Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google-Anfragen werden umgeleitet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.12.2010, 23:56   #1
need.help
 
Google-Anfragen werden umgeleitet - Standard

Google-Anfragen werden umgeleitet



Hallo,

vorweg - bitte seid nachsichtig, ich bin neu hier im Forum, da ich dringends eure Hilfe benötige... Wie schon im Betreff angekündigt, werden jegliche Google-Suchanfragen zunächst aufgelistet und wenn man auf den jeweiligen Link klickt kommt man statt auf die gewünschte Seite (Bsp. w*w.microsoft.com) auf Werbeseiten oder eine weinrote Seite, die anzeigt:

"Als attackierend gemeldete Webseite!"...

im weiteren steht:

"Die Webseite auf 64.155.212.118 wurde als attackierende Seite gemeldet und auf Grund Ihrer Sicherheitseinstellungen blockiert.
Attackierende Webseiten versuchen, Programme zu installieren, die private Informationen stehlen, Ihren Computer verwenden, um andere zu attackieren oder Ihr System beschädigen.
Manche Webseiten vertreiben bewusst Viren und ähnlich schädliche Software, aber viele Webseiten sind auch ohne das Wissen oder die Erlaubnis des Betreibers kompromittiert."

Erste Einschätzung meinerseits ist, dass es ein Trojaner sein könnte, bin mir da jedoch nicht sicher. Bin kein Laie auf dem Gebiet, jedoch reicht es nicht aus, um mit dem Problem selbst fertig zu werden. Habe die Freeware von Antivir durchlaufen lassen - hat nichts gefunden. Wie kann ich weiter vorgehen. Ich hoffe auf eure Hilfe.

Danke

Alt 10.12.2010, 12:38   #2
markusg
/// Malware-holic
 
Google-Anfragen werden umgeleitet - Standard

Google-Anfragen werden umgeleitet



ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________

__________________

Alt 11.12.2010, 13:33   #3
need.help
 
Google-Anfragen werden umgeleitet - Standard

Google-Anfragen werden umgeleitet



Hier die OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.12.2010 13:04:03 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\*******\Desktop
Windows Vista Home Precmium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,12 Gb Total Space | 31,51 Gb Free Space | 28,36% Space Free | Partition Type: NTFS
Drive G: | 64,65 Gb Total Space | 0,43 Gb Free Space | 0,66% Space Free | Partition Type: NTFS
 
Computer Name: *******-PC | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*******\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*******\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IDriverT) -- c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (MODRC) -- C:\Windows\System32\drivers\modrc.sys (DiBcom S.A.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com
IE - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Radio Bar 2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.backup.ftp: "proxy.*******.de"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy.*******.de"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.*******.de"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.*******.de"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.*******.de"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.*******.de"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.*******.de"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.*******.de"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.*******.de"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.22 17:05:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.10 14:11:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.10 11:41:21 | 000,000,000 | ---D | M]
 
[2010.04.01 11:28:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Extensions
[2010.12.11 12:54:46 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\st9xz2n9.default\extensions
[2010.08.11 20:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\st9xz2n9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.18 14:31:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\st9xz2n9.default\extensions\vshare@toolbar
[2010.06.08 10:30:42 | 000,000,925 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\FireFox\Profiles\st9xz2n9.default\searchplugins\conduit.xml
[2010.11.09 14:27:22 | 000,002,101 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\FireFox\Profiles\st9xz2n9.default\searchplugins\googlede.xml
[2010.11.05 16:22:10 | 000,001,583 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\FireFox\Profiles\st9xz2n9.default\searchplugins\web-search.xml
[2010.04.01 10:43:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.09 13:13:50 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.09 13:13:50 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.09 13:13:50 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.09 13:13:50 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.09 13:13:50 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\..Trusted Domains: corel.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\..Trusted Domains: corel.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\..Trusted Domains: intervideo.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\..Trusted Domains: intervideo.com ([www] * in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\*******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{017c5b4f-4d90-11df-9f99-001e3d8976cf}\Shell\AutoRun\command - "" = .\Highspeed drivers.exe
O33 - MountPoints2\{a5f62e80-3d77-11df-bd62-001e3d8976cf}\Shell - "" = AutoRun
O33 - MountPoints2\{a5f62e80-3d77-11df-bd62-001e3d8976cf}\Shell\AutoRun\command - "" = I:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: MarketingTools - hkey= - key= - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
MsConfig - StartUpReg: PMCLoader - hkey= - key= - C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl10 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.11 00:50:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.11 00:46:07 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe
[2010.12.10 19:26:53 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\pdf24
[2010.12.10 19:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[2010.12.10 19:25:58 | 011,792,152 | ---- | C] (Geek Software GmbH                                          ) -- C:\Users\*******\Desktop\pdf24-creator.exe
[2010.12.09 20:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\windows
[2010.12.09 13:46:43 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\XY
[2010.11.21 12:46:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\*******\AppData\Roaming\pcouffin.sys
[2010.11.21 12:46:32 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Vso
[2010.11.21 12:46:32 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\PcSetup
[2010.11.20 12:57:54 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\yx
[2010.11.20 12:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.11 12:44:31 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.11 12:44:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.11 12:44:30 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.11 00:46:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe
[2010.12.10 19:38:03 | 000,140,800 | ---- | M] () -- C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.10 19:26:26 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2010.12.10 19:26:16 | 011,792,152 | ---- | M] (Geek Software GmbH                                          ) -- C:\Users\*******\Desktop\pdf24-creator.exe
[2010.12.10 19:14:42 | 000,189,918 | ---- | M] () -- C:\Users\*******\AppData\Roaming\nvModes.dat
[2010.12.10 19:14:42 | 000,189,918 | ---- | M] () -- C:\Users\*******\AppData\Roaming\nvModes.001
[2010.12.10 16:16:54 | 000,713,632 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.10 16:16:54 | 000,669,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.10 16:16:54 | 000,141,074 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.10 16:16:54 | 000,123,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.10 16:14:41 | 000,012,662 | ---- | M] () -- C:\Users\*******\Desktop\fd.docx
[2010.12.10 00:14:36 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.09 19:48:32 | 000,000,012 | ---- | M] () -- C:\Users\*******\AppData\Roaming\abpzlw.dat
[2010.12.09 19:48:26 | 000,000,004 | ---- | M] () -- C:\Users\*******\AppData\Roaming\avdrn.dat
[2010.12.09 02:30:21 | 296,872,139 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.08 22:04:42 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.04 22:07:12 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.12.02 12:35:50 | 000,012,735 | ---- | M] () -- C:\Users\*******\Documents\Der  Code des BösenKatharina Bogner.docx
[2010.11.26 08:25:41 | 000,003,308 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.11.22 18:03:57 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.11.21 12:46:33 | 000,087,608 | ---- | M] () -- C:\Users\*******\AppData\Roaming\inst.exe
[2010.11.21 12:46:33 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\*******\AppData\Roaming\pcouffin.sys
[2010.11.21 12:46:33 | 000,007,887 | ---- | M] () -- C:\Users\*******\AppData\Roaming\pcouffin.cat
[2010.11.21 12:46:33 | 000,001,144 | ---- | M] () -- C:\Users\*******\AppData\Roaming\pcouffin.inf
[2010.11.20 12:57:38 | 000,145,583 | ---- | M] () -- C:\Windows\rg.xml
[2010.11.20 12:57:09 | 000,000,073 | ---- | M] () -- C:\Windows\userList.xml
[2010.11.20 12:51:58 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
 
