|
Plagegeister aller Art und deren Bekämpfung: Google-Anfragen werden umgeleitetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.12.2010, 23:56 | #1 |
| Google-Anfragen werden umgeleitet Hallo, vorweg - bitte seid nachsichtig, ich bin neu hier im Forum, da ich dringends eure Hilfe benötige... Wie schon im Betreff angekündigt, werden jegliche Google-Suchanfragen zunächst aufgelistet und wenn man auf den jeweiligen Link klickt kommt man statt auf die gewünschte Seite (Bsp. w*w.microsoft.com) auf Werbeseiten oder eine weinrote Seite, die anzeigt: "Als attackierend gemeldete Webseite!"... im weiteren steht: "Die Webseite auf 64.155.212.118 wurde als attackierende Seite gemeldet und auf Grund Ihrer Sicherheitseinstellungen blockiert. Attackierende Webseiten versuchen, Programme zu installieren, die private Informationen stehlen, Ihren Computer verwenden, um andere zu attackieren oder Ihr System beschädigen. Manche Webseiten vertreiben bewusst Viren und ähnlich schädliche Software, aber viele Webseiten sind auch ohne das Wissen oder die Erlaubnis des Betreibers kompromittiert." Erste Einschätzung meinerseits ist, dass es ein Trojaner sein könnte, bin mir da jedoch nicht sicher. Bin kein Laie auf dem Gebiet, jedoch reicht es nicht aus, um mit dem Problem selbst fertig zu werden. Habe die Freeware von Antivir durchlaufen lassen - hat nichts gefunden. Wie kann ich weiter vorgehen. Ich hoffe auf eure Hilfe. Danke |
10.12.2010, 12:38 | #2 |
/// Malware-holic | Google-Anfragen werden umgeleitet ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
11.12.2010, 13:33 | #3 |
| Google-Anfragen werden umgeleitet Hier die OTL:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 11.12.2010 13:04:03 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\*******\Desktop Windows Vista Home Precmium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,12 Gb Total Space | 31,51 Gb Free Space | 28,36% Space Free | Partition Type: NTFS Drive G: | 64,65 Gb Total Space | 0,43 Gb Free Space | 0,66% Space Free | Partition Type: NTFS Computer Name: *******-PC | User Name: ******* | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*******\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\*******\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (IDriverT) -- c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh) DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation) DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (MODRC) -- C:\Windows\System32\drivers\modrc.sys (DiBcom S.A.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com IE - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Radio Bar 2 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.backup.ftp: "proxy.*******.de" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.gopher: "proxy.*******.de" FF - prefs.js..network.proxy.backup.gopher_port: 8080 FF - prefs.js..network.proxy.backup.socks: "proxy.*******.de" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "proxy.*******.de" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "proxy.*******.de" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "proxy.*******.de" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "proxy.*******.de" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.*******.de" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "proxy.*******.de" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.22 17:05:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.10 14:11:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.10 11:41:21 | 000,000,000 | ---D | M] [2010.04.01 11:28:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Extensions [2010.12.11 12:54:46 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\st9xz2n9.default\extensions [2010.08.11 20:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\st9xz2n9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.18 14:31:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\st9xz2n9.default\extensions\vshare@toolbar [2010.06.08 10:30:42 | 000,000,925 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\FireFox\Profiles\st9xz2n9.default\searchplugins\conduit.xml [2010.11.09 14:27:22 | 000,002,101 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\FireFox\Profiles\st9xz2n9.default\searchplugins\googlede.xml [2010.11.05 16:22:10 | 000,001,583 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\FireFox\Profiles\st9xz2n9.default\searchplugins\web-search.xml [2010.04.01 10:43:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.09.09 13:13:50 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.09 13:13:50 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.09 13:13:50 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.09 13:13:50 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.09 13:13:50 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\..Trusted Domains: corel.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\..Trusted Domains: corel.com ([www] * in Trusted sites) O15 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\..Trusted Domains: intervideo.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\..Trusted Domains: intervideo.com ([www] * in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\*******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\*******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{017c5b4f-4d90-11df-9f99-001e3d8976cf}\Shell\AutoRun\command - "" = .\Highspeed drivers.exe O33 - MountPoints2\{a5f62e80-3d77-11df-bd62-001e3d8976cf}\Shell - "" = AutoRun O33 - MountPoints2\{a5f62e80-3d77-11df-bd62-001e3d8976cf}\Shell\AutoRun\command - "" = I:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: MarketingTools - hkey= - key= - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) MsConfig - StartUpReg: PMCLoader - hkey= - key= - C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RemoteControl10 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.12.11 00:50:07 | 000,000,000 | ---D | C] -- C:\_OTL [2010.12.11 00:46:07 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe [2010.12.10 19:26:53 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\pdf24 [2010.12.10 19:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24 [2010.12.10 19:25:58 | 011,792,152 | ---- | C] (Geek Software GmbH ) -- C:\Users\*******\Desktop\pdf24-creator.exe [2010.12.09 20:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\windows [2010.12.09 13:46:43 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\XY [2010.11.21 12:46:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\*******\AppData\Roaming\pcouffin.sys [2010.11.21 12:46:32 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Vso [2010.11.21 12:46:32 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\PcSetup [2010.11.20 12:57:54 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\yx [2010.11.20 12:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft ========== Files - Modified Within 30 Days ========== [2010.12.11 12:44:31 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.11 12:44:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.11 12:44:30 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.11 00:46:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe [2010.12.10 19:38:03 | 000,140,800 | ---- | M] () -- C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.10 19:26:26 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2010.12.10 19:26:16 | 011,792,152 | ---- | M] (Geek Software GmbH ) -- C:\Users\*******\Desktop\pdf24-creator.exe [2010.12.10 19:14:42 | 000,189,918 | ---- | M] () -- C:\Users\*******\AppData\Roaming\nvModes.dat [2010.12.10 19:14:42 | 000,189,918 | ---- | M] () -- C:\Users\*******\AppData\Roaming\nvModes.001 [2010.12.10 16:16:54 | 000,713,632 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.10 16:16:54 | 000,669,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.10 16:16:54 | 000,141,074 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.10 16:16:54 | 000,123,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.10 16:14:41 | 000,012,662 | ---- | M] () -- C:\Users\*******\Desktop\fd.docx [2010.12.10 00:14:36 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2010.12.09 19:48:32 | 000,000,012 | ---- | M] () -- C:\Users\*******\AppData\Roaming\abpzlw.dat [2010.12.09 19:48:26 | 000,000,004 | ---- | M] () -- C:\Users\*******\AppData\Roaming\avdrn.dat [2010.12.09 02:30:21 | 296,872,139 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.12.08 22:04:42 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.04 22:07:12 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.12.02 12:35:50 | 000,012,735 | ---- | M] () -- C:\Users\*******\Documents\Der Code des BösenKatharina Bogner.docx [2010.11.26 08:25:41 | 000,003,308 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.11.22 