| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Active Scan 2.0 findet Trj/Nabload.DMHWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.04.2011, 15:47
| #1 |
 |  Active Scan 2.0 findet Trj/Nabload.DMH Hallo, Avira hat mir vor einigen Tagen ein paar Viren angezeigt. Die hab ich in die Quarantäne verschoben. Nach nem weiteren Durchlauf hat Avira nichts mehr gefunden. Active Scan 2.0 zeigt mir aber wieder was an. Und Malware hat auch irgendwas angezeigt. Kann mir jemand sagen was da los ist? Hier das log-file von Avira: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Donnerstag, 14. April 2011 21:21 Es wird nach 2560826 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : ANNINA-PC Versionsinformationen: BUILD.DAT : 10.0.0.635 31822 Bytes 07.03.2011 12:02:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 09.12.2010 22:46:05 AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16 LUKE.DLL : 10.0.3.2 104296 Bytes 09.12.2010 22:46:05 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 06:35:52 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 20:16:39 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 18:30:08 VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 17:04:08 VBASE004.VDF : 7.11.5.226 2048 Bytes 07.04.2011 17:04:08 VBASE005.VDF : 7.11.5.227 2048 Bytes 07.04.2011 17:04:08 VBASE006.VDF : 7.11.5.228 2048 Bytes 07.04.2011 17:04:08 VBASE007.VDF : 7.11.5.229 2048 Bytes 07.04.2011 17:04:08 VBASE008.VDF : 7.11.5.230 2048 Bytes 07.04.2011 17:04:08 VBASE009.VDF : 7.11.5.231 2048 Bytes 07.04.2011 17:04:08 VBASE010.VDF : 7.11.5.232 2048 Bytes 07.04.2011 17:04:08 VBASE011.VDF : 7.11.5.233 2048 Bytes 07.04.2011 17:04:08 VBASE012.VDF : 7.11.5.234 2048 Bytes 07.04.2011 17:04:08 VBASE013.VDF : 7.11.6.28 158208 Bytes 11.04.2011 19:51:15 VBASE014.VDF : 7.11.6.74 116224 Bytes 13.04.2011 19:20:53 VBASE015.VDF : 7.11.6.113 137728 Bytes 14.04.2011 19:20:53 VBASE016.VDF : 7.11.6.114 2048 Bytes 14.04.2011 19:20:54 VBASE017.VDF : 7.11.6.115 2048 Bytes 14.04.2011 19:20:54 VBASE018.VDF : 7.11.6.116 2048 Bytes 14.04.2011 19:20:54 VBASE019.VDF : 7.11.6.117 2048 Bytes 14.04.2011 19:20:54 VBASE020.VDF : 7.11.6.118 2048 Bytes 14.04.2011 19:20:54 VBASE021.VDF : 7.11.6.119 2048 Bytes 14.04.2011 19:20:54 VBASE022.VDF : 7.11.6.120 2048 Bytes 14.04.2011 19:20:54 VBASE023.VDF : 7.11.6.121 2048 Bytes 14.04.2011 19:20:54 VBASE024.VDF : 7.11.6.122 2048 Bytes 14.04.2011 19:20:54 VBASE025.VDF : 7.11.6.123 2048 Bytes 14.04.2011 19:20:54 VBASE026.VDF : 7.11.6.124 2048 Bytes 14.04.2011 19:20:54 VBASE027.VDF : 7.11.6.125 2048 Bytes 14.04.2011 19:20:55 VBASE028.VDF : 7.11.6.126 2048 Bytes 14.04.2011 19:20:55 VBASE029.VDF : 7.11.6.127 2048 Bytes 14.04.2011 19:20:55 VBASE030.VDF : 7.11.6.128 2048 Bytes 14.04.2011 19:20:55 VBASE031.VDF : 7.11.6.129 2048 Bytes 14.04.2011 19:20:55 Engineversion : 8.2.4.208 AEVDF.DLL : 8.1.2.1 106868 Bytes 02.01.2005 22:17:58 AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 06.04.2011 15:12:52 AESCN.DLL : 8.1.7.2 127349 Bytes 24.11.2010 14:42:37 AESBX.DLL : 8.1.3.2 254324 Bytes 24.11.2010 14:42:37 AERDL.DLL : 8.1.9.9 639347 Bytes 26.03.2011 10:06:42 AEPACK.DLL : 8.2.6.0 549237 Bytes 09.04.2011 17:04:12 AEOFFICE.DLL : 8.1.1.20 205177 Bytes 06.04.2011 15:12:52 AEHEUR.DLL : 8.1.2.98 3441014 Bytes 14.04.2011 19:21:04 AEHELP.DLL : 8.1.16.1 246134 Bytes 04.02.2011 12:49:00 AEGEN.DLL : 8.1.5.4 397684 Bytes 06.04.2011 15:12:50 AEEMU.DLL : 8.1.3.0 393589 Bytes 24.11.2010 14:42:34 AECORE.DLL : 8.1.20.2 196982 Bytes 09.04.2011 17:04:09 AEBB.DLL : 8.1.1.0 53618 Bytes 13.05.2010 15:56:33 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40 AVREG.DLL : 10.0.3.2 53096 Bytes 03.11.2010 21:55:01 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 09.12.2010 22:46:05 AVARKT.DLL : 10.0.22.6 231784 Bytes 09.12.2010 22:46:04 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.58.0 98152 Bytes 03.11.2010 21:54:59 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: mittel Beginn des Suchlaufs: Donnerstag, 14. April 2011 21:21 Der Suchlauf nach versteckten Objekten wird begonnen. HKEY_LOCAL_MACHINE\Software\DeterministicNetworks\DNE\Parameters\symboliclinkvalue [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'WINWORD.EXE' - '127' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'Acrobat.exe' - '173' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '136' Modul(e) wurden durchsucht Durchsuche Prozess 'SPMgr.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'Apntex.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'ApMsgFwd.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'FNPLicensingService.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'VzFw.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'VzCdbSvc.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'xaudio.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'VESMgrSub.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht Durchsuche Prozess 'VCSW.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'VESMgr.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'BtStackServer.