========== Files Created - No Company Name ==========
 
[2010.12.10 19:26:26 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2010.12.10 14:21:29 | 000,012,662 | ---- | C] () -- C:\Users\*******\Desktop\Gliederung.docx
[2010.12.09 19:48:32 | 000,000,012 | ---- | C] () -- C:\Users\*******\AppData\Roaming\abpzlw.dat
[2010.12.09 19:48:26 | 000,000,004 | ---- | C] () -- C:\Users\*******\AppData\Roaming\avdrn.dat
[2010.12.02 12:35:50 | 000,012,735 | ---- | C] () -- C:\Users\*******\Documents\Der  Code des BösenKatharina Bogner.docx
[2010.11.21 12:46:33 | 000,087,608 | ---- | C] () -- C:\Users\*******\AppData\Roaming\inst.exe
[2010.11.21 12:46:33 | 000,007,887 | ---- | C] () -- C:\Users\*******\AppData\Roaming\pcouffin.cat
[2010.11.21 12:46:33 | 000,001,144 | ---- | C] () -- C:\Users\*******\AppData\Roaming\pcouffin.inf
[2010.11.21 12:46:33 | 000,000,055 | ---- | C] () -- C:\Users\*******\AppData\Roaming\pcouffin.log
[2010.11.20 12:57:38 | 000,145,583 | ---- | C] () -- C:\Windows\rg.xml
[2010.11.20 12:57:09 | 000,000,073 | ---- | C] () -- C:\Windows\userList.xml
[2010.11.20 12:51:58 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.11.06 17:41:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.11.06 17:41:46 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.10.12 21:15:04 | 000,001,658 | ---- | C] () -- C:\Users\*******\AppData\Roaming\filterclsid.dat
[2010.10.12 20:56:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.10.12 20:48:44 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.08.27 11:57:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.06.15 22:33:14 | 000,000,027 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2010.06.10 15:29:49 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.04.11 18:03:46 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.04.01 19:19:26 | 000,140,800 | ---- | C] () -- C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.01 11:24:56 | 000,002,032 | ---- | C] () -- C:\Users\*******\AppData\Local\d3d9caps.dat
[2010.04.01 11:24:46 | 000,189,918 | ---- | C] () -- C:\Users\*******\AppData\Roaming\nvModes.dat
[2010.04.01 11:24:46 | 000,189,918 | ---- | C] () -- C:\Users\*******\AppData\Roaming\nvModes.001
[2007.09.12 00:57:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007.09.12 00:54:26 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007.08.28 18:03:14 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.01.01 02:41:22 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2005.01.01 02:15:08 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2005.01.01 02:12:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010.06.10 15:32:53 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DAEMON Tools Lite
[2010.08.11 20:57:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.12 20:30:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FreeFLVConverter
[2010.10.21 16:58:48 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\InterVideo
[2010.06.16 10:25:13 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\IrfanView
[2010.09.22 17:22:06 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Nokia
[2005.01.01 06:47:00 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Opera
[2010.09.22 17:17:03 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PC Suite
[2010.11.06 17:41:34 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Samsung
[2010.09.11 15:16:53 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Thinstall
[2010.11.21 12:46:33 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Vso
[2010.12.09 23:56:51 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Yctiop
[2010.08.17 10:44:40 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\YoudaGames
[2010.11.26 08:25:41 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.04.01 17:27:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Adobe
[2010.04.18 19:58:13 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Ahead
[2005.01.01 01:44:50 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Avira
[2010.10.12 19:55:24 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\AVS4YOU
[2010.10.21 21:38:41 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\CyberLink
[2010.06.10 15:32:53 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DAEMON Tools Lite
[2010.04.01 19:19:32 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DivX
[2010.09.06 13:00:32 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\dvdcss
[2010.08.11 20:57:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.12 20:30:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FreeFLVConverter
[2010.04.16 13:34:15 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Google
[2007.11.02 09:56:07 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Identities
[2010.10.21 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\InstallShield
[2010.10.21 16:58:48 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\InterVideo
[2010.06.16 10:25:13 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\IrfanView
[2007.11.02 13:40:07 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Macromedia
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\*******t\AppData\Roaming\Media Center Programs
[2010.09.30 11:04:26 | 000,000,000 | --SD | M] -- C:\Users\*******\AppData\Roaming\Microsoft
[2010.04.01 11:28:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Mozilla
[2010.09.22 17:22:06 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Nokia
[2005.01.01 06:47:00 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Opera
[2010.09.22 17:17:03 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PC Suite
[2010.11.06 17:41:34 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Samsung
[2010.07.26 18:05:58 | 000,000,000 | RH-D | M] -- C:\Users\*******\AppData\Roaming\SecuROM
[2010.05.28 19:36:57 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Skype
[2010.08.15 10:36:03 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\SmartFTP
[2010.10.04 21:37:47 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Sony Corporation
[2010.09.11 15:16:53 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Thinstall
[2010.10.23 14:38:32 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\vlc
[2010.11.21 12:46:33 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Vso
[2010.04.01 20:33:55 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\WinRAR
[2010.12.09 23:56:51 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Yctiop
[2010.08.17 10:44:40 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\YoudaGames
 
< %APPDATA%\*.exe /s >
[2010.11.21 12:46:33 | 000,087,608 | ---- | M] () -- C:\Users\*******\AppData\Roaming\inst.exe
[2010.10.28 20:06:24 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\*******\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.08.15 10:36:29 | 000,157,733 | R--- | M] () -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{D2FA7DE1-ED1A-4F9F-949F-B680C470D3FE}\SmartFTP.exe
[2010.11.06 17:43:15 | 000,555,008 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\drivers\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2010.04.03 12:00:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010.04.03 12:00:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010.04.03 12:00:09 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010.04.03 12:00:09 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2010.04.03 12:00:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\Drivers\SATA Driver (Intel) (Non-RAID) 7.0A - 7.0.0.1020\iastor.sys
[2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.11.02 10:23:58 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2007.11.02 10:23:58 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2007.11.02 10:23:58 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.06.10 15:29:49 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2007.11.02 18:48:17 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.11.02 18:48:16 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.11.02 18:48:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.11.02 18:48:24 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.11.02 18:48:25 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2006.11.02 10:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2006.11.02 10:46:13 | 000,221,184 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< End of report >
         
--- --- ---












Hier die Extras:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.12.2010 13:04:03 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\*******\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,12 Gb Total Space | 31,51 Gb Free Space | 28,36% Space Free | Partition Type: NTFS
Drive G: | 64,65 Gb Total Space | 0,43 Gb Free Space | 0,66% Space Free | Partition Type: NTFS
 
Computer Name: *******-PC | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3632718627-2461714518-3291536374-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B9F9D674-9800-46A5-89C4-950EE1438C14}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017FBF47-4C08-442F-82EB-B70CF25FD24A}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{0986E903-FF78-40AB-9041-9DE8E4774157}" = protocol=6 | dir=in | app=c:\program files\PSEE\PSE\PSE.exe | 
"{11252DA3-2C4C-4DC9-A4A7-8E8508A920E6}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{211F9847-C23B-429A-9EED-53051EFD6D0B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{252E50B3-78BA-43E2-81FB-F4FEE6044BAE}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{2C1ABDBC-AB50-4393-94BA-A2BF17DEF0D1}" = protocol=6 | dir=in | app=c:\program files\PSEE\PSE\PSE.exe | 
"{2FD71130-1434-4DD9-B2B7-6905A3AF0747}" = protocol=17 | dir=in | app=c:\program files\PSEE\PSE\PSE.exe | 
"{3E3FC247-C1DB-4D6A-A8C3-74AA7D291D60}" = protocol=17 | dir=in | app=c:\program files\PSEE\PSE\PSE.exe | 
"{6303ADC9-81DD-4FBC-A42F-7936A0385CD0}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 