18:03:57 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.21 12:46:33 | 000,087,608 | ---- | M] () -- C:\Users\*******\AppData\Roaming\inst.exe [2010.11.21 12:46:33 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\*******\AppData\Roaming\pcouffin.sys [2010.11.21 12:46:33 | 000,007,887 | ---- | M] () -- C:\Users\*******\AppData\Roaming\pcouffin.cat [2010.11.21 12:46:33 | 000,001,144 | ---- | M] () -- C:\Users\*******\AppData\Roaming\pcouffin.inf [2010.11.20 12:57:38 | 000,145,583 | ---- | M] () -- C:\Windows\rg.xml [2010.11.20 12:57:09 | 000,000,073 | ---- | M] () -- C:\Windows\userList.xml [2010.11.20 12:51:58 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib ========== Files Created - No Company Name ========== [2010.12.10 19:26:26 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2010.12.10 14:21:29 | 000,012,662 | ---- | C] () -- C:\Users\*******\Desktop\Gliederung.docx [2010.12.09 19:48:32 | 000,000,012 | ---- | C] () -- C:\Users\*******\AppData\Roaming\abpzlw.dat [2010.12.09 19:48:26 | 000,000,004 | ---- | C] () -- C:\Users\*******\AppData\Roaming\avdrn.dat [2010.12.02 12:35:50 | 000,012,735 | ---- | C] () -- C:\Users\*******\Documents\Der Code des BösenKatharina Bogner.docx [2010.11.21 12:46:33 | 000,087,608 | ---- | C] () -- C:\Users\*******\AppData\Roaming\inst.exe [2010.11.21 12:46:33 | 000,007,887 | ---- | C] () -- C:\Users\*******\AppData\Roaming\pcouffin.cat [2010.11.21 12:46:33 | 000,001,144 | ---- | C] () -- C:\Users\*******\AppData\Roaming\pcouffin.inf [2010.11.21 12:46:33 | 000,000,055 | ---- | C] () -- C:\Users\*******\AppData\Roaming\pcouffin.log [2010.11.20 12:57:38 | 000,145,583 | ---- | C] () -- C:\Windows\rg.xml [2010.11.20 12:57:09 | 000,000,073 | ---- | C] () -- C:\Windows\userList.xml [2010.11.20 12:51:58 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.06 17:41:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.11.06 17:41:46 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.10.12 21:15:04 | 000,001,658 | ---- | C] () -- C:\Users\*******\AppData\Roaming\filterclsid.dat [2010.10.12 20:56:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.10.12 20:48:44 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.08.27 11:57:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.06.15 22:33:14 | 000,000,027 | ---- | C] () -- C:\Windows\NeoSetup.INI [2010.06.10 15:29:49 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.04.11 18:03:46 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.04.01 19:19:26 | 000,140,800 | ---- | C] () -- C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.01 11:24:56 | 000,002,032 | ---- | C] () -- C:\Users\*******\AppData\Local\d3d9caps.dat [2010.04.01 11:24:46 | 000,189,918 | ---- | C] () -- C:\Users\*******\AppData\Roaming\nvModes.dat [2010.04.01 11:24:46 | 000,189,918 | ---- | C] () -- C:\Users\*******\AppData\Roaming\nvModes.001 [2007.09.12 00:57:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007.09.12 00:54:26 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2007.08.28 18:03:14 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.01.01 02:41:22 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2005.01.01 02:15:08 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2005.01.01 02:12:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2010.06.10 15:32:53 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DAEMON Tools Lite [2010.08.11 20:57:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.12 20:30:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FreeFLVConverter [2010.10.21 16:58:48 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\InterVideo [2010.06.16 10:25:13 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\IrfanView [2010.09.22 17:22:06 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Nokia [2005.01.01 06:47:00 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Opera [2010.09.22 17:17:03 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PC Suite [2010.11.06 17:41:34 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Samsung [2010.09.11 15:16:53 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Thinstall [2010.11.21 12:46:33 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Vso [2010.12.09 23:56:51 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Yctiop [2010.08.17 10:44:40 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\YoudaGames [2010.11.26 08:25:41 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.04.01 17:27:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Adobe [2010.04.18 19:58:13 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Ahead [2005.01.01 01:44:50 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Avira [2010.10.12 19:55:24 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\AVS4YOU [2010.10.21 21:38:41 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\CyberLink [2010.06.10 15:32:53 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DAEMON Tools Lite [2010.04.01 19:19:32 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DivX [2010.09.06 13:00:32 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\dvdcss [2010.08.11 20:57:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.12 20:30:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FreeFLVConverter [2010.04.16 13:34:15 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Google [2007.11.02 09:56:07 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Identities [2010.10.21 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\InstallShield [2010.10.21 16:58:48 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\InterVideo [2010.06.16 10:25:13 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\IrfanView [2007.11.02 13:40:07 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Macromedia [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\*******t\AppData\Roaming\Media Center Programs [2010.09.30 11:04:26 | 000,000,000 | --SD | M] -- C:\Users\*******\AppData\Roaming\Microsoft [2010.04.01 11:28:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Mozilla [2010.09.22 17:22:06 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Nokia [2005.01.01 06:47:00 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Opera [2010.09.22 17:17:03 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PC Suite [2010.11.06 17:41:34 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Samsung [2010.07.26 18:05:58 | 000,000,000 | RH-D | M] -- C:\Users\*******\AppData\Roaming\SecuROM [2010.05.28 19:36:57 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Skype [2010.08.15 10:36:03 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\SmartFTP [2010.10.04 21:37:47 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Sony Corporation [2010.09.11 15:16:53 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Thinstall [2010.10.23 14:38:32 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\vlc [2010.11.21 12:46:33 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Vso [2010.04.01 20:33:55 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\WinRAR [2010.12.09 23:56:51 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Yctiop [2010.08.17 10:44:40 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\YoudaGames < %APPDATA%\*.exe /s > [2010.11.21 12:46:33 | 000,087,608 | ---- | M] () -- C:\Users\*******\AppData\Roaming\inst.exe [2010.10.28 20:06:24 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\*******\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2010.08.15 10:36:29 | 000,157,733 | R--- | M] () -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{D2FA7DE1-ED1A-4F9F-949F-B680C470D3FE}\SmartFTP.exe [2010.11.06 17:43:15 | 000,555,008 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\drivers\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2010.04.03 12:00:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2010.04.03 12:00:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2010.04.03 12:00:09 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2010.04.03 12:00:09 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2010.04.03 12:00:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe < MD5 for: IASTOR.SYS > [2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\Drivers\SATA Driver (Intel) (Non-RAID) 7.0A - 7.0.0.1020\iastor.sys [2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys [2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys [2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys < MD5 for: IASTORV.SYS > [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys < MD5 for: SCECLI.DLL > [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll < MD5 for: USER32.DLL > [2007.11.02 10:23:58 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2007.11.02 10:23:58 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2007.11.02 