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'stacsv.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'sqlwriter.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'sqlservr.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'iviRegMgr.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'cvpnd.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'KHALMNPR.EXE' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'ehmsas.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'SetPoint.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'BTTray.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'ehtray.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'realsched.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'BJMYPRT.EXE' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'Acrotray.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleDesktop.exe' - '92' Modul(e) wurden durchsucht Durchsuche Prozess 'ISBMgr.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'Apoint.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'MSASCui.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'Switcher.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'VAIOUpdt.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '150' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '95' Modul(e) wurden durchsucht Durchsuche Prozess 'vpnagent.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '149' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD2 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1698' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\Users\Annina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\20db519d-1147eafb [0] Archivtyp: ZIP [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/LoadClass.A --> vload.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/LoadClass.A --> vmain.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.DU C:\Users\Annina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7e582e5-648993ee [0] Archivtyp: ZIP [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/LoadClass.A --> vload.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/LoadClass.A --> vmain.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.DU C:\Users\Annina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\425fc2f3-37a3be72 [0] Archivtyp: ZIP [FUND] Enthält Erkennungsmuster des Exploits EXP/Java.2009-3867 --> vmain.class [FUND] Enthält Erkennungsmuster des Exploits EXP/Java.2009-3867 Beginne mit der Desinfektion: C:\Users\Annina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\425fc2f3-37a3be72 [FUND] Enthält Erkennungsmuster des Exploits EXP/Java.2009-3867 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4834c654.qua' verschoben! C:\Users\Annina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7e582e5-648993ee [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.DU [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50a3e83e.qua' verschoben! C:\Users\Annina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\20db519d-1147eafb [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.DU [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '012bb319.qua' verschoben! Ende des Suchlaufs: Donnerstag, 14. April 2011 23:10 Benötigte Zeit: 1:41:48 Stunde(n) Der Suchlauf wurde abgebrochen! 22240 Verzeichnisse wurden überprüft 454914 Dateien wurden geprüft 5 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 3 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 454909 Dateien ohne Befall 3965 Archive wurden durchsucht 0 Warnungen 3 Hinweise 757832 Objekte wurden beim Rootkitscan durchsucht 1 Versteckte Objekte wurden gefunden Malware: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6360 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 14.04.2011 15:44:22 mbam-log-2011-04-14 (15-44-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 335537 Laufzeit: 1 Stunde(n), 56 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\ConnectionsTab (PUM.Hijack.ConnectionControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
15.04.2011, 18:48
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Active Scan 2.0 findet Trj/Nabload.DMH Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
15.04.2011, 18:56
| #3 |
| | Active Scan 2.0 findet Trj/Nabload.DMH Ja, gibt noch mehr. Sogar sehr viele mehr:
__________________Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6345 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 12.04.2011 21:57:28 mbam-log-2011-04-12 (21-57-28).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 158409 Laufzeit: 9 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6239 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 01.04.2011 22:20:37 mbam-log-2011-04-01 (22-20-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 329386 Laufzeit: 1 Stunde(n), 48 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6239 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 01.04.2011 20:20:32 mbam-log-2011-04-01 (20-20-32).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 157586 Laufzeit: 7 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\ConnectionsTab (PUM.Hijack.ConnectionControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6136 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 22.03.2011 23:15:53 mbam-log-2011-03-22 (23-15-53).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 156494 Laufzeit: 9 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) reicht das erst mal? Da sind noch tausend andere... |
|