"{9F0B9C03-B50D-4FFA-BC86-2EC56955B424}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd9.exe | 
"{BEDCC1D7-3393-4F24-AEA2-D9149770F853}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{C9F4128F-B0C9-463D-910B-5B7A73257D10}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{E7F2FBFC-4044-499D-9BE2-2F7C5B82BE9B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2000
"{06F80017-8F98-4C94-B868-52358569FC32}" = CG
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = PSE
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{336C4194-47FA-40A8-8D65-21000CA5186E}" = PSE
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4203C377-8F5B-4B3C-9096-6FC7C2CB9BC5}" = VAIO Content Metadata XML Interface Library
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{5C9CEF25-6F70-4916-AFE2-67DC66E440F9}" = SmartFTP Client
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AF3D486-C45C-472F-A5C1-99C7A4C18127}" = BROCKHAUS DIE ENZYKLOPÄDIE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.8
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF806C4-2D77-4F67-8435-D4BDCEB665A8}_is1" = GOP
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting
"{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library
"{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D2FA7DE1-ED1A-4F9F-949F-B680C470D3FE}" = SmartFTP Client German (Germany) MUI
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DC158DF7-6B36-4C6F-BC91-109014297994}" = XY
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F5397A82-641F-4643-8200-51D7F0016511}" = Click to Disc
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"0216B19FFB37CDD2B09298B6C184F90316C813B1" = Windows Driver Package - Intel (NETw4v32) net  (06/20/2007 11.1.1.16)
"1713EFD0409BCDF53DED33020E5FE8E4FB97BA41" = Windows Driver Package - Intel (NETw2v32) net  (03/06/2007 9.1.1.15)
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"B8F60C0D48BE9CDD36117829702A2631F7C489C7" = Windows Driver Package - Intel net  (06/20/2007 11.1.1.16)
"Carom3D" = Carom3D
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"dt icon module" = 
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video Dub_is1" = Free Video Dub version 1.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"gtfirstboot Setting Request" = 
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IPIX ActiveX Viewer" = IPIX ActiveX Viewer
"IPIX Netscape Plugin Viewer" = IPIX Netscape Plugin Viewer
"IPIX Viewer" = IPIX Viewer
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"MarketingTools" = Vaio Marketing Tools
"MFU Module" = 
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Picasa2" = Picasa 2
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Trials 2 Second Edition_is1" = Trials 2 Second Edition v1.08
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"VAIO_My Club VAIO" = My Club VAIO
"VAIO_Photoshop" = 
"VAIO_Premiere" = 
"VAIO_Standard" = 
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-9
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---







DANKE
__________________

Alt 11.12.2010, 13:50   #4
markusg
/// Malware-holic
 
Google-Anfragen werden umgeleitet - Standard

Google-Anfragen werden umgeleitet



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.12.2010, 15:03   #5
need.help
 
Google-Anfragen werden umgeleitet - Standard

Google-Anfragen werden umgeleitet



Ich konnte leider kein Combofix log erstellen, obwohl ich den Anweisungen des Tutorials gefolgt bin...
Der Computer stürzt bei Stufe 41 einfach ab und ich habe einen BlueScreen...
Habe es drei mal probiert und immer wieder das gleiche, obwohl alle Prozesse geschlossen waren (inklusive Antivir)
Nach dem Neustart habe ich schon geschaut, ob irgendwo ein logfile erstellt wurde oder irgendetwas, was weiterhelfen könnte..

Woran kann es liegen bzw. gibt´s ne Alternative zu Combofix?

Besten Dank


Alt 11.12.2010, 15:08   #6
markusg
/// Malware-holic
 
Google-Anfragen werden umgeleitet - Standard

Google-Anfragen werden umgeleitet



CD-Emulatoren mit DeFogger deaktivieren

Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren
laufen lassen oder die Software über Systemsteuerung => Software/Programme deinstallieren.
Berichte mir, für welche Variante Du Dich entschieden hast. Die Deaktivierung können wir nach der
Bereinigung rückgängig machen.

Lade
http://filepony.de/download-defogger/
herunter und speichere es auf Deinem Desktop.

Doppelklicke DeFogger, um das Tool zu starten.

• Es öffnet sich das Programm-Fenster des Tools.
• Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren.
• Klicke Ja, um fortzufahren.
• Wenn die Nachricht 'Finished!' erscheint,
• klicke OK.
• DeFogger wird nun einen Reboot erfragen - klicke OK
• Poste mir das defogger_disable.log hier in den Thread. Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird.
jetzt versuch combofix erneut, 1 versuch reicht. wenn er jetzt wieder abstürtzt, starte deinen pc neu in den abgesicherten modus ohne netzwerk.
sollte bei pc start mit f8 zu erreichen sein, dort combofix erneut probieren.
__________________
--> Google-Anfragen werden umgeleitet

Alt 11.12.2010, 15:26   #7
need.help
 
Google-Anfragen werden umgeleitet - Standard

Google-Anfragen werden umgeleitet



Hier der logfile vom defogger...
Lasse jetzt Combofix noch mal durchlaufen bzw. falls es nicht funktioniert im abgesicherten Modus.



defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:24 on 11/12/2010 (*******)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

Alt 11.12.2010, 15:55   #8
need.help
 
Google-Anfragen werden umgeleitet - Standard

Google-Anfragen werden umgeleitet



Im abgesicherten Modus hat Combofix es geschafft, ein Ergebnis zu liefern:

Combofix logfile:

ComboFix 10-12-10.01 - ******* 11.12.2010 15:37:20.5.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3070.2518 [GMT 1:00]
ausgeführt von:: C:\Users\********\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Internet Explorer\complete.dat
C:\Program Files\Internet Explorer\dmlconf.dat
C:\Users\********\AppData\Roaming\avdrn.dat
C:\Users\********\AppData\Roaming\inst.exe
C:\Windows\XSxS

.
((((((((((((((((((((((( Dateien erstellt von 2010-11-11 bis 2010-12-11 ))))))))))))))))))))))))))))))
.

2010-12-11 14:43:27 . 2010-12-11 14:43:31 -------- d-----w- C:\Users\********\AppData\Local\temp
2010-12-11 14:43:27 . 2010-12-11 14:43:27 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-12-10 23:50:07 . 2010-12-10 23:50:07 -------- d-----w- C:\_OTL
2010-12-10 18:26:25 . 2010-12-10 18:26:38 -------- d-----w- C:\Program Files\PDF24
2010-12-09 19:05:30 . 2010-12-09 19:05:44 -------- d-----w- C:\Program Files\windows
2010-11-21 11:46:33 . 2010-11-21 11:46:33 47360 ----a-w- C:\Users\********\AppData\Roaming\pcouffin.sys
2010-11-21 11:46:32 . 2010-11-21 11:46:33 -------- d-----w- C:\Users\********\AppData\Roaming\Vso
2010-11-20 11:47:27 . 2010-11-21 11:46:17 -------- d-----w- C:\Program Files\SlySoft

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 21:04:42 . 2010-04-01 09:56:11 135096 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2010-11-22 17:03:57 . 2010-04-01 09:56:11 61960 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2010-10-21 20:32:53 . 2003-03-18 19:14:52 505128 ----a-w- C:\Windows\system32\msvcp71.dll
2010-10-21 20:32:53 . 2003-02-21 03:42:22 353576 ----a-w- C:\Windows\system32\msvcr71.dll
2010-10-01 13:20:50 . 2010-10-12 19:30:36 307200 ----a-w- C:\Windows\system32\TubeFinder.exe
2010-09-15 10:10:20 . 2010-10-12 18:54:35 1700352 ----a-w- C:\Windows\system32\GdiPlus.dll
2010-09-15 10:10:18 . 2010-10-12 18:54:35 24576 ----a-w- C:\Windows\system32\msxml3a.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36:04 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-30 00:33:32 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-30 00:32:04 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-30 00:32:04 81920]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 10:09:58 311296]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 21:48:01 281768]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 00:12:18 118784]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 09:45:59 215552]
"BDRegion"="C:\Program Files\Cyberlink\Shared files\brs.exe" [2010-08-26 10:18:34 75048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05:20 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\Windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37:40 932288 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 06:58:00 40368 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-06-10 00:12:18 118784 ----a-w- C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-02 17:05:22 102400 ----a-w- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03:40 152872 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46:36 1135912 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
2007-11-02 12:40:56 36864 ----a-w- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57:24 153136 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32:30 1479680 ----a-w- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-11-18 08:06:44 215944 ----a-w- C:\Program Files\PDF24\pdf24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-09-12 00:29:47 443968 ----a-w- C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 21:08:18 417792 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08:56 87336 ------w- C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 03:00:36 132496 ----a-w- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44:11 85160 ----a-w- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3632718627-2461714518-3291536374-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/21 22:36:51];C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 10:18:24 87536]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-02 21:48:01 135336]
R2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [2009-03-31 08:39:36 233472]
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 19:09:28 11032]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 07:07:22 493248]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 00:03:13 28464]
R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 08:39:36 36608]
R3 MODRC;DiBcom Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys [2007-02-06 09:10:58 13440]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-10-30 00:00:32 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-10-30 00:00:32 43904]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 10:33:12 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 10:33:14 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 10:33:12 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 10:33:12 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 10:33:14 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 10:33:12 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 10:33:14 115752]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 09:01:26 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 09:01:26 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 09:01:26 121856]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 00:00:39 812544]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 15:51:06 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 14:34:50 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 14:34:50 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 20:11:44 292128]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 17:52:32 79136]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 11:37:34 722288]
R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2010-06-10 14:29:49 691696]
S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 01:58:45 9344]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.club-vaio.com
IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to Mp3 Converter - C:\Users\********\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: corel.com
Trusted Zone: corel.com\www
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.ftp - proxy.********.de
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.********.de
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.********.de
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.********.de
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.********.de
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Extension: vShare Plugin: vshare@toolbar - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\vshare@toolbar
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-NPSStartup - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-PMCLoader - C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
MSConfigStartUp-Sony Ericsson PC Suite - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