10:23:58 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll < MD5 for: USERINIT.EXE > [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.06.10 15:29:49 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2007.11.02 18:48:17 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.11.02 18:48:16 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.11.02 18:48:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.11.02 18:48:24 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.11.02 18:48:25 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2006.11.02 10:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2006.11.02 10:46:13 | 000,221,184 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < End of report > Hier die Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.12.2010 13:04:03 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\*******\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,12 Gb Total Space | 31,51 Gb Free Space | 28,36% Space Free | Partition Type: NTFS Drive G: | 64,65 Gb Total Space | 0,43 Gb Free Space | 0,66% Space Free | Partition Type: NTFS Computer Name: *******-PC | User Name: ******* | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3632718627-2461714518-3291536374-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{B9F9D674-9800-46A5-89C4-950EE1438C14}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{017FBF47-4C08-442F-82EB-B70CF25FD24A}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{0986E903-FF78-40AB-9041-9DE8E4774157}" = protocol=6 | dir=in | app=c:\program files\PSEE\PSE\PSE.exe | "{11252DA3-2C4C-4DC9-A4A7-8E8508A920E6}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{211F9847-C23B-429A-9EED-53051EFD6D0B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{252E50B3-78BA-43E2-81FB-F4FEE6044BAE}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | "{2C1ABDBC-AB50-4393-94BA-A2BF17DEF0D1}" = protocol=6 | dir=in | app=c:\program files\PSEE\PSE\PSE.exe | "{2FD71130-1434-4DD9-B2B7-6905A3AF0747}" = protocol=17 | dir=in | app=c:\program files\PSEE\PSE\PSE.exe | "{3E3FC247-C1DB-4D6A-A8C3-74AA7D291D60}" = protocol=17 | dir=in | app=c:\program files\PSEE\PSE\PSE.exe | "{6303ADC9-81DD-4FBC-A42F-7936A0385CD0}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{9F0B9C03-B50D-4FFA-BC86-2EC56955B424}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd9.exe | "{BEDCC1D7-3393-4F24-AEA2-D9149770F853}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{C9F4128F-B0C9-463D-910B-5B7A73257D10}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{E7F2FBFC-4044-499D-9BE2-2F7C5B82BE9B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in "{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2000 "{06F80017-8F98-4C94-B868-52358569FC32}" = CG "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module "{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution "{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = PSE "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0 "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs "{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting "{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility "{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{336C4194-47FA-40A8-8D65-21000CA5186E}" = PSE "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{4203C377-8F5B-4B3C-9096-6FC7C2CB9BC5}" = VAIO Content Metadata XML Interface Library "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox "{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0 "{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0 "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5 "{5C9CEF25-6F70-4916-AFE2-67DC66E440F9}" = SmartFTP Client "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360 "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc "{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AF3D486-C45C-472F-A5C1-99C7A4C18127}" = BROCKHAUS DIE ENZYKLOPÄDIE "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2 "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.8 "{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8BF806C4-2D77-4F67-8435-D4BDCEB665A8}_is1" = GOP "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3 "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music "{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer "{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting "{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0 "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story "{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library "{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition "{D2FA7DE1-ED1A-4F9F-949F-B680C470D3FE}" = SmartFTP Client German (Germany) MUI "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents "{DC158DF7-6B36-4C6F-BC91-109014297994}" = XY "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter "{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0 "{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio "{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode "{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool "{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro "{F5397A82-641F-4643-8200-51D7F0016511}" = Click to Disc "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = "0216B19FFB37CDD2B09298B6C184F90316C813B1" = Windows Driver Package - Intel (NETw4v32) net (06/20/2007 11.1.1.16) "1713EFD0409BCDF53DED33020E5FE8E4FB97BA41" = Windows Driver Package - Intel (NETw2v32) net (03/06/2007 9.1.1.15) "34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5) "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "B8F60C0D48BE9CDD36117829702A2631F7C489C7" = Windows Driver Package - Intel net (06/20/2007 11.1.1.16) "Carom3D" = Carom3D "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "DivX Setup.divx.com" = DivX-Setup "dt icon module" = "EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7) "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free Video Dub_is1" = Free Video Dub version 1.8 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "gtfirstboot Setting Request" = "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "IPIX ActiveX Viewer" = IPIX ActiveX Viewer "IPIX Netscape Plugin Viewer" = IPIX Netscape Plugin Viewer "IPIX Viewer" = IPIX Viewer "IrfanView" = IrfanView (remove only) "JDownloader" = JDownloader "MarketingTools" = Vaio Marketing Tools "MFU Module" = "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01 "Picasa2" = Picasa 2 "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only) "Trials 2 Second Edition_is1" = Trials 2 Second Edition v1.08 "Uninstall_is1" = Uninstall 1.0.0.1 "VAIO Help and Support" = "VAIO_My Club VAIO" = My Club VAIO "VAIO_Photoshop" = "VAIO_Premiere" = "VAIO_Standard" = "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.1.4 "WinRAR archiver" = WinRAR "xp-AntiSpy" = xp-AntiSpy 3.97-9 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > DANKE |
11.12.2010, 13:50 | #4 |
/// Malware-holic | Google-Anfragen werden umgeleitet bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.12.2010, 15:03 | #5 |
| Google-Anfragen werden umgeleitet Ich konnte leider kein Combofix log erstellen, obwohl ich den Anweisungen des Tutorials gefolgt bin... Der Computer stürzt bei Stufe 41 einfach ab und ich habe einen BlueScreen... Habe es drei mal probiert und immer wieder das gleiche, obwohl alle Prozesse geschlossen waren (inklusive Antivir) Nach dem Neustart habe ich schon geschaut, ob irgendwo ein logfile erstellt wurde oder irgendetwas, was weiterhelfen könnte.. Woran kann es liegen bzw. gibt´s ne Alternative zu Combofix? Besten Dank |
11.12.2010, 15:08 | #6 |
/// Malware-holic | Google-Anfragen werden umgeleitet CD-Emulatoren mit DeFogger deaktivieren Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren laufen lassen oder die Software über Systemsteuerung => Software/Programme deinstallieren. Berichte mir, für welche Variante Du Dich entschieden hast. Die Deaktivierung können wir nach der Bereinigung rückgängig machen. Lade http://filepony.de/download-defogger/ herunter und speichere es auf Deinem Desktop. Doppelklicke DeFogger, um das Tool zu starten. • Es öffnet sich das Programm-Fenster des Tools. • Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren. • Klicke Ja, um fortzufahren. • Wenn die Nachricht 'Finished!' erscheint, • klicke OK. • DeFogger wird nun einen Reboot erfragen - klicke OK • Poste mir das defogger_disable.log hier in den Thread. Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird. jetzt versuch combofix erneut, 1 versuch reicht. wenn er jetzt wieder abstürtzt, starte deinen pc neu in den abgesicherten modus ohne netzwerk. sollte bei pc start mit f8 zu erreichen sein, dort combofix erneut probieren.