15.04.2011, 20:39
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Active Scan 2.0 findet Trj/Nabload.DMH Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.04.2011, 21:04
| #5 |
| | Active Scan 2.0 findet Trj/Nabload.DMH Hier die logs:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.04.2011 21:58:27 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Annina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,76 Gb Total Space | 142,21 Gb Free Space | 52,91% Space Free | Partition Type: NTFS
Computer Name: ANNINA-PC | User Name: Annina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A3861D-C6E3-4493-A866-BD618A64FB45}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{0B8A3E48-B58E-46AF-AA5B-98B41CA5DDDC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B3D162D-14FD-49D3-9710-AFD5A63EB375}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{502E95E2-51C2-4705-8522-AB0605324C84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68A37E38-E399-412D-B7D0-D990722FE5C3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7560377E-FD51-4EB4-9579-D705AE5A3838}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{7887E853-0E4F-499C-8E46-402D4B30A7AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{7EAC36C2-92E5-40CC-B802-EE0A88B53B43}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7F867030-CF2E-46B0-AC4D-D8B02A2EC9A7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{8E9D9D8B-E9DC-4B0D-8656-335C19F342C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{93CBFE9C-6427-4741-AC9D-F35EA6DE9FB8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{945B0C5E-F699-4861-BBCF-0285A4B08295}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{96751A25-C1B7-44F3-AE26-CAA51FA6243F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{AC536C05-6215-4DD7-9BF5-C1C6F488F3E9}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{AF6203F0-0910-4219-B517-1B5F3FDE7602}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{B1642060-D314-4AEA-ABA8-58F2E79FA002}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{B2ECA96E-0CF8-4EDE-B593-6623FD9088A1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B7462B2C-18EA-4709-A4C8-B5C144BADBD0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C0F8BE6F-50E1-4B33-A587-C89C53FE2617}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{C62791D9-9A74-41C5-9EB3-EC9D883E83B1}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{C9A4159A-3400-4FB6-B58A-81645F891375}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{CAD21E2B-6025-40A6-A703-C74CD3A13046}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{DC87F57B-3559-4FF5-B58B-A65576B12452}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DFA910D6-AA87-486C-A107-D6A1A3C628D6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E5189368-E525-4648-84BA-226E7D2CC459}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{E7ECB7B7-28AD-4AA7-9972-62A6A115C468}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F8D826AD-4C30-496C-914E-2F57500E38C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{21FAB320-8831-497E-8413-71639EAD0BAC}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{36F3BAA0-FCEC-4A77-8ED8-90BDD495B7A4}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{5F4114BD-3F3F-413E-90E4-0212C3B3710B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{6225F5C5-776B-4191-AFA7-2D8515843392}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{9432E71B-6AB2-4B3A-8146-2774CC70E395}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{9C40C664-B7C8-4380-9B17-0853E2C985C9}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{B2E2A30A-2D88-46AC-A305-23A3822BA338}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{B4C9BC84-64A2-461F-ACFA-910EB3957B0F}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{D385DCDB-0107-4E09-B7F3-BD94F2B61DD5}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{2DE66E86-45D4-4F42-BF19-096B871B7CCD}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{61CC8300-EBBB-4FAD-AAF3-CDB221544019}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{62641FC4-2360-4E41-8C93-0BED0031AA76}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{7EB4F92C-6E6A-41B1-AB5A-B7BA649B899C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{81B37C85-5F15-4168-9987-4D1AF50AD339}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{B3B8082F-4D29-4D03-9A2E-90F0AB94D538}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{CB56AFBF-9CBC-467C-9966-8EB1A8345881}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{CC17E8D5-BB7D-4A1F-BFBE-EDA0ED764309}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{D42C51D2-C9F5-4117-9314-4E619819B6C9}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.1203