Geändert von need.help (11.12.2010 um 16:43 Uhr)

Alt 11.12.2010, 16:08   #9
markusg
/// Malware-holic
 
Google-Anfragen werden umgeleitet - Standard

Google-Anfragen werden umgeleitet



start programme zubehör editor, kopiere rein

Killall::
Folder::
C:\Program Files\windows


datei speichern unter, typ alle dateien, speicherort, dort wo sich combofix befindet.
mame: cfscript.txt
starte im abgesicherten modus, ziehe cfscript auf combofix, programm startet, log posten-
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.12.2010, 16:42   #10
need.help
 
Google-Anfragen werden umgeleitet - Standard

Google-Anfragen werden umgeleitet



Log File:


ComboFix 10-12-10.01 - ******* 11.12.2010 16:24:28.6.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3070.2508 [GMT 1:00]
ausgeführt von:: C:\Users\*******\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: C:\ComboFix\cfscript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
C:\Program Files\Internet Explorer\complete.dat
C:\Program Files\Internet Explorer\dmlconf.dat
C:\Users\*******\AppData\Roaming\avdrn.dat
C:\Users\*******\AppData\Roaming\inst.exe
C:\Windows\XSxS

.
((((((((((((((((((((((( Dateien erstellt von 2010-11-11 bis 2010-12-11 ))))))))))))))))))))))))))))))
.

2010-12-11 15:30:42 . 2010-12-11 15:30:45 -------- d-----w- C:\Users\*******\AppData\Local\temp
2010-12-11 15:30:42 . 2010-12-11 15:30:42 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-12-10 23:50:07 . 2010-12-10 23:50:07 -------- d-----w- C:\_OTL
2010-12-10 18:26:25 . 2010-12-10 18:26:38 -------- d-----w- C:\Program Files\PDF24
2010-12-09 19:05:30 . 2010-12-09 19:05:44 -------- d-----w- C:\Program Files\windows
2010-11-21 11:46:33 . 2010-11-21 11:46:33 47360 ----a-w- C:\Users\*******\AppData\Roaming\pcouffin.sys
2010-11-21 11:46:32 . 2010-11-21 11:46:33 -------- d-----w- C:\Users\*******\AppData\Roaming\Vso
2010-11-20 11:47:27 . 2010-11-21 11:46:17 -------- d-----w- C:\Program Files\SlySoft