__________________ --> Google-Anfragen werden umgeleitet |
11.12.2010, 15:26 | #7 |
| Google-Anfragen werden umgeleitet Hier der logfile vom defogger... Lasse jetzt Combofix noch mal durchlaufen bzw. falls es nicht funktioniert im abgesicherten Modus. defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:24 on 11/12/2010 (*******) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Already disabled -=E.O.F=- |
11.12.2010, 15:55 | #8 |
| Google-Anfragen werden umgeleitet Im abgesicherten Modus hat Combofix es geschafft, ein Ergebnis zu liefern: Combofix logfile: ComboFix 10-12-10.01 - ******* 11.12.2010 15:37:20.5.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3070.2518 [GMT 1:00] ausgeführt von:: C:\Users\********\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Internet Explorer\complete.dat C:\Program Files\Internet Explorer\dmlconf.dat C:\Users\********\AppData\Roaming\avdrn.dat C:\Users\********\AppData\Roaming\inst.exe C:\Windows\XSxS . ((((((((((((((((((((((( Dateien erstellt von 2010-11-11 bis 2010-12-11 )))))))))))))))))))))))))))))) . 2010-12-11 14:43:27 . 2010-12-11 14:43:31 -------- d-----w- C:\Users\********\AppData\Local\temp 2010-12-11 14:43:27 . 2010-12-11 14:43:27 -------- d-----w- C:\Users\Default\AppData\Local\temp 2010-12-10 23:50:07 . 2010-12-10 23:50:07 -------- d-----w- C:\_OTL 2010-12-10 18:26:25 . 2010-12-10 18:26:38 -------- d-----w- C:\Program Files\PDF24 2010-12-09 19:05:30 . 2010-12-09 19:05:44 -------- d-----w- C:\Program Files\windows 2010-11-21 11:46:33 . 2010-11-21 11:46:33 47360 ----a-w- C:\Users\********\AppData\Roaming\pcouffin.sys 2010-11-21 11:46:32 . 2010-11-21 11:46:33 -------- d-----w- C:\Users\********\AppData\Roaming\Vso 2010-11-20 11:47:27 . 2010-11-21 11:46:17 -------- d-----w- C:\Program Files\SlySoft . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-08 21:04:42 . 2010-04-01 09:56:11 135096 ----a-w- C:\Windows\system32\drivers\avipbb.sys 2010-11-22 17:03:57 . 2010-04-01 09:56:11 61960 ----a-w- C:\Windows\system32\drivers\avgntflt.sys 2010-10-21 20:32:53 . 2003-03-18 19:14:52 505128 ----a-w- C:\Windows\system32\msvcp71.dll 2010-10-21 20:32:53 . 2003-02-21 03:42:22 353576 ----a-w- C:\Windows\system32\msvcr71.dll 2010-10-01 13:20:50 . 2010-10-12 19:30:36 307200 ----a-w- C:\Windows\system32\TubeFinder.exe 2010-09-15 10:10:20 . 2010-10-12 18:54:35 1700352 ----a-w- C:\Windows\system32\GdiPlus.dll 2010-09-15 10:10:18 . 2010-10-12 18:54:35 24576 ----a-w- C:\Windows\system32\msxml3a.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36:04 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-30 00:33:32 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-30 00:32:04 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-30 00:32:04 81920] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 10:09:58 311296] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 21:48:01 281768] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 00:12:18 118784] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 09:45:59 215552] "BDRegion"="C:\Program Files\Cyberlink\Shared files\brs.exe" [2010-08-26 10:18:34 75048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05:20 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=C:\Windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37:40 932288 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-18 06:58:00 40368 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2007-06-10 00:12:18 118784 ----a-w- C:\Program Files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2009-04-02 17:05:22 102400 ----a-w- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 17:03:40 152872 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46:36 1135912 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools] 2007-11-02 12:40:56 36864 ----a-w- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57:24 153136 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2010-05-14 08:32:30 1479680 ----a-w- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint] 2010-11-18 08:06:44 215944 ----a-w- C:\Program Files\PDF24\pdf24.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-09-12 00:29:47 443968 ----a-w- C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 21:08:18 417792 ----a-w- C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10] 2010-02-02 22:08:56 87336 ------w- C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00:36 132496 ----a-w- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] 2009-06-17 11:44:11 85160 ----a-w- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3632718627-2461714518-3291536374-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/21 22:36:51];C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 10:18:24 87536] R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-02 21:48:01 135336] R2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [2009-03-31 08:39:36 233472] R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 19:09:28 11032] R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 07:07:22 493248] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 00:03:13 28464] R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 08:39:36 36608] R3 MODRC;DiBcom Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys [2007-02-06 09:10:58 13440] R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-10-30 00:00:32 75008] R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-10-30 00:00:32 43904] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 10:33:12 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 10:33:14 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 10:33:12 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 10:33:12 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 10:33:14 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 10:33:12 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 10:33:14 115752] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 09:01:26 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 09:01:26 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 09:01:26 121856] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 00:00:39 812544] R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 15:51:06 745472] R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 14:34:50 397312] R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 14:34:50 1089536] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 20:11:44 292128] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 17:52:32 79136] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 11:37:34 722288] R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2010-06-10 14:29:49 691696] S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 01:58:45 9344] --- Andere Dienste/Treiber im Speicher --- *NewlyCreated* - ECACHE [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.club-vaio.com IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube to Mp3 Converter - C:\Users\********\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: corel.com Trusted Zone: corel.com\www Trusted Zone: intervideo.com Trusted Zone: intervideo.com\www DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab FF - ProfilePath - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/ FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= FF - prefs.js: network.proxy.ftp - proxy.********.de FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - proxy.********.de FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - proxy.********.de FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - proxy.********.de FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - proxy.********.de FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Extension: vShare Plugin: vshare@toolbar - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\vshare@toolbar FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-Run-NPSStartup - (no file) HKLM-RunOnce-<NO NAME> - (no file) MSConfigStartUp-PMCLoader - C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe MSConfigStartUp-Sony Ericsson PC Suite - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe Geändert von need.help (11.12.2010 um 16:43 Uhr) |
11.12.2010, 16:08 | #9 |
/// Malware-holic | Google-Anfragen werden umgeleitet start programme zubehör editor, kopiere rein Killall:: Folder:: C:\Program Files\windows datei speichern unter, typ alle dateien, speicherort, dort wo sich combofix befindet. mame: cfscript.txt starte im abgesicherten modus, ziehe cfscript auf combofix, programm startet, log posten-
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.12.2010, 16:42 | #10 |
| Google-Anfragen werden umgeleitet Log File: ComboFix 10-12-10.01 - ******* 11.12.2010 16:24:28.6.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3070.2508 [GMT 1:00] ausgeführt von:: C:\Users\*******\Desktop\ComboFix.exe Benutzte Befehlsschalter :: C:\ComboFix\cfscript.txt AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Vorheriger Suchlauf ------- . C:\Program Files\Internet Explorer\complete.dat C:\Program Files\Internet Explorer\dmlconf.dat C:\Users\*******\AppData\Roaming\avdrn.dat C:\Users\*******\AppData\Roaming\inst.exe C:\Windows\XSxS . ((((((((((((((((((((((( Dateien erstellt von 2010-11-11 bis 2010-12-11 )))))))))))))))))))))))))))))) . 2010-12-11 15:30:42 . 2010-12-11 15:30:45 -------- d-----w- C:\Users\*******\AppData\Local\temp 2010-12-11 15:30:42 . 2010-12-11 15:30:42 -------- d-----w- C:\Users\Default\AppData\Local\temp 2010-12-10 23:50:07 . 2010-12-10 23:50:07 -------- d-----w- C:\_OTL 2010-12-10 18:26:25 . 2010-12-10 18:26:38 -------- d-----w- C:\Program Files\PDF24 2010-12-09 19:05:30 . 2010-12-09 19:05:44 -------- d-----w- C:\Program Files\windows 2010-11-21 11:46:33 . 2010-11-21 11:46:33 47360 ----a-w- C:\Users\*******\AppData\Roaming\pcouffin.sys 2010-11-21 11:46:32 . 2010-11-21 11:46:33 -------- d-----w- C:\Users\*******\AppData\Roaming\Vso 2010-11-20 11:47:27 . 2010-11-21 11:46:17 -------- d-----w- C:\Program Files\SlySoft . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-08 21:04:42 . 2010-04-01 09:56:11 135096 ----a-w- C:\Windows\system32\drivers\avipbb.sys 2010-11-22 17:03:57 . 