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{13800ED7-C5CA-35FB-A612-2296DEF19BB0}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - DEU
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{38C7CB9E-1451-38D5-BB97-B7FC59E1A8B8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - deu
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{530AFAFF-6F0A-48BB-88D0-04F9658322D3}" = Adobe Premiere Elements 3.0.2
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer VAIO Content Exporter
"{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}" = VAIO Content Metadata XML Interface Library
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6110F38A-5BE6-4199-AC96-D2DD6B4A3ADE}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6EACDDF4-4220-49A3-9204-984C86852C3D}" = Adobe Premiere Elements 3.0.2 Templates
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FC56444-161D-43B4-A662-F18F2E4A2A32}" = VAIO Content Metadata Manager Setting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92F8615C-43B7-4925-8457-B6D004E8D478}" = VAIO Content Metadata XML Interface Library
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" =
"{B06FE058-3C46-40D1-9298-E43CB6CA35C9}" = Click to DVD Menu Data 1.0 for BD
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E4D96ABB-E0D8-4CA4-856E-A2703F5490F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E6BF9670-C9E9-461A-9B14-B5ADAC3176CF}" = Cisco AnyConnect VPN Client
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD BD 3.0.23
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EBE55E74-AF94-47BB-849B-C79F236C65F4}" = VAIO Movie Story
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.1.5 Standard
"Adobe Acrobat 8 Standard - English, Français, Deutsch_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Big Fish Games Center" = Big Fish Games Center
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Canon iP4500 series Benutzerregistrierung" = Canon iP4500 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dt icon module" =
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"eBay HTML" =
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"gtfirstboot Setting Request" =
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - DEU" = Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Picasa 3" = Picasa 3
"PremElem30" = Adobe Premiere Elements 3.0.2
"RealPlayer 12.0" = RealPlayer
"SpeedFan" = SpeedFan (remove only)
"VAIO Help and Support" =
"VAIO MFU Module" =
"VAIO Xblack Contents" = VAIO Xblack Contents
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.5
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.04.2010 04:00:05 | Computer Name = Annina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14071
Error - 15.04.2010 04:00:06 | Computer Name = Annina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.04.2010 04:00:06 | Computer Name = Annina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15070
Error - 15.04.2010 04:00:06 | Computer Name = Annina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15070
Error - 15.04.2010 05:24:41 | Computer Name = Annina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.04.2010 05:24:41 | Computer Name = Annina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1388
Error - 15.04.2010 05:24:41 | Computer Name = Annina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1388
Error - 15.04.2010 05:24:42 | Computer Name = Annina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.04.2010 05:24:42 | Computer Name = Annina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2511
Error - 15.04.2010 05:24:42 | Computer Name = Annina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2511
[ Cisco AnyConnect VPN Client Events ]
Error - 15.04.2011 07:52:04 | Computer Name = Annina-PC | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::writeSocket File: .\IPC\SocketTransport.cpp
Line:
916 Invoked Function: internalWriteSocket Return Code: -31522805 (0xFE1F000B) Description:
SOCKETTRANSPORT_ERROR_WRITE
Error - 15.04.2011 07:52:04 | Computer Name = Annina-PC | Source = vpnagent | ID = 67108866
Description = Function: CTlsProtocol::flushNetworkBio File: .\TlsProtocol.cpp Line:
973 Invoked Function: CSocketTransport::writeSocket Return Code: -31522805 (0xFE1F000B)
Description:
SOCKETTRANSPORT_ERROR_WRITE
Error - 15.04.2011 07:52:04 | Computer Name = Annina-PC | Source = vpnagent | ID = 67108866
Description = Function: CTlsProtocol::writeTunnel File: .\TlsProtocol.cpp Line: 399
Invoked
Function: flushNetworkBio Return Code: -31522805 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 15.04.2011 07:52:04 | Computer Name = Annina-PC | Source = vpnagent | ID = 67108866
Description = Function: CCstpProtocol::sendControlFrame File: .\CstpProtocol.cpp Line:
1592 Invoked Function: CSslProtocol::writeTunnel Return Code: -31522805 (0xFE1F000B)
Description:
SOCKETTRANSPORT_ERROR_WRITE
Error - 15.04.2011 07:52:04 | Computer Name = Annina-PC | Source = vpnagent | ID = 67108866
Description = Function: CCstpProtocol::sendCloseMessage File: .\CstpProtocol.cpp Line:
2403 Invoked Function: CCstpProtocol::sendControlFrame Return Code: -31522805 (0xFE1F000B)
Description:
SOCKETTRANSPORT_ERROR_WRITE
Error - 15.04.2011 07:52:04 | Computer Name = Annina-PC | Source = vpnagent | ID = 67108866
Description = Function: CCstpProtocol::terminateTunnel File: .\CstpProtocol.cpp Line:
502 Invoked Function: CCstpProtocol::sendCloseMessage Return Code: -31522805 (0xFE1F000B)
Description:
SOCKETTRANSPORT_ERROR_WRITE
Error - 15.04.2011 07:52:04 | Computer Name = Annina-PC | Source = vpnagent | ID = 67108866
Description = Function: CTcpTransport::internalWriteSocket File: .\IPC\SocketTransport.cpp
Line:
1757 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
Verbindung wurde vom Remotehost geschlossen.
Error - 15.04.2011 07:52:04 | Computer Name = Annina-PC | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::writeSocket File: .\IPC\SocketTransport.cpp
Line:
916 Invoked Function: internalWriteSocket Return Code: -31522805 (0xFE1F000B) Description:
SOCKETTRANSPORT_ERROR_WRITE
Error - 15.04.2011 07:52:04 | Computer Name = Annina-PC | Source = vpnagent | ID = 67108866
Description = Function: CTlsProtocol::flushNetworkBio File: .\TlsProtocol.cpp Line:
987 Invoked Function: CSocketTransport::writeSocket Return Code: -31522805 (0xFE1F000B)
Description:
SOCKETTRANSPORT_ERROR_WRITE
Error - 15.04.2011 07:52:04 | Computer Name = Annina-PC | Source = vpnagent | ID = 67108866
Description = Function: CTlsProtocol::terminateTunnel File: .\TlsProtocol.cpp Line:
435 Invoked Function: flushNetworkBio Return Code: -31522805 (0xFE1F000B) Description:
SOCKETTRANSPORT_ERROR_WRITE
[ OSession Events ]
Error - 14.02.2011 17:07:04 | Computer Name = Annina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9872
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14.04.2011 02:15:44 | Computer Name = Annina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.04.2011 02:16:34 | Computer Name = Annina-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 14.04.2011 02:16:34 | Computer Name = Annina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.04.2011 06:16:14 | Computer Name = Annina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.04.2011 09:48:59 | Computer Name = Annina-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 14.04.2011 09:48:59 | Computer Name = Annina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.04.2011 01:36:51 | Computer Name = Annina-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 15.04.2011 01:36:51 | Computer Name = Annina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.04.2011 05:48:19 | Computer Name = Annina-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 15.04.2011 05:48:19 | Computer Name = Annina-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.04.2011 21:58:27 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Annina\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 268,76 Gb Total Space | 142,21 Gb Free Space | 52,91% Space Free | Partition Type: NTFS Computer Name: ANNINA-PC | User Name: Annina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Annina\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Annina\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (hcw66xxx) -- C:\Windows\System32\drivers\hcw66xxx.sys (Hauppauge Computer Works, Inc.) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh) DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation) DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.5 FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.1 FF - prefs.js..network.proxy.backup.ftp: "www-cache.uni-mannheim.de" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.gopher: "www-cache.uni-mannheim.de" FF - prefs.js..network.proxy.backup.gopher_port: 3128 FF - prefs.js..network.proxy.backup.socks: "www-cache.uni-mannheim.de" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "www-cache.uni-mannheim.de" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "www-cache.uni-mannheim.de" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "www-cache.uni-mannheim.de" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "www-cache.uni-mannheim.de" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "www-cache.uni-mannheim.de" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "www-cache.uni-mannheim.de" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.16 22:14:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.23 21:49:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.23 21:49:29 | 000,000,000 | ---D | M] [2008.06.21 15:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annina\AppData\Roaming\mozilla\Extensions [2011.04.15 17:52:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annina\AppData\Roaming\mozilla\Firefox\Profiles\trrruo5j.default\extensions [2010.08.28 19:26:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Annina\AppData\Roaming\mozilla\Firefox\Profiles\trrruo5j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.11 20:08:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Annina\AppData\Roaming\mozilla\Firefox\Profiles\trrruo5j.