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 21:04:42 . 2010-04-01 09:56:11 135096 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2010-11-22 17:03:57 . 2010-04-01 09:56:11 61960 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2010-10-21 20:32:53 . 2003-03-18 19:14:52 505128 ----a-w- C:\Windows\system32\msvcp71.dll
2010-10-21 20:32:53 . 2003-02-21 03:42:22 353576 ----a-w- C:\Windows\system32\msvcr71.dll
2010-10-01 13:20:50 . 2010-10-12 19:30:36 307200 ----a-w- C:\Windows\system32\TubeFinder.exe
2010-09-15 10:10:20 . 2010-10-12 18:54:35 1700352 ----a-w- C:\Windows\system32\GdiPlus.dll
2010-09-15 10:10:18 . 2010-10-12 18:54:35 24576 ----a-w- C:\Windows\system32\msxml3a.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-11_14.43.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 22016 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\netiougc.exe
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 49152 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\netiomig.dll
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 22016 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\netiougc.exe
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 49152 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\netiomig.dll
+ 2010-12-11 14:52:30 . 2010-12-11 14:52:30 11776 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbunattend.exe
+ 2010-12-11 14:52:30 . 2010-12-11 14:52:30 66048 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbdrop.dll
+ 2010-12-11 14:52:30 . 2010-12-11 14:52:30 11776 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbunattend.exe
+ 2010-12-11 14:52:31 . 2010-12-11 14:52:31 66048 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbdrop.dll
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\wshrm.dll
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\wshrm.dll
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\wshrm.dll
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\wshrm.dll
+ 2010-12-11 14:51:43 . 2010-12-11 14:51:43 98392 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\FWPKCLNT.SYS
+ 2010-12-11 14:51:48 . 2010-12-11 14:51:48 85504 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\FWPKCLNT.SYS
+ 2010-12-11 14:51:46 . 2010-12-11 14:51:46 31232 C:\Windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22283_none_8839cdd01bef0fa3\tcpipreg.sys
+ 2010-12-11 14:51:47 . 2010-12-11 14:51:47 30720 C:\Windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18160_none_87c2cfff02c3ebf2\tcpipreg.sys
+ 2010-12-11 14:52:13 . 2010-12-11 14:52:13 84480 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsrslvr.dll
+ 2010-12-11 14:52:13 . 2010-12-11 14:52:13 24576 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnscacheugc.exe
+ 2010-12-11 14:52:14 . 2010-12-11 14:52:14 83968 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll
+ 2010-12-11 14:52:14 . 2010-12-11 14:52:14 24576 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnscacheugc.exe
+ 2007-11-02 09:04:26 . 2010-12-11 14:48:37 39158 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2007-11-02 09:04:26 . 2010-12-11 14:23:09 39158 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05:11 . 2010-12-11 14:48:39 72912 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-01 10:21:43 . 2010-12-11 15:20:14 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-01 10:21:43 . 2010-12-11 14:21:15 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-01 10:21:43 . 2010-12-11 15:20:14 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-01 10:21:43 . 2010-12-11 14:21:15 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-01 10:21:44 . 2010-12-11 14:21:15 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-01 10:21:44 . 2010-12-11 15:20:14 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-09 10:34:41 . 2010-12-11 14:21:07 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-09 10:34:41 . 2010-12-11 14:46:48 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-09 10:34:41 . 2010-12-11 14:21:07 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-09 10:34:41 . 2010-12-11 14:46:48 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-11 14:53:08 . 2010-12-11 14:53:08 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\spwmp.dll
+ 2010-12-11 14:53:07 . 2010-12-11 14:53:07 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\dxmasf.dll
+ 2010-12-11 14:53:14 . 2010-12-11 14:53:14 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\spwmp.dll
+ 2010-12-11 14:53:13 . 2010-12-11 14:53:13 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\dxmasf.dll
+ 2010-12-11 14:52:55 . 2010-12-11 14:52:55 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\spwmp.dll
+ 2010-12-11 14:52:55 . 2010-12-11 14:52:55 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\dxmasf.dll
+ 2010-12-11 14:53:01 . 2010-12-11 14:53:01 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\spwmp.dll
+ 2010-12-11 14:53:01 . 2010-12-11 14:53:01 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\dxmasf.dll
+ 2010-12-11 14:53:26 . 2010-12-11 14:53:26 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\spwmp.dll
+ 2010-12-11 14:53:25 . 2010-12-11 14:53:25 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\dxmasf.dll
+ 2010-12-11 14:53:30 . 2010-12-11 14:53:30 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\spwmp.dll
+ 2010-12-11 14:53:29 . 2010-12-11 14:53:29 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\dxmasf.dll
+ 2010-04-01 10:26:38 . 2010-12-11 14:48:39 6158 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3632718627-2461714518-3291536374-1000_UserData.bin
- 2010-04-01 10:26:38 . 2010-12-11 14:23:11 6158 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3632718627-2461714518-3291536374-1000_UserData.bin
+ 2010-12-11 14:52:08 . 2010-12-11 15:15:07 3388 C:\Windows\SoftwareDistribution\PostRebootEventCache\{33F1F29E-2055-4A0F-AAE3-E2BE882174E0}.bin
- 2010-12-11 14:21:00 . 2010-12-11 14:35:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-11 15:19:32 . 2010-12-11 15:19:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-11 14:21:00 . 2010-12-11 14:35:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-11 15:19:32 . 2010-12-11 15:19:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2007-11-02 09:52:18 . 2010-12-11 14:20:04 3308 C:\Windows\bthservsdp.dat
+ 2007-11-02 09:52:18 . 2010-12-11 15:15:11 3308 C:\Windows\bthservsdp.dat
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 167424 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpipcfg.dll
+ 2010-12-11 14:51:48 . 2010-12-11 14:51:49 816640 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 167424 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpipcfg.dll
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 813568 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
+ 2010-12-11 14:51:47 . 2010-12-11 14:51:47 907832 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
+ 2010-12-11 14:51:47 . 2010-12-11 14:51:47 904776 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
+ 2010-12-11 14:51:44 . 2010-12-11 14:51:44 900696 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
+ 2010-12-11 14:51:46 . 2010-12-11 14:51:46 897624 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\rmcast.sys
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\rmcast.sys
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\rmcast.sys
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\rmcast.sys
+ 2010-12-11 14:51:41 . 2010-12-11 14:51:41 438272 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\IKEEXT.DLL
+ 2010-12-11 14:51:43 . 2010-12-11 14:51:43 595456 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\FWPUCLNT.DLL
+ 2010-12-11 14:51:40 . 2010-12-11 14:51:40 328704 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\BFE.DLL
+ 2010-12-11 14:51:47 . 2010-12-11 14:51:47 416768 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\IKEEXT.DLL
+ 2010-12-11 14:51:48 . 2010-12-11 14:51:48 543232 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\FWPUCLNT.DLL
+ 2010-12-11 14:51:47 . 2010-12-11 14:51:47 317440 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\BFE.DLL
+ 2010-12-11 14:51:43 . 2010-12-11 14:51:43 220248 C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22577_none_56e063cace9d90bd\netio.sys
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 214104 C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21175_none_54f7faccd1790339\netio.sys
+ 2010-12-11 14:53:20 . 2010-12-11 14:53:20 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.22172_none_a65e88df3e466bbf\wmpdxm.dll
+ 2010-12-11 14:53:20 . 2010-12-11 14:53:20 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.18065_none_a5e2bcde251dfc09\wmpdxm.dll
+ 2010-12-11 14:52:54 . 2010-12-11 14:52:54 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.22470_none_a47616634121e3ed\wmpdxm.dll
+ 2010-12-11 14:52:54 . 2010-12-11 14:52:54 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.18289_none_a3eaaa60280446fc\wmpdxm.dll
+ 2010-12-11 14:53:21 . 2010-12-11 14:53:21 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.21083_none_a287deeb4400f10d\wmpdxm.dll
+ 2010-12-11 14:53:21 . 2010-12-11 14:53:21 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.16885_none_a2006a922ae150af\wmpdxm.dll
+ 2010-12-11 14:53:07 . 2010-12-11 14:53:07 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpshare.exe
+ 2010-12-11 14:53:07 . 2010-12-11 14:53:07 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmplayer.exe
+ 2010-12-11 14:53:07 . 2010-12-11 14:53:07 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpconfig.exe
+ 2010-12-11 14:53:13 . 2010-12-11 14:53:13 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpshare.exe
+ 2010-12-11 14:53:14 . 2010-12-11 14:53:14 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmplayer.exe
+ 2010-12-11 14:53:13 . 2010-12-11 14:53:13 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpconfig.exe
+ 2010-12-11 14:52:55 . 2010-12-11 14:52:55 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpshare.exe
+ 2010-12-11 14:52:55 . 2010-12-11 14:52:55 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmplayer.exe
+ 2010-12-11 14:52:54 . 2010-12-11 14:52:54 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpconfig.exe
+ 2010-12-11 14:53:01 . 2010-12-11 14:53:01 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpshare.exe
+ 2010-12-11 14:53:01 . 2010-12-11 14:53:01 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmplayer.exe
+ 2010-12-11 14:53:00 . 2010-12-11 14:53:00 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpconfig.exe
+ 2010-12-11 14:53:25 . 2010-12-11 14:53:25 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpshare.exe
+ 2010-12-11 14:53:25 . 2010-12-11 14:53:25 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmplayer.exe
+ 2010-12-11 14:53:21 . 2010-12-11 14:53:21 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpconfig.exe
+ 2010-12-11 14:53:29 . 2010-12-11 14:53:29 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpshare.exe
+ 2010-12-11 14:53:30 . 2010-12-11 14:53:30 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe
+ 2010-12-11 14:53:29 . 2010-12-11 14:53:29 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpconfig.exe
+ 2010-12-11 14:52:13 . 2010-12-11 14:52:13 162816 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsapi.dll
+ 2010-12-11 14:52:14 . 2010-12-11 14:52:14 162816 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsapi.dll
- 2006-11-02 10:33:01 . 2010-12-11 14:41:30 669060 C:\Windows\System32\perfh009.dat
+ 2006-11-02 10:33:01 . 2010-12-11 15:24:04 669060 C:\Windows\System32\perfh009.dat
- 2006-11-02 15:33:31 . 2010-12-11 14:41:30 712646 C:\Windows\System32\perfh007.dat
+ 2006-11-02 15:33:31 . 2010-12-11 15:24:03 712646 C:\Windows\System32\perfh007.dat
- 2006-11-02 10:33:01 . 2010-12-11 14:41:30 122840 C:\Windows\System32\perfc009.dat
+ 2006-11-02 10:33:01 . 2010-12-11 15:24:03 122840 C:\Windows\System32\perfc009.dat
- 2006-11-02 15:33:31 . 2010-12-11 14:41:30 140490 C:\Windows\System32\perfc007.dat
+ 2006-11-02 15:33:31 . 2010-12-11 15:24:03 140490 C:\Windows\System32\perfc007.dat
+ 2010-12-11 14:52:30 . 2010-12-11 14:52:30 1232384 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sidebar.exe
+ 2010-12-11 14:52:31 . 2010-12-11 14:52:31 1232896 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sidebar.exe
+ 2010-12-11 14:53:10 . 2010-12-11 14:53:12 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmploc.DLL
+ 2010-12-11 14:53:17 . 2010-12-11 14:53:19 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmploc.DLL
+ 2010-12-11 14:52:59 . 2010-12-11 14:53:00 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmploc.DLL
+ 2010-12-11 14:53:05 . 2010-12-11 14:53:06 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmploc.DLL
+ 2010-12-11 14:53:28 . 2010-12-11 14:53:29 8147968 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmploc.DLL
+ 2010-12-11 14:53:31 . 2010-12-11 14:53:31 8147968 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmploc.DLL
+ 2006-11-02 10:22:39 . 2010-12-11 15:20:20 6291456 C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22:39 . 2010-10-08 21:54:22 6291456 C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2010-12-11 15:24:02 . 2010-12-11 15:24:02 6156288 C:\Windows\ERDNT\Hiv-backup\schema.dat
+ 2010-12-11 14:53:08 . 2010-12-11 14:53:08 10628096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmp.dll
+ 2010-12-11 14:53:15 . 2010-12-11 14:53:17 10628096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmp.dll
+ 2010-12-11 14:52:56 . 2010-12-11 14:52:58 10627584 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmp.dll
+ 2010-12-11 14:53:02 . 2010-12-11 14:53:05 10626048 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmp.dll
+ 2010-12-11 14:53:26 . 2010-12-11 14:53:28 10622464 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmp.dll
+ 2010-12-11 14:53:30 . 2010-12-11 14:53:31 10621952 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmp.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36:04 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-30 00:33:32 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-30 00:32:04 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-30 00:32:04 81920]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 10:09:58 311296]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 21:48:01 281768]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 00:12:18 118784]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 09:45:59 215552]
"BDRegion"="C:\Program Files\Cyberlink\Shared files\brs.exe" [2010-08-26 10:18:34 75048]
"NPSStartup"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05:20 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\Windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37:40 932288 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 06:58:00 40368 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-06-10 00:12:18 118784 ----a-w- C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-02 17:05:22 102400 ----a-w- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03:40 152872 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46:36 1135912 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
2007-11-02 12:40:56 36864 ----a-w- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57:24 153136 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32:30 1479680 ----a-w- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-11-18 08:06:44 215944 ----a-w- C:\Program Files\PDF24\pdf24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-09-12 00:29:47 443968 ----a-w- C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader]
C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 21:08:18 417792 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08:56 87336 ------w- C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 03:00:36 132496 ----a-w- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44:11 85160 ----a-w- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3632718627-2461714518-3291536374-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/21 22:36:51];C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 10:18:24 87536]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-02 21:48:01 135336]
R2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [2009-03-31 08:39:36 233472]
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 19:09:28 11032]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 07:07:22 493248]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 00:03:13 28464]
R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 08:39:36 36608]
R3 MODRC;DiBcom Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys [2007-02-06 09:10:58 13440]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-10-30 00:00:32 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-10-30 00:00:32 43904]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 10:33:12 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 10:33:14 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 10:33:12 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 10:33:12 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 10:33:14 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 10:33:12 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 10:33:14 115752]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 09:01:26 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 09:01:26 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 09:01:26 121856]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 00:00:39 812544]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 15:51:06 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 14:34:50 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 14:34:50 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 20:11:44 292128]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 17:52:32 79136]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 11:37:34 722288]
R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2010-06-10 14:29:49 691696]
S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 01:58:45 9344]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.club-vaio.com
IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to Mp3 Converter - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: corel.com
Trusted Zone: corel.com\www
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.ftp - proxy.*******.de
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.*******.de
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.*******.de
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.*******.de
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.*******.de
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Extension: vShare Plugin: vshare@toolbar - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\vshare@toolbar
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-RunOnce-<NO NAME> - (no file)