2010-04-01 09:56:11 61960 ----a-w- C:\Windows\system32\drivers\avgntflt.sys 2010-10-21 20:32:53 . 2003-03-18 19:14:52 505128 ----a-w- C:\Windows\system32\msvcp71.dll 2010-10-21 20:32:53 . 2003-02-21 03:42:22 353576 ----a-w- C:\Windows\system32\msvcr71.dll 2010-10-01 13:20:50 . 2010-10-12 19:30:36 307200 ----a-w- C:\Windows\system32\TubeFinder.exe 2010-09-15 10:10:20 . 2010-10-12 18:54:35 1700352 ----a-w- C:\Windows\system32\GdiPlus.dll 2010-09-15 10:10:18 . 2010-10-12 18:54:35 24576 ----a-w- C:\Windows\system32\msxml3a.dll . ((((((((((((((((((((((((((((( SnapShot@2010-12-11_14.43.33 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 22016 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\netiougc.exe + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 49152 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\netiomig.dll + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 22016 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\netiougc.exe + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 49152 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\netiomig.dll + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 11776 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbunattend.exe + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 66048 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbdrop.dll + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 11776 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbunattend.exe + 2010-12-11 14:52:31 . 2010-12-11 14:52:31 66048 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbdrop.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\wshrm.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\wshrm.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\wshrm.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\wshrm.dll + 2010-12-11 14:51:43 . 2010-12-11 14:51:43 98392 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\FWPKCLNT.SYS + 2010-12-11 14:51:48 . 2010-12-11 14:51:48 85504 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\FWPKCLNT.SYS + 2010-12-11 14:51:46 . 2010-12-11 14:51:46 31232 C:\Windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22283_none_8839cdd01bef0fa3\tcpipreg.sys + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 30720 C:\Windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18160_none_87c2cfff02c3ebf2\tcpipreg.sys + 2010-12-11 14:52:13 . 2010-12-11 14:52:13 84480 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsrslvr.dll + 2010-12-11 14:52:13 . 2010-12-11 14:52:13 24576 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnscacheugc.exe + 2010-12-11 14:52:14 . 2010-12-11 14:52:14 83968 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll + 2010-12-11 14:52:14 . 2010-12-11 14:52:14 24576 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnscacheugc.exe + 2007-11-02 09:04:26 . 2010-12-11 14:48:37 39158 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2007-11-02 09:04:26 . 2010-12-11 14:23:09 39158 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05:11 . 2010-12-11 14:48:39 72912 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2010-04-01 10:21:43 . 2010-12-11 15:20:14 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-01 10:21:43 . 2010-12-11 14:21:15 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-01 10:21:43 . 2010-12-11 15:20:14 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-04-01 10:21:43 . 2010-12-11 14:21:15 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-04-01 10:21:44 . 2010-12-11 14:21:15 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-04-01 10:21:44 . 2010-12-11 15:20:14 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-04-09 10:34:41 . 2010-12-11 14:21:07 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-09 10:34:41 . 2010-12-11 14:46:48 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-09 10:34:41 . 2010-12-11 14:21:07 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-04-09 10:34:41 . 2010-12-11 14:46:48 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-11 14:53:08 . 2010-12-11 14:53:08 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\spwmp.dll + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\dxmasf.dll + 2010-12-11 14:53:14 . 2010-12-11 14:53:14 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\spwmp.dll + 2010-12-11 14:53:13 . 2010-12-11 14:53:13 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\dxmasf.dll + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\spwmp.dll + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\dxmasf.dll + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\spwmp.dll + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\dxmasf.dll + 2010-12-11 14:53:26 . 2010-12-11 14:53:26 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\spwmp.dll + 2010-12-11 14:53:25 . 2010-12-11 14:53:25 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\dxmasf.dll + 2010-12-11 14:53:30 . 2010-12-11 14:53:30 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\spwmp.dll + 2010-12-11 14:53:29 . 2010-12-11 14:53:29 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\dxmasf.dll + 2010-04-01 10:26:38 . 2010-12-11 14:48:39 6158 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3632718627-2461714518-3291536374-1000_UserData.bin - 2010-04-01 10:26:38 . 2010-12-11 14:23:11 6158 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3632718627-2461714518-3291536374-1000_UserData.bin + 2010-12-11 14:52:08 . 2010-12-11 15:15:07 3388 C:\Windows\SoftwareDistribution\PostRebootEventCache\{33F1F29E-2055-4A0F-AAE3-E2BE882174E0}.bin - 2010-12-11 14:21:00 . 2010-12-11 14:35:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2010-12-11 15:19:32 . 2010-12-11 15:19:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-12-11 14:21:00 . 2010-12-11 14:35:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-12-11 15:19:32 . 2010-12-11 15:19:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2007-11-02 09:52:18 . 2010-12-11 14:20:04 3308 C:\Windows\bthservsdp.dat + 2007-11-02 09:52:18 . 2010-12-11 15:15:11 3308 C:\Windows\bthservsdp.dat + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 167424 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpipcfg.dll + 2010-12-11 14:51:48 . 2010-12-11 14:51:49 816640 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 167424 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpipcfg.dll + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 813568 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 907832 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 904776 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys + 2010-12-11 14:51:44 . 2010-12-11 14:51:44 900696 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys + 2010-12-11 14:51:46 . 2010-12-11 14:51:46 897624 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\rmcast.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\rmcast.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\rmcast.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\rmcast.sys + 2010-12-11 14:51:41 . 2010-12-11 14:51:41 438272 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\IKEEXT.DLL + 2010-12-11 14:51:43 . 2010-12-11 14:51:43 595456 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\FWPUCLNT.DLL + 2010-12-11 14:51:40 . 2010-12-11 14:51:40 328704 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\BFE.DLL + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 416768 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\IKEEXT.DLL + 2010-12-11 14:51:48 . 2010-12-11 14:51:48 543232 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\FWPUCLNT.DLL + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 317440 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\BFE.DLL + 2010-12-11 14:51:43 . 2010-12-11 14:51:43 220248 C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22577_none_56e063cace9d90bd\netio.sys + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 214104 C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21175_none_54f7faccd1790339\netio.sys + 2010-12-11 14:53:20 . 2010-12-11 14:53:20 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.22172_none_a65e88df3e466bbf\wmpdxm.dll + 2010-12-11 14:53:20 . 2010-12-11 14:53:20 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.18065_none_a5e2bcde251dfc09\wmpdxm.dll + 2010-12-11 14:52:54 . 2010-12-11 14:52:54 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.22470_none_a47616634121e3ed\wmpdxm.dll + 2010-12-11 14:52:54 . 2010-12-11 14:52:54 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.18289_none_a3eaaa60280446fc\wmpdxm.dll + 2010-12-11 14:53:21 . 2010-12-11 14:53:21 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.21083_none_a287deeb4400f10d\wmpdxm.dll + 2010-12-11 14:53:21 . 2010-12-11 14:53:21 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.16885_none_a2006a922ae150af\wmpdxm.dll + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpshare.exe + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmplayer.exe + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpconfig.exe + 2010-12-11 14:53:13 . 2010-12-11 14:53:13 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpshare.exe + 2010-12-11 14:53:14 . 2010-12-11 14:53:14 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmplayer.exe + 2010-12-11 14:53:13 . 2010-12-11 14:53:13 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpconfig.exe + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpshare.exe + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmplayer.exe + 2010-12-11 14:52:54 . 2010-12-11 14:52:54 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpconfig.exe + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpshare.exe + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmplayer.exe + 2010-12-11 14:53:00 . 2010-12-11 14:53:00 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpconfig.exe + 2010-12-11 14:53:25 . 2010-12-11 14:53:25 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpshare.exe + 2010-12-11 14:53:25 . 2010-12-11 14:53:25 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmplayer.exe + 2010-12-11 14:53:21 . 