 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 13:03 . 2010-05-17 19:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-01 12:32 . 2010-05-17 19:12 63488 ----a-w- c:\users\Anne\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-10-01 12:32 . 2010-05-17 19:12 117760 ----a-w- c:\users\Anne\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-30 03:01 . 2008-03-17 15:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-29 15:01 . 2007-09-30 15:39 -------- d-----w- c:\users\Anne\AppData\Roaming\ICQ
2010-09-28 17:10 . 2010-05-11 16:58 -------- d-----w- c:\program files\CCleaner
2010-09-27 17:47 . 2006-11-02 15:33 732836 ----a-w- c:\windows\system32\perfh007.dat
2010-09-27 17:47 . 2006-11-02 15:33 170910 ----a-w- c:\windows\system32\perfc007.dat
2010-09-27 00:31 . 2006-12-01 08:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-26 16:21 . 2006-12-01 08:36 -------- d-----w- c:\programdata\Symantec
2010-09-26 11:08 . 2010-05-21 15:10 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-26 11:08 . 2010-05-21 15:06 -------- d-----w- c:\programdata\DivX
2010-09-26 11:08 . 2008-06-06 06:21 -------- d-----w- c:\program files\DivX
2010-09-26 11:06 . 2010-05-21 15:10 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-09-26 11:06 . 2010-05-21 15:10 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-09-22 12:04 . 2007-08-29 17:58 2032 ----a-w- c:\users\Anne\AppData\Local\d3d9caps.dat
2010-09-15 16:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-24 10:51 . 2010-04-22 18:06 -------- d-----w- c:\program files\ICQ7.1
2010-07-15 13:18 . 2007-09-28 23:00 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-03 2424560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-09-11 118784]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2006-11-14 411768]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\progra~1\mcafee\mshr\ShrCL.EXE" [2009-09-25 113168]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-11-25 2134016]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 09:36 73728 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-07-09 67656]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-10-27 72704]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-10-27 43904]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-09-06 30976]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-11-06 227328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 10:22]
2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 10:22]
2010-10-03 c:\windows\Tasks\User_Feed_Synchronization-{15A120CC-DE56-4CA8-A7F1-B6A324B7FAC3}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aol.de/
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\qc82bxfd.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-03 20:16
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2055621991-1177287905-3800235295-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,08,1d,d1,72,76,8c,79,b5,06,78,3a,4b,40,81,44,63,25,ea,62,ae,ae,a8,
fe,21,d6,75,c2,be,5c,db,07,3e,ec,12,6f,ff,39,32,7d,78,7a,0d,23,a9,df,b1,80,\
"??"=hex:40,16,69,9d,64,16,5c,28,d9,b2,d5,15,4b,f7,7e,f6
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(4212)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
Zeit der Fertigstellung: 2010-10-03 20:23:18
ComboFix-quarantined-files.txt 2010-10-03 18:23
ComboFix2.txt 2010-05-15 08:15
Vor Suchlauf: 8.929.783.808 Bytes frei
Nach Suchlauf: 8.588.955.648 Bytes frei
- - End Of File - - A83CA0B2CAE20C3FFAB5CC209BA0D084
|
|
04.10.2010, 07:38
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bluesreens und Systemprobleme durch Trojan.Agent/Gen-Frauder Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Downloade Dir anschließend bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.10.2010, 19:11
| #11 |
| | Bluesreens und Systemprobleme durch Trojan.Agent/Gen-Frauder Hallo, ich habe mir GMER und OSAM runtergeladen. Wollte mal mit OSAM anfangen, hab die Datei wie beschrieben entpackt und osam.exe gestartet. Nach knapp 10 sec. kam von McAfee eine Meldung, dass er einen New Win 32 (Virus) erkannt hat (isoliert aus: C:\Users.....tmp\osam.exe) und dieses OSAM-Fenster hat sich geschlossen. Hab die OSAM-Datei gelöscht und es nochmal versucht, leider ist das gleiche wieder passiert. Was nun? Gruß Anne |
|
04.10.2010, 19:31
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bluesreens und Systemprobleme durch Trojan.Agent/Gen-Frauder McAfee hat darin immer noch den Fehlalarm. Ich hab den schon vor einigen Wochen gemeldetm aber irgendwie passiert da nix   McAfee vor der Ausführung von OSAM deaktivieren. Notfalls deinstallierst Du McAfee!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.10.2010, 19:37
| #13 |
| | Bluesreens und Systemprobleme durch Trojan.Agent/Gen-Frauder Ok, werd ich gleich versuchen. Danke |
|
04.10.2010, 19:59
| #14 |