Alt 11.12.2010, 16:46   #11
markusg
/// Malware-holic
 
Google-Anfragen werden umgeleitet - Standard

Google-Anfragen werden umgeleitet



ich brauch das ganze log der untere teil fehlt
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.12.2010, 16:54   #12
markusg
/// Malware-holic
 
Google-Anfragen werden umgeleitet - Standard

Google-Anfragen werden umgeleitet



und dann gehts weiter.

Start progrmame zubehör editor, erstelle wieder ein neues combofix script.
*** durch nutzername ersetzen
killall::
Rootkit::
C:\Users\*******\AppData\Roaming\inst.exe
Folder::
C:\Users\*******\AppData\Roaming\Yctiop
C:\Users\*******\AppData\Roaming\Yctiop


wieder abspeichern wie das erste script, im abgesicherten modus starten und cfscript auf combofix ziehen, log posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.12.2010, 16:57   #13
need.help
 
Google-Anfragen werden umgeleitet - Standard

Google-Anfragen werden umgeleitet



OK.... das war die vollständige logfile...
oder welcher untere teil fehlt???

hier noch mal die log file - mehr hat er nicht ausgespuckt...



ComboFix 10-12-10.01 - ********* 11.12.2010 16:24:28.6.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3070.2508 [GMT 1:00]
ausgeführt von:: C:\Users\******\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: C:\ComboFix\cfscript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
C:\Program Files\Internet Explorer\complete.dat
C:\Program Files\Internet Explorer\dmlconf.dat
C:\Users\*******\AppData\Roaming\avdrn.dat
C:\Users\*******\AppData\Roaming\inst.exe
C:\Windows\XSxS

.
((((((((((((((((((((((( Dateien erstellt von 2010-11-11 bis 2010-12-11 ))))))))))))))))))))))))))))))
.

2010-12-11 15:30:42 . 2010-12-11 15:30:45 -------- d-----w- C:\Users\*******\AppData\Local\temp
2010-12-11 15:30:42 . 2010-12-11 15:30:42 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-12-10 23:50:07 . 2010-12-10 23:50:07 -------- d-----w- C:\_OTL
2010-12-10 18:26:25 . 2010-12-10 18:26:38 -------- d-----w- C:\Program Files\PDF24
2010-12-09 19:05:30 . 2010-12-09 19:05:44 -------- d-----w- C:\Program Files\windows
2010-11-21 11:46:33 . 2010-11-21 11:46:33 47360 ----a-w- C:\Users\*******\AppData\Roaming\pcouffin.sys
2010-11-21 11:46:32 . 2010-11-21 11:46:33 -------- d-----w- C:\Users\*******\AppData\Roaming\Vso
2010-11-20 11:47:27 . 2010-11-21 11:46:17 -------- d-----w- C:\Program Files\SlySoft