2010-12-11 14:53:21 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpconfig.exe + 2010-12-11 14:53:29 . 2010-12-11 14:53:29 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpshare.exe + 2010-12-11 14:53:30 . 2010-12-11 14:53:30 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe + 2010-12-11 14:53:29 . 2010-12-11 14:53:29 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpconfig.exe + 2010-12-11 14:52:13 . 2010-12-11 14:52:13 162816 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsapi.dll + 2010-12-11 14:52:14 . 2010-12-11 14:52:14 162816 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsapi.dll - 2006-11-02 10:33:01 . 2010-12-11 14:41:30 669060 C:\Windows\System32\perfh009.dat + 2006-11-02 10:33:01 . 2010-12-11 15:24:04 669060 C:\Windows\System32\perfh009.dat - 2006-11-02 15:33:31 . 2010-12-11 14:41:30 712646 C:\Windows\System32\perfh007.dat + 2006-11-02 15:33:31 . 2010-12-11 15:24:03 712646 C:\Windows\System32\perfh007.dat - 2006-11-02 10:33:01 . 2010-12-11 14:41:30 122840 C:\Windows\System32\perfc009.dat + 2006-11-02 10:33:01 . 2010-12-11 15:24:03 122840 C:\Windows\System32\perfc009.dat - 2006-11-02 15:33:31 . 2010-12-11 14:41:30 140490 C:\Windows\System32\perfc007.dat + 2006-11-02 15:33:31 . 2010-12-11 15:24:03 140490 C:\Windows\System32\perfc007.dat + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 1232384 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sidebar.exe + 2010-12-11 14:52:31 . 2010-12-11 14:52:31 1232896 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sidebar.exe + 2010-12-11 14:53:10 . 2010-12-11 14:53:12 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmploc.DLL + 2010-12-11 14:53:17 . 2010-12-11 14:53:19 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmploc.DLL + 2010-12-11 14:52:59 . 2010-12-11 14:53:00 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmploc.DLL + 2010-12-11 14:53:05 . 2010-12-11 14:53:06 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmploc.DLL + 2010-12-11 14:53:28 . 2010-12-11 14:53:29 8147968 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmploc.DLL + 2010-12-11 14:53:31 . 2010-12-11 14:53:31 8147968 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmploc.DLL + 2006-11-02 10:22:39 . 2010-12-11 15:20:20 6291456 C:\Windows\System32\SMI\Store\Machine\schema.dat - 2006-11-02 10:22:39 . 2010-10-08 21:54:22 6291456 C:\Windows\System32\SMI\Store\Machine\schema.dat + 2010-12-11 15:24:02 . 2010-12-11 15:24:02 6156288 C:\Windows\ERDNT\Hiv-backup\schema.dat + 2010-12-11 14:53:08 . 2010-12-11 14:53:08 10628096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmp.dll + 2010-12-11 14:53:15 . 2010-12-11 14:53:17 10628096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmp.dll + 2010-12-11 14:52:56 . 2010-12-11 14:52:58 10627584 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmp.dll + 2010-12-11 14:53:02 . 2010-12-11 14:53:05 10626048 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmp.dll + 2010-12-11 14:53:26 . 2010-12-11 14:53:28 10622464 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmp.dll + 2010-12-11 14:53:30 . 2010-12-11 14:53:31 10621952 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmp.dll . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36:04 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-30 00:33:32 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-30 00:32:04 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-30 00:32:04 81920] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 10:09:58 311296] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 21:48:01 281768] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 00:12:18 118784] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 09:45:59 215552] "BDRegion"="C:\Program Files\Cyberlink\Shared files\brs.exe" [2010-08-26 10:18:34 75048] "NPSStartup"="" [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05:20 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=C:\Windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37:40 932288 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-18 06:58:00 40368 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2007-06-10 00:12:18 118784 ----a-w- C:\Program Files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2009-04-02 17:05:22 102400 ----a-w- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 17:03:40 152872 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46:36 1135912 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools] 2007-11-02 12:40:56 36864 ----a-w- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57:24 153136 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2010-05-14 08:32:30 1479680 ----a-w- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint] 2010-11-18 08:06:44 215944 ----a-w- C:\Program Files\PDF24\pdf24.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-09-12 00:29:47 443968 ----a-w- C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 21:08:18 417792 ----a-w- C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10] 2010-02-02 22:08:56 87336 ------w- C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00:36 132496 ----a-w- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] 2009-06-17 11:44:11 85160 ----a-w- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3632718627-2461714518-3291536374-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/21 22:36:51];C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 10:18:24 87536] R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-02 21:48:01 135336] R2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [2009-03-31 08:39:36 233472] R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 19:09:28 11032] R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 07:07:22 493248] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 00:03:13 28464] R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 08:39:36 36608] R3 MODRC;DiBcom Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys [2007-02-06 09:10:58 13440] R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-10-30 00:00:32 75008] R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-10-30 00:00:32 43904] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 10:33:12 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 10:33:14 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 10:33:12 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 10:33:12 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 10:33:14 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 10:33:12 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 10:33:14 115752] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 09:01:26 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 09:01:26 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 09:01:26 121856] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 00:00:39 812544] R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 15:51:06 745472] R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 14:34:50 397312] R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 14:34:50 1089536] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 20:11:44 292128] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 17:52:32 79136] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 11:37:34 722288] R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2010-06-10 14:29:49 691696] S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 01:58:45 9344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.club-vaio.com IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube to Mp3 Converter - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: corel.com Trusted Zone: corel.com\www Trusted Zone: intervideo.com Trusted Zone: intervideo.com\www DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab FF - ProfilePath - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/ FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= FF - prefs.js: network.proxy.ftp - proxy.*******.de FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - proxy.*******.de FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - proxy.*******.de FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - proxy.*******.de FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - proxy.*******.de FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Extension: vShare Plugin: vshare@toolbar - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\vshare@toolbar FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-RunOnce-<NO NAME> - (no file) |
11.12.2010, 16:46 | #11 |
/// Malware-holic | Google-Anfragen werden umgeleitet ich brauch das ganze log der untere teil fehlt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.12.2010, 16:54 | #12 |
/// Malware-holic | Google-Anfragen werden umgeleitet und dann gehts weiter. Start progrmame zubehör editor, erstelle wieder ein neues combofix script. *** durch nutzername ersetzen killall:: Rootkit:: C:\Users\*******\AppData\Roaming\inst.exe Folder:: C:\Users\*******\AppData\Roaming\Yctiop C:\Users\*******\AppData\Roaming\Yctiop wieder abspeichern wie das erste script, im abgesicherten modus starten und cfscript auf combofix ziehen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.12.2010, 16:57 | #13 |