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.04.05 09:29:34 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Annina\AppData\Roaming\mozilla\Firefox\Profiles\trrruo5j.default\extensions\zotero@chnm.gmu.edu [2011.04.03 12:35:40 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Users\Annina\AppData\Roaming\mozilla\Firefox\Profiles\trrruo5j.default\extensions\zoteroWinWordIntegration@zotero.org [2009.03.27 22:13:23 | 000,004,140 | ---- | M] () -- C:\Users\Annina\AppData\Roaming\Mozilla\Firefox\Profiles\trrruo5j.default\searchplugins\youtube.xml [2011.03.02 15:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.10.21 00:33:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.13 16:04:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.02 15:47:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.12.16 22:14:13 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2008.02.04 18:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2005.01.03 00:37:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2005.01.03 00:37:50 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2005.01.03 00:37:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2005.01.03 00:37:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2005.01.03 00:37:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Annina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Annina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{06982c9a-af5e-11de-9e9c-001bfb8cc560}\Shell\AutoRun\command - "" = WDSetup.exe O33 - MountPoints2\{67b5b23d-9147-11dd-a47d-00059a3c7800}\Shell\Auto\command - "" = msnmsgr_plus.exe O33 - MountPoints2\{67b5b23d-9147-11dd-a47d-00059a3c7800}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr_plus.exe O33 - MountPoints2\{9ee3ef62-decd-11df-ac92-001bfb8cc560}\Shell - "" = AutoRun O33 - MountPoints2\{9ee3ef62-decd-11df-ac92-001bfb8cc560}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{b37ad6be-d1e7-11dd-99b7-001bfb8cc560}\Shell\Auto\command - "" = msnmsgr_plus.exe O33 - MountPoints2\{b37ad6be-d1e7-11dd-99b7-001bfb8cc560}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr_plus.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.15 21:56:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Annina\Desktop\OTL.exe [2011.04.13 21:54:37 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.13 21:54:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.13 21:54:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.13 21:54:31 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.13 21:54:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.13 21:54:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.13 21:54:31 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.13 21:54:31 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.13 21:54:31 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.13 21:54:31 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.13 21:54:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.13 21:54:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.13 21:54:31 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.13 21:54:31 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.13 21:54:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.13 21:54:31 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.13 21:54:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.13 21:54:30 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.13 21:54:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.13 21:54:26 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.13 21:54:25 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 21:54:21 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.13 21:54:20 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.13 21:54:16 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.13 21:54:16 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.09 23:17:21 | 000,029,272 | R--- | C] (Adobe Systems Incorporated.) -- C:\Windows\System32\AdobePDF.dll [2011.03.23 18:45:27 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.23 18:45:26 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll ========== Files - Modified Within 30 Days ========== [2011.04.15 21:57:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Annina\Desktop\OTL.exe [2011.04.15 21:47:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.15 21:47:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.15 21:19:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4135678904-582703395-1593682083-1000UA.job [2011.04.15 21:11:59 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.15 18:12:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.15 16:57:39 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.15 11:48:05 | 000,236,110 | ---- | M] () -- C:\Users\Annina\AppData\Roaming\nvModes.001 [2011.04.15 11:46:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.15 11:46:39 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2011.04.15 08:10:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.15 07:42:36 | 