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 21:04:42 . 2010-04-01 09:56:11 135096 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2010-11-22 17:03:57 . 2010-04-01 09:56:11 61960 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2010-10-21 20:32:53 . 2003-03-18 19:14:52 505128 ----a-w- C:\Windows\system32\msvcp71.dll
2010-10-21 20:32:53 . 2003-02-21 03:42:22 353576 ----a-w- C:\Windows\system32\msvcr71.dll
2010-10-01 13:20:50 . 2010-10-12 19:30:36 307200 ----a-w- C:\Windows\system32\TubeFinder.exe
2010-09-15 10:10:20 . 2010-10-12 18:54:35 1700352 ----a-w- C:\Windows\system32\GdiPlus.dll
2010-09-15 10:10:18 . 2010-10-12 18:54:35 24576 ----a-w- C:\Windows\system32\msxml3a.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-11_14.43.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 22016 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\netiougc.exe
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 49152 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\netiomig.dll
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 22016 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\netiougc.exe
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 49152 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\netiomig.dll
+ 2010-12-11 14:52:30 . 2010-12-11 14:52:30 11776 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbunattend.exe
+ 2010-12-11 14:52:30 . 2010-12-11 14:52:30 66048 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbdrop.dll
+ 2010-12-11 14:52:30 . 2010-12-11 14:52:30 11776 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbunattend.exe
+ 2010-12-11 14:52:31 . 2010-12-11 14:52:31 66048 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbdrop.dll
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\wshrm.dll
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\wshrm.dll
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\wshrm.dll
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\wshrm.dll
+ 2010-12-11 14:51:43 . 2010-12-11 14:51:43 98392 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\FWPKCLNT.SYS
+ 2010-12-11 14:51:48 . 2010-12-11 14:51:48 85504 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\FWPKCLNT.SYS
+ 2010-12-11 14:51:46 . 2010-12-11 14:51:46 31232 C:\Windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22283_none_8839cdd01bef0fa3\tcpipreg.sys
+ 2010-12-11 14:51:47 . 2010-12-11 14:51:47 30720 C:\Windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18160_none_87c2cfff02c3ebf2\tcpipreg.sys
+ 2010-12-11 14:52:13 . 2010-12-11 14:52:13 84480 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsrslvr.dll
+ 2010-12-11 14:52:13 . 2010-12-11 14:52:13 24576 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnscacheugc.exe
+ 2010-12-11 14:52:14 . 2010-12-11 14:52:14 83968 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll
+ 2010-12-11 14:52:14 . 2010-12-11 14:52:14 24576 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnscacheugc.exe
+ 2007-11-02 09:04:26 . 2010-12-11 14:48:37 39158 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2007-11-02 09:04:26 . 2010-12-11 14:23:09 39158 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05:11 . 2010-12-11 14:48:39 72912 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-01 10:21:43 . 2010-12-11 15:20:14 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-01 10:21:43 . 2010-12-11 14:21:15 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-01 10:21:43 . 2010-12-11 15:20:14 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-01 10:21:43 . 2010-12-11 14:21:15 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-01 10:21:44 . 2010-12-11 14:21:15 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-01 10:21:44 . 2010-12-11 15:20:14 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-09 10:34:41 . 2010-12-11 14:21:07 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-09 10:34:41 . 2010-12-11 14:46:48 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-09 10:34:41 . 2010-12-11 14:21:07 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-09 10:34:41 . 2010-12-11 14:46:48 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-11 14:53:08 . 2010-12-11 14:53:08 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\spwmp.dll
+ 2010-12-11 14:53:07 . 2010-12-11 14:53:07 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\dxmasf.dll
+ 2010-12-11 14:53:14 . 2010-12-11 14:53:14 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\spwmp.dll
+ 2010-12-11 14:53:13 . 2010-12-11 14:53:13 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\dxmasf.dll
+ 2010-12-11 14:52:55 . 2010-12-11 14:52:55 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\spwmp.dll
+ 2010-12-11 14:52:55 . 2010-12-11 14:52:55 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\dxmasf.dll
+ 2010-12-11 14:53:01 . 2010-12-11 14:53:01 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\spwmp.dll
+ 2010-12-11 14:53:01 . 2010-12-11 14:53:01 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\dxmasf.dll
+ 2010-12-11 14:53:26 . 2010-12-11 14:53:26 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\spwmp.dll
+ 2010-12-11 14:53:25 . 2010-12-11 14:53:25 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\dxmasf.dll
+ 2010-12-11 14:53:30 . 2010-12-11 14:53:30 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\spwmp.dll
+ 2010-12-11 14:53:29 . 2010-12-11 14:53:29 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\dxmasf.dll
+ 2010-04-01 10:26:38 . 2010-12-11 14:48:39 6158 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3632718627-2461714518-3291536374-1000_UserData.bin
- 2010-04-01 10:26:38 . 2010-12-11 14:23:11 6158 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3632718627-2461714518-3291536374-1000_UserData.bin
+ 2010-12-11 14:52:08 . 2010-12-11 15:15:07 3388 C:\Windows\SoftwareDistribution\PostRebootEventCache\{33F1F29E-2055-4A0F-AAE3-E2BE882174E0}.bin
- 2010-12-11 14:21:00 . 2010-12-11 14:35:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-11 15:19:32 . 2010-12-11 15:19:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-11 14:21:00 . 2010-12-11 14:35:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-11 15:19:32 . 2010-12-11 15:19:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2007-11-02 09:52:18 . 2010-12-11 14:20:04 3308 C:\Windows\bthservsdp.dat
+ 2007-11-02 09:52:18 . 2010-12-11 15:15:11 3308 C:\Windows\bthservsdp.dat
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 167424 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpipcfg.dll
+ 2010-12-11 14:51:48 . 2010-12-11 14:51:49 816640 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 167424 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpipcfg.dll
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 813568 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
+ 2010-12-11 14:51:47 . 2010-12-11 14:51:47 907832 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
+ 2010-12-11 14:51:47 . 2010-12-11 14:51:47 904776 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
+ 2010-12-11 14:51:44 . 2010-12-11 14:51:44 900696 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
+ 2010-12-11 14:51:46 . 2010-12-11 14:51:46 897624 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\rmcast.sys
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\rmcast.sys
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\rmcast.sys
+ 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\rmcast.sys
+ 2010-12-11 14:51:41 . 2010-12-11 14:51:41 438272 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\IKEEXT.DLL
+ 2010-12-11 14:51:43 . 2010-12-11 14:51:43 595456 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\FWPUCLNT.DLL
+ 2010-12-11 14:51:40 . 2010-12-11 14:51:40 328704 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\BFE.DLL
+ 2010-12-11 14:51:47 . 2010-12-11 14:51:47 416768 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\IKEEXT.DLL
+ 2010-12-11 14:51:48 . 2010-12-11 14:51:48 543232 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\FWPUCLNT.DLL
+ 2010-12-11 14:51:47 . 2010-12-11 14:51:47 317440 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\BFE.DLL
+ 2010-12-11 14:51:43 . 2010-12-11 14:51:43 220248 C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22577_none_56e063cace9d90bd\netio.sys
+ 2010-12-11 14:51:49 . 2010-12-11 14:51:49 214104 C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21175_none_54f7faccd1790339\netio.sys
+ 2010-12-11 14:53:20 . 2010-12-11 14:53:20 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.22172_none_a65e88df3e466bbf\wmpdxm.dll
+ 2010-12-11 14:53:20 . 2010-12-11 14:53:20 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.18065_none_a5e2bcde251dfc09\wmpdxm.dll
+ 2010-12-11 14:52:54 . 2010-12-11 14:52:54 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.22470_none_a47616634121e3ed\wmpdxm.dll
+ 2010-12-11 14:52:54 . 2010-12-11 14:52:54 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.18289_none_a3eaaa60280446fc\wmpdxm.dll
+ 2010-12-11 14:53:21 . 2010-12-11 14:53:21 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.21083_none_a287deeb4400f10d\wmpdxm.dll
+ 2010-12-11 14:53:21 . 2010-12-11 14:53:21 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.16885_none_a2006a922ae150af\wmpdxm.dll
+ 2010-12-11 14:53:07 . 2010-12-11 14:53:07 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpshare.exe
+ 2010-12-11 14:53:07 . 2010-12-11 14:53:07 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmplayer.exe
+ 2010-12-11 14:53:07 . 2010-12-11 14:53:07 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpconfig.exe
+ 2010-12-11 14:53:13 . 2010-12-11 14:53:13 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpshare.exe
+ 2010-12-11 14:53:14 . 2010-12-11 14:53:14 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmplayer.exe
+ 2010-12-11 14:53:13 . 2010-12-11 14:53:13 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpconfig.exe
+ 2010-12-11 14:52:55 . 2010-12-11 14:52:55 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpshare.exe
+ 2010-12-11 14:52:55 . 2010-12-11 14:52:55 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmplayer.exe
+ 2010-12-11 14:52:54 . 2010-12-11 14:52:54 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpconfig.exe
+ 2010-12-11 14:53:01 . 2010-12-11 14:53:01 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpshare.exe
+ 2010-12-11 14:53:01 . 2010-12-11 14:53:01 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmplayer.exe
+ 2010-12-11 14:53:00 . 2010-12-11 14:53:00 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpconfig.exe
+ 2010-12-11 14:53:25 . 2010-12-11 14:53:25 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpshare.exe
+ 2010-12-11 14:53:25 . 2010-12-11 14:53:25 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmplayer.exe
+ 2010-12-11 14:53:21 . 2010-12-11 14:53:21 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpconfig.exe
+ 2010-12-11 14:53:29 . 2010-12-11 14:53:29 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpshare.exe
+ 2010-12-11 14:53:30 . 2010-12-11 14:53:30 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe
+ 2010-12-11 14:53:29 . 2010-12-11 14:53:29 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpconfig.exe
+ 2010-12-11 14:52:13 . 2010-12-11 14:52:13 162816 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsapi.dll
+ 2010-12-11 14:52:14 . 2010-12-11 14:52:14 162816 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsapi.dll
- 2006-11-02 10:33:01 . 2010-12-11 14:41:30 669060 C:\Windows\System32\perfh009.dat
+ 2006-11-02 10:33:01 . 2010-12-11 15:24:04 669060 C:\Windows\System32\perfh009.dat
- 2006-11-02 15:33:31 . 2010-12-11 14:41:30 712646 C:\Windows\System32\perfh007.dat
+ 2006-11-02 15:33:31 . 2010-12-11 15:24:03 712646 C:\Windows\System32\perfh007.dat
- 2006-11-02 10:33:01 . 2010-12-11 14:41:30 122840 C:\Windows\System32\perfc009.dat
+ 2006-11-02 10:33:01 . 2010-12-11 15:24:03 122840 C:\Windows\System32\perfc009.dat
- 2006-11-02 15:33:31 . 2010-12-11 14:41:30 140490 C:\Windows\System32\perfc007.dat
+ 2006-11-02 15:33:31 . 2010-12-11 15:24:03 140490 C:\Windows\System32\perfc007.dat
+ 2010-12-11 14:52:30 . 2010-12-11 14:52:30 1232384 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sidebar.exe
+ 2010-12-11 14:52:31 . 2010-12-11 14:52:31 1232896 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sidebar.exe
+ 2010-12-11 14:53:10 . 2010-12-11 14:53:12 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmploc.DLL
+ 2010-12-11 14:53:17 . 2010-12-11 14:53:19 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmploc.DLL
+ 2010-12-11 14:52:59 . 2010-12-11 14:53:00 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmploc.DLL
+ 2010-12-11 14:53:05 . 2010-12-11 14:53:06 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmploc.DLL
+ 2010-12-11 14:53:28 . 2010-12-11 14:53:29 8147968 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmploc.DLL
+ 2010-12-11 14:53:31 . 2010-12-11 14:53:31 8147968 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmploc.DLL
+ 2006-11-02 10:22:39 . 2010-12-11 15:20:20 6291456 C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22:39 . 2010-10-08 21:54:22 6291456 C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2010-12-11 15:24:02 . 2010-12-11 15:24:02 6156288 C:\Windows\ERDNT\Hiv-backup\schema.dat
+ 2010-12-11 14:53:08 . 2010-12-11 14:53:08 10628096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmp.dll
+ 2010-12-11 14:53:15 . 2010-12-11 14:53:17 10628096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmp.dll
+ 2010-12-11 14:52:56 . 2010-12-11 14:52:58 10627584 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmp.dll
+ 2010-12-11 14:53:02 . 2010-12-11 14:53:05 10626048 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmp.dll
+ 2010-12-11 14:53:26 . 2010-12-11 14:53:28 10622464 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmp.dll
+ 2010-12-11 14:53:30 . 2010-12-11 14:53:31 10621952 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmp.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36:04 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-30 00:33:32 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-30 00:32:04 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-30 00:32:04 81920]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 10:09:58 311296]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 21:48:01 281768]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 00:12:18 118784]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 09:45:59 215552]
"BDRegion"="C:\Program Files\Cyberlink\Shared files\brs.exe" [2010-08-26 10:18:34 75048]
"NPSStartup"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05:20 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\Windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37:40 932288 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 06:58:00 40368 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-06-10 00:12:18 118784 ----a-w- C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-02 17:05:22 102400 ----a-w- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03:40 152872 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46:36 1135912 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
2007-11-02 12:40:56 36864 ----a-w- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57:24 153136 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32:30 1479680 ----a-w- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-11-18 08:06:44 215944 ----a-w- C:\Program Files\PDF24\pdf24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-09-12 00:29:47 443968 ----a-w- C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader]
C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 21:08:18 417792 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08:56 87336 ------w- C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 03:00:36 132496 ----a-w- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44:11 85160 ----a-w- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3632718627-2461714518-3291536374-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/21 22:36:51];C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 10:18:24 87536]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-02 21:48:01 135336]
R2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [2009-03-31 08:39:36 233472]
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 19:09:28 11032]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 07:07:22 493248]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 00:03:13 28464]
R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 08:39:36 36608]
R3 MODRC;DiBcom Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys [2007-02-06 09:10:58 13440]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-10-30 00:00:32 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-10-30 00:00:32 43904]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 10:33:12 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 10:33:14 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 10:33:12 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 10:33:12 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 10:33:14 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 10:33:12 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 10:33:14 115752]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 09:01:26 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 09:01:26 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 09:01:26 121856]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 00:00:39 812544]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 15:51:06 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 14:34:50 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 14:34:50 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 20:11:44 292128]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 17:52:32 79136]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 11:37:34 722288]
R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2010-06-10 14:29:49 691696]
S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 01:58:45 9344]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.club-vaio.com
IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to Mp3 Converter - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: corel.com
Trusted Zone: corel.com\www
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.ftp - proxy.*******.de
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.*******.de
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.*******.de
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.*******.de
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.*******.de
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Extension: vShare Plugin: vshare@toolbar - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\vshare@toolbar
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-RunOnce-<NO NAME> - (no file)