| Google-Anfragen werden umgeleitet OK.... das war die vollständige logfile... oder welcher untere teil fehlt??? hier noch mal die log file - mehr hat er nicht ausgespuckt... ComboFix 10-12-10.01 - ********* 11.12.2010 16:24:28.6.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3070.2508 [GMT 1:00] ausgeführt von:: C:\Users\******\Desktop\ComboFix.exe Benutzte Befehlsschalter :: C:\ComboFix\cfscript.txt AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Vorheriger Suchlauf ------- . C:\Program Files\Internet Explorer\complete.dat C:\Program Files\Internet Explorer\dmlconf.dat C:\Users\*******\AppData\Roaming\avdrn.dat C:\Users\*******\AppData\Roaming\inst.exe C:\Windows\XSxS . ((((((((((((((((((((((( Dateien erstellt von 2010-11-11 bis 2010-12-11 )))))))))))))))))))))))))))))) . 2010-12-11 15:30:42 . 2010-12-11 15:30:45 -------- d-----w- C:\Users\*******\AppData\Local\temp 2010-12-11 15:30:42 . 2010-12-11 15:30:42 -------- d-----w- C:\Users\Default\AppData\Local\temp 2010-12-10 23:50:07 . 2010-12-10 23:50:07 -------- d-----w- C:\_OTL 2010-12-10 18:26:25 . 2010-12-10 18:26:38 -------- d-----w- C:\Program Files\PDF24 2010-12-09 19:05:30 . 2010-12-09 19:05:44 -------- d-----w- C:\Program Files\windows 2010-11-21 11:46:33 . 2010-11-21 11:46:33 47360 ----a-w- C:\Users\*******\AppData\Roaming\pcouffin.sys 2010-11-21 11:46:32 . 2010-11-21 11:46:33 -------- d-----w- C:\Users\*******\AppData\Roaming\Vso 2010-11-20 11:47:27 . 2010-11-21 11:46:17 -------- d-----w- C:\Program Files\SlySoft . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-08 21:04:42 . 2010-04-01 09:56:11 135096 ----a-w- C:\Windows\system32\drivers\avipbb.sys 2010-11-22 17:03:57 . 2010-04-01 09:56:11 61960 ----a-w- C:\Windows\system32\drivers\avgntflt.sys 2010-10-21 20:32:53 . 2003-03-18 19:14:52 505128 ----a-w- C:\Windows\system32\msvcp71.dll 2010-10-21 20:32:53 . 2003-02-21 03:42:22 353576 ----a-w- C:\Windows\system32\msvcr71.dll 2010-10-01 13:20:50 . 2010-10-12 19:30:36 307200 ----a-w- C:\Windows\system32\TubeFinder.exe 2010-09-15 10:10:20 . 2010-10-12 18:54:35 1700352 ----a-w- C:\Windows\system32\GdiPlus.dll 2010-09-15 10:10:18 . 2010-10-12 18:54:35 24576 ----a-w- C:\Windows\system32\msxml3a.dll . ((((((((((((((((((((((((((((( SnapShot@2010-12-11_14.43.33 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 22016 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\netiougc.exe + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 49152 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\netiomig.dll + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 22016 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\netiougc.exe + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 49152 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\netiomig.dll + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 11776 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbunattend.exe + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 66048 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbdrop.dll + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 11776 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbunattend.exe + 2010-12-11 14:52:31 . 2010-12-11 14:52:31 66048 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbdrop.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\wshrm.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\wshrm.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\wshrm.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\wshrm.dll + 2010-12-11 14:51:43 . 2010-12-11 14:51:43 98392 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\FWPKCLNT.SYS + 2010-12-11 14:51:48 . 2010-12-11 14:51:48 85504 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\FWPKCLNT.SYS + 2010-12-11 14:51:46 . 2010-12-11 14:51:46 31232 C:\Windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22283_none_8839cdd01bef0fa3\tcpipreg.sys + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 30720 C:\Windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18160_none_87c2cfff02c3ebf2\tcpipreg.sys + 2010-12-11 14:52:13 . 2010-12-11 14:52:13 84480 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsrslvr.dll + 2010-12-11 14:52:13 . 2010-12-11 14:52:13 24576 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnscacheugc.exe + 2010-12-11 14:52:14 . 2010-12-11 14:52:14 83968 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll + 2010-12-11 14:52:14 . 2010-12-11 14:52:14 24576 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnscacheugc.exe + 2007-11-02 09:04:26 . 2010-12-11 14:48:37 39158 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2007-11-02 09:04:26 . 2010-12-11 14:23:09 39158 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05:11 . 2010-12-11 14:48:39 72912 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2010-04-01 10:21:43 . 2010-12-11 15:20:14 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-01 10:21:43 . 2010-12-11 14:21:15 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-01 10:21:43 . 2010-12-11 15:20:14 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-04-01 10:21:43 . 2010-12-11 14:21:15 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-04-01 10:21:44 . 2010-12-11 14:21:15 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-04-01 10:21:44 . 2010-12-11 15:20:14 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-04-09 10:34:41 . 2010-12-11 14:21:07 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-09 10:34:41 . 2010-12-11 14:46:48 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-09 10:34:41 . 2010-12-11 14:21:07 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-04-09 10:34:41 . 2010-12-11 14:46:48 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-11 14:53:08 . 2010-12-11 14:53:08 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\spwmp.dll + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\dxmasf.dll + 2010-12-11 14:53:14 . 2010-12-11 14:53:14 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\spwmp.dll + 2010-12-11 14:53:13 . 2010-12-11 14:53:13 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\dxmasf.dll + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\spwmp.dll + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\dxmasf.dll + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\spwmp.dll + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\dxmasf.dll + 2010-12-11 14:53:26 . 2010-12-11 14:53:26 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\spwmp.dll + 2010-12-11 14:53:25 . 2010-12-11 14:53:25 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\dxmasf.dll + 2010-12-11 14:53:30 . 2010-12-11 14:53:30 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\spwmp.dll + 2010-12-11 14:53:29 . 2010-12-11 14:53:29 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\dxmasf.dll + 2010-04-01 10:26:38 . 2010-12-11 14:48:39 6158 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3632718627-2461714518-3291536374-1000_UserData.bin - 2010-04-01 10:26:38 . 2010-12-11 14:23:11 6158 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3632718627-2461714518-3291536374-1000_UserData.bin + 2010-12-11 14:52:08 . 2010-12-11 15:15:07 3388 C:\Windows\SoftwareDistribution\PostRebootEventCache\{33F1F29E-2055-4A0F-AAE3-E2BE882174E0}.bin - 2010-12-11 14:21:00 . 2010-12-11 14:35:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2010-12-11 15:19:32 . 2010-12-11 15:19:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-12-11 14:21:00 . 2010-12-11 14:35:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-12-11 15:19:32 . 2010-12-11 15:19:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2007-11-02 09:52:18 . 2010-12-11 14:20:04 3308 C:\Windows\bthservsdp.dat + 2007-11-02 09:52:18 . 2010-12-11 15:15:11 3308 C:\Windows\bthservsdp.dat + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 167424 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpipcfg.dll + 2010-12-11 14:51:48 . 2010-12-11 14:51:49 816640 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 167424 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpipcfg.dll + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 813568 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 907832 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 904776 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys + 2010-12-11 14:51:44 . 2010-12-11 14:51:44 900696 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys + 2010-12-11 14:51:46 . 2010-12-11 14:51:46 897624 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\rmcast.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\rmcast.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\rmcast.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\rmcast.sys + 2010-12-11 14:51:41 . 2010-12-11 14:51:41 438272 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\IKEEXT.DLL + 2010-12-11 14:51:43 . 2010-12-11 14:51:43 595456 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\FWPUCLNT.DLL + 2010-12-11 14:51:40 . 2010-12-11 14:51:40 328704 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\BFE.DLL + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 416768 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\IKEEXT.DLL + 2010-12-11 14:51:48 . 2010-12-11 14:51:48 543232 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\FWPUCLNT.DLL + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 317440 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\BFE.DLL + 2010-12-11 14:51:43 . 2010-12-11 14:51:43 220248 C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22577_none_56e063cace9d90bd\netio.sys + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 214104 C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21175_none_54f7faccd1790339\netio.sys + 2010-12-11 14:53:20 . 2010-12-11 14:53:20 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.22172_none_a65e88df3e466bbf\wmpdxm.dll + 2010-12-11 14:53:20 . 2010-12-11 14:53:20 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.18065_none_a5e2bcde251dfc09\wmpdxm.dll + 2010-12-11 14:52:54 . 2010-12-11 14:52:54 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.22470_none_a47616634121e3ed\wmpdxm.dll + 2010-12-11 14:52:54 . 2010-12-11 14:52:54 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.18289_none_a3eaaa60280446fc\wmpdxm.dll + 2010-12-11 14:53:21 . 2010-12-11 14:53:21 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.21083_none_a287deeb4400f10d\wmpdxm.dll + 2010-12-11 14:53:21 . 2010-12-11 14:53:21 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.16885_none_a2006a922ae150af\wmpdxm.dll + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpshare.exe + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmplayer.exe + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpconfig.exe + 2010-12-11 14:53:13 . 2010-12-11 14:53:13 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpshare.exe + 2010-12-11 14:53:14 . 2010-12-11 14:53:14 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmplayer.exe + 2010-12-11 14:53:13 . 