| | Bluesreens und Systemprobleme durch Trojan.Agent/Gen-Frauder Gut, mit der deaktivierung von McAfee hat es funktionert :-) Werde nun versuchen GMER auszuführen. Wenns nicht klappt, mach ich bei MBRCheck weiter. Hier schonmal der Logfile von OSAM: Gruß Anne OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:46:11 on 04.10.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "McDefragTask.job" - "McAfee, Inc." - c:\PROGRA~1\mcafee\mqc\QcConsol.exe "McQcTask.job" - "McAfee, Inc." - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl "PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl "setasio.cpl" - "SigmaTel, Inc." - C:\Windows\system32\setasio.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV07.sys "catchme" (catchme) - ? - C:\Users\Anne\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "McAfee Inc. mfeavfk" (mfeavfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeavfk.sys "McAfee Inc. mfebopk" (mfebopk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfebopk.sys "McAfee Inc. mfehidk" (mfehidk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfehidk.sys "McAfee Inc. mferkdk" (mferkdk) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdk.sys "McAfee Inc. mfesmfk" (mfesmfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfesmfk.sys "nvlddmkm" (nvlddmkm) - "NVIDIA Corporation" - C:\Windows\System32\DRIVERS\nvlddmkm.sys (Data mismatch, rootkit activity) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys "Sony Image Conversion Filter Driver" (SonyImgF) - "Sony Corporation" - C:\Windows\System32\DRIVERS\SonyImgF.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {792F0537-F929-4eb7-AC1D-FB6334C71550} "LG Phone" - ? - (File not found | COM-object registry key not found) {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {27B4851A-3207-45A2-B947-BE8AFE6163AB} "McAfee Phishing Filter" - ? - c:\PROGRA~1\mcafee\msk\mskapbho.dll {B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan\scriptsn.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "HP Software Update" - "Hewlett-Packard Co." - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" "mcagent_exe" - "McAfee, Inc." - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "VAIOCameraUtility" - "Sony Corporation" - "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe "Adobe Active File Monitor V5" (AdobeActiveFileMonitor5.0) - ? - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (File found, but it contains no detailed information) "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "MBackMonitor" (MBackMonitor) - "McAfee" - C:\Program Files\McAfee\MBK\MBackMonitor.exe "McAfee Network Agent" (McNASvc) - "McAfee, Inc." - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe "McAfee Personal Firewall Service" (MpfService) - "McAfee, Inc." - C:\Program Files\McAfee\MPF\MPFSrv.exe "McAfee Proxy Service" (McProxy) - "McAfee, Inc." - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe "McAfee Real-time Scanner" (McShield) - "McAfee, Inc." - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe "McAfee Scanner" (McODS) - "McAfee, Inc." - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe "McAfee Services" (mcmscsvc) - "McAfee, Inc." - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe "McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe "McAfee SpamKiller Service" (MSK80Service) - "McAfee, Inc." - C:\Program Files\McAfee\MSK\MskSrver.exe "McAfee SystemGuards" (McSysmon) - "McAfee, Inc." - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe "SQL Server (VAIO_VEDB)" (MSSQL$VAIO_VEDB) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe "VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe "VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe "VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe "VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe "VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe "VAIO Media Content Collection" (VAIOMediaPlatform-UCLS-AppServer) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe "VAIO Media Content Collection (HTTP)" (VAIOMediaPlatform-UCLS-HTTP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe "VAIO Media Content Collection (UPnP)" (VAIOMediaPlatform-UCLS-UPnP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe "VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe "VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe "VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe "VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll "VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
04.10.2010, 20:14
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bluesreens und Systemprobleme durch Trojan.Agent/Gen-Frauder Das Log ist soweit ok. Poste noch die anderen beiden Logs.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bluesreens und Systemprobleme durch Trojan.Agent/Gen-Frauder |
| 32 bit, acroiehelper.dll, adobe, adware, bho, bluescreen, bluesreens, call of duty, components, corp./icp, data restore, defender, error, firefox, firefox.exe, flash player, format, google, home, home premium, iexplore.exe, local\temp, location, logfile, mozilla, nodrives, ntdll.dll, nvlddmkm.sys, nvstor.sys, officejet, oldtimer, otl logfile, phishing, plug-in, programdata, programm, reduzieren, registry, rundll, saver, searchplugins, secure search, security, server, shell32.dll, siteadvisor, skype.exe, software, studio, superantispyware, svchost.exe, system restore, trojan.agent/gen-frauder, udp, vista, vlc media player, world at war |
Linear-Darstellung