Alt 11.12.2010, 17:00   #14
need.help
 
Google-Anfragen werden umgeleitet - Standard

Google-Anfragen werden umgeleitet



Habe noch eine Frage...
unter c:\ habe ich diverse neue verlinkungen durch die programme bekommen und viele dateien - unter anderem *.sys dateien, die mehr als 3 gb groß sind...?


www.image-upload.de/file/7Gcw54/bdc17d02f1.jpg


Führe jetzt den schritt durch, den du mir zuletzt genannt hast.

gruß und danke soweit

Geändert von need.help (11.12.2010 um 17:05 Uhr)

Alt 11.12.2010, 17:27   #15
markusg
/// Malware-holic
 
Google-Anfragen werden umgeleitet - Standard

Google-Anfragen werden umgeleitet



hmm merkwürdig das mit der log, erst mal säubern wir den pc dann kommt alles andere :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Google-Anfragen werden umgeleitet
.com, antivir, attackierende, bewusst, computer, forum, frage, fragen, freeware, klick, link, neu, nichts, problem, programme, seite, sicherheitseinstellungen, software, system, trojaner, umgeleitet, viren, webseite, webseiten, werbeseite




Ähnliche Themen: Google-Anfragen werden umgeleitet


  1. Rootkit Trojaner (Google-Anfragen werden weitergeleitet)
    Log-Analyse und Auswertung - 08.08.2013 (11)
  2. Google Verlinkungen werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 08.04.2013 (17)
  3. Google-Links werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (22)
  4. google links werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (6)
  5. Google Ergebnisse werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 12.09.2011 (6)
  6. Dringend! Google Links werden umgeleitet - OTL & GMER werden von Virus beendet
    Plagegeister aller Art und deren Bekämpfung - 25.07.2011 (1)
  7. Google-Ergebnisse werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 08.04.2011 (23)
  8. google links werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 17.03.2011 (18)
  9. Google Ergebnisse werden umgeleitet
    Log-Analyse und Auswertung - 22.11.2010 (9)
  10. Google Suchanfragen werden umgeleitet
    Log-Analyse und Auswertung - 17.11.2010 (19)
  11. Google Suchergebnisse werden umgeleitet
    Log-Analyse und Auswertung - 16.11.2010 (12)
  12. Seitenaufrufe aus Google werden umgeleitet
    Log-Analyse und Auswertung - 05.04.2010 (15)
  13. Google-Anfragen werden umgeleitet (eMule etc.)
    Log-Analyse und Auswertung - 30.05.2009 (3)
  14. Google Links werden umgeleitet
    Log-Analyse und Auswertung - 14.05.2009 (0)
  15. Links in Google werden umgeleitet
    Log-Analyse und Auswertung - 26.12.2008 (1)
  16. Google Links werden umgeleitet
    Log-Analyse und Auswertung - 09.09.2008 (5)
  17. Google links werden umgeleitet
    Log-Analyse und Auswertung - 02.10.2006 (4)

Zum Thema Google-Anfragen werden umgeleitet - Hallo, vorweg - bitte seid nachsichtig, ich bin neu hier im Forum, da ich dringends eure Hilfe benötige... Wie schon im Betreff angekündigt, werden jegliche Google-Suchanfragen zunächst aufgelistet und wenn - Google-Anfragen werden umgeleitet...
Archiv
Du betrachtest: Google-Anfragen werden umgeleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.