2010-12-11 14:53:13 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpconfig.exe + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpshare.exe + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmplayer.exe + 2010-12-11 14:52:54 . 2010-12-11 14:52:54 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpconfig.exe + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpshare.exe + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmplayer.exe + 2010-12-11 14:53:00 . 2010-12-11 14:53:00 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpconfig.exe + 2010-12-11 14:53:25 . 2010-12-11 14:53:25 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpshare.exe + 2010-12-11 14:53:25 . 2010-12-11 14:53:25 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmplayer.exe + 2010-12-11 14:53:21 . 2010-12-11 14:53:21 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpconfig.exe + 2010-12-11 14:53:29 . 2010-12-11 14:53:29 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpshare.exe + 2010-12-11 14:53:30 . 2010-12-11 14:53:30 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe + 2010-12-11 14:53:29 . 2010-12-11 14:53:29 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpconfig.exe + 2010-12-11 14:52:13 . 2010-12-11 14:52:13 162816 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsapi.dll + 2010-12-11 14:52:14 . 2010-12-11 14:52:14 162816 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsapi.dll - 2006-11-02 10:33:01 . 2010-12-11 14:41:30 669060 C:\Windows\System32\perfh009.dat + 2006-11-02 10:33:01 . 2010-12-11 15:24:04 669060 C:\Windows\System32\perfh009.dat - 2006-11-02 15:33:31 . 2010-12-11 14:41:30 712646 C:\Windows\System32\perfh007.dat + 2006-11-02 15:33:31 . 2010-12-11 15:24:03 712646 C:\Windows\System32\perfh007.dat - 2006-11-02 10:33:01 . 2010-12-11 14:41:30 122840 C:\Windows\System32\perfc009.dat + 2006-11-02 10:33:01 . 2010-12-11 15:24:03 122840 C:\Windows\System32\perfc009.dat - 2006-11-02 15:33:31 . 2010-12-11 14:41:30 140490 C:\Windows\System32\perfc007.dat + 2006-11-02 15:33:31 . 2010-12-11 15:24:03 140490 C:\Windows\System32\perfc007.dat + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 1232384 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sidebar.exe + 2010-12-11 14:52:31 . 2010-12-11 14:52:31 1232896 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sidebar.exe + 2010-12-11 14:53:10 . 2010-12-11 14:53:12 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmploc.DLL + 2010-12-11 14:53:17 . 2010-12-11 14:53:19 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmploc.DLL + 2010-12-11 14:52:59 . 2010-12-11 14:53:00 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmploc.DLL + 2010-12-11 14:53:05 . 2010-12-11 14:53:06 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmploc.DLL + 2010-12-11 14:53:28 . 2010-12-11 14:53:29 8147968 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmploc.DLL + 2010-12-11 14:53:31 . 2010-12-11 14:53:31 8147968 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmploc.DLL + 2006-11-02 10:22:39 . 2010-12-11 15:20:20 6291456 C:\Windows\System32\SMI\Store\Machine\schema.dat - 2006-11-02 10:22:39 . 2010-10-08 21:54:22 6291456 C:\Windows\System32\SMI\Store\Machine\schema.dat + 2010-12-11 15:24:02 . 2010-12-11 15:24:02 6156288 C:\Windows\ERDNT\Hiv-backup\schema.dat + 2010-12-11 14:53:08 . 2010-12-11 14:53:08 10628096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmp.dll + 2010-12-11 14:53:15 . 2010-12-11 14:53:17 10628096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmp.dll + 2010-12-11 14:52:56 . 2010-12-11 14:52:58 10627584 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmp.dll + 2010-12-11 14:53:02 . 2010-12-11 14:53:05 10626048 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmp.dll + 2010-12-11 14:53:26 . 2010-12-11 14:53:28 10622464 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmp.dll + 2010-12-11 14:53:30 . 2010-12-11 14:53:31 10621952 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmp.dll . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36:04 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-30 00:33:32 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-30 00:32:04 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-30 00:32:04 81920] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 10:09:58 311296] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 21:48:01 281768] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 00:12:18 118784] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 09:45:59 215552] "BDRegion"="C:\Program Files\Cyberlink\Shared files\brs.exe" [2010-08-26 10:18:34 75048] "NPSStartup"="" [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05:20 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=C:\Windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37:40 932288 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-18 06:58:00 40368 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2007-06-10 00:12:18 118784 ----a-w- C:\Program Files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2009-04-02 17:05:22 102400 ----a-w- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 17:03:40 152872 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46:36 1135912 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools] 2007-11-02 12:40:56 36864 ----a-w- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57:24 153136 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2010-05-14 08:32:30 1479680 ----a-w- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint] 2010-11-18 08:06:44 215944 ----a-w- C:\Program Files\PDF24\pdf24.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-09-12 00:29:47 443968 ----a-w- C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 21:08:18 417792 ----a-w- C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10] 2010-02-02 22:08:56 87336 ------w- C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00:36 132496 ----a-w- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] 2009-06-17 11:44:11 85160 ----a-w- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3632718627-2461714518-3291536374-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/21 22:36:51];C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 10:18:24 87536] R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-02 21:48:01 135336] R2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [2009-03-31 08:39:36 233472] R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 19:09:28 11032] R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 07:07:22 493248] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 00:03:13 28464] R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 08:39:36 36608] R3 MODRC;DiBcom Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys [2007-02-06 09:10:58 13440] R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-10-30 00:00:32 75008] R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-10-30 00:00:32 43904] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 10:33:12 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 10:33:14 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 10:33:12 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 10:33:12 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 10:33:14 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 10:33:12 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 10:33:14 115752] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 09:01:26 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 09:01:26 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 09:01:26 121856] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 00:00:39 812544] R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 15:51:06 745472] R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 14:34:50 397312] R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 14:34:50 1089536] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 20:11:44 292128] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 17:52:32 79136] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 11:37:34 722288] R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2010-06-10 14:29:49 691696] S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 01:58:45 9344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.club-vaio.com IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube to Mp3 Converter - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: corel.com Trusted Zone: corel.com\www Trusted Zone: intervideo.com Trusted Zone: intervideo.com\www DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab FF - ProfilePath - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/ FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= FF - prefs.js: network.proxy.ftp - proxy.*******.de FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - proxy.*******.de FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - proxy.*******.de FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - proxy.*******.de FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - proxy.*******.de FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Extension: vShare Plugin: vshare@toolbar - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\vshare@toolbar FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-RunOnce-<NO NAME> - (no file) |
11.12.2010, 17:00 | #14 |
| Google-Anfragen werden umgeleitet Habe noch eine Frage... unter c:\ habe ich diverse neue verlinkungen durch die programme bekommen und viele dateien - unter anderem *.sys dateien, die mehr als 3 gb groß sind...? www.image-upload.de/file/7Gcw54/bdc17d02f1.jpg Führe jetzt den schritt durch, den du mir zuletzt genannt hast. gruß und danke soweit Geändert von need.help (11.12.2010 um 17:05 Uhr) |
11.12.2010, 17:27 | #15 |
/// Malware-holic | Google-Anfragen werden umgeleitet hmm merkwürdig das mit der log, erst mal säubern wir den pc dann kommt alles andere :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Google-Anfragen werden umgeleitet |
.com, antivir, attackierende, bewusst, computer, forum, frage, fragen, freeware, klick, link, neu, nichts, problem, programme, seite, sicherheitseinstellungen, software, system, trojaner, umgeleitet, viren, webseite, webseiten, werbeseite |