000,661,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.15 07:42:35 | 000,694,054 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.15 07:42:35 | 000,150,662 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.15 07:42:35 | 000,128,472 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.14 22:01:44 | 001,081,984 | ---- | M] () -- C:\Users\Annina\Desktop\Exploring Second Life.pdf [2011.04.14 12:15:44 | 000,337,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.13 22:52:40 | 000,418,121 | ---- | M] () -- C:\Users\Annina\Desktop\Performance Analysis of Random-Based Mobility Models in MANET Routing Protocol.pdf [2011.04.12 23:19:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4135678904-582703395-1593682083-1000Core.job [2011.04.08 19:46:04 | 000,236,110 | ---- | M] () -- C:\Users\Annina\AppData\Roaming\nvModes.dat [2011.03.25 16:20:01 | 000,002,047 | ---- | M] () -- C:\Users\Annina\Desktop\Google Chrome.lnk [2011.03.21 15:23:39 | 000,086,016 | ---- | M] () -- C:\Users\Annina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.20 17:10:33 | 129,683,196 | ---- | M] () -- C:\Users\Annina\Desktop\PROFESSIONal on Vimeo.mp4 [2011.03.19 00:17:02 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys ========== Files Created - No Company Name ========== [2011.04.14 22:01:43 | 001,081,984 | ---- | C] () -- C:\Users\Annina\Desktop\Exploring Second Life.pdf [2011.04.13 22:52:40 | 000,418,121 | ---- | C] () -- C:\Users\Annina\Desktop\Performance Analysis of Random-Based Mobility Models in MANET Routing Protocol.pdf [2011.03.20 17:09:20 | 129,683,196 | ---- | C] () -- C:\Users\Annina\Desktop\PROFESSIONal on Vimeo.mp4 [2010.09.08 22:43:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.16 20:43:13 | 000,000,760 | ---- | C] () -- C:\Users\Annina\AppData\Roaming\setup_ldm.iss [2010.05.12 10:49:25 | 000,000,036 | ---- | C] () -- C:\Users\Annina\AppData\Local\housecall.guid.cache [2010.01.13 19:17:03 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.01.13 19:17:03 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.11.14 17:06:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.11.13 22:56:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.11.13 22:56:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2008.06.24 19:42:29 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini [2008.06.24 19:41:37 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE [2008.06.24 19:40:31 | 000,032,825 | ---- | C] () -- C:\Windows\Irremote.ini [2008.06.24 19:40:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2008.06.24 19:39:15 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2008.06.24 19:39:13 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2008.06.24 19:38:04 | 000,004,529 | ---- | C] () -- C:\Windows\HCWPNP.INI [2008.06.22 16:29:55 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008.03.28 21:24:40 | 000,086,016 | ---- | C] () -- C:\Users\Annina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.28 21:24:40 | 000,002,032 | ---- | C] () -- C:\Users\Annina\AppData\Local\d3d9caps.dat [2008.03.28 21:24:22 | 000,236,110 | ---- | C] () -- C:\Users\Annina\AppData\Roaming\nvModes.dat [2008.03.28 21:24:22 | 000,236,110 | ---- | C] () -- C:\Users\Annina\AppData\Roaming\nvModes.001 [2007.10.26 14:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2007.08.11 10:00:57 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2007.08.11 09:49:39 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2007.08.11 09:42:02 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll [2007.07.20 15:34:23 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.07.20 15:29:30 | 000,000,032 | ---- | C] () -- C:\Windows\System32\elcric.dat [2007.06.22 10:34:44 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007.06.11 13:09:39 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2007.06.11 13:09:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2007.06.11 13:08:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2007.04.16 03:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin [2006.11.02 17:33:31 | 000,694,054 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,150,662 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,337,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,661,308 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,128,472 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys < End of report > |
|
15.04.2011, 21:13
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Active Scan 2.0 findet Trj/Nabload.DMH Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{06982c9a-af5e-11de-9e9c-001bfb8cc560}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{67b5b23d-9147-11dd-a47d-00059a3c7800}\Shell\Auto\command - "" = msnmsgr_plus.exe
O33 - MountPoints2\{67b5b23d-9147-11dd-a47d-00059a3c7800}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr_plus.exe
O33 - MountPoints2\{9ee3ef62-decd-11df-ac92-001bfb8cc560}\Shell - "" = AutoRun
O33 - MountPoints2\{9ee3ef62-decd-11df-ac92-001bfb8cc560}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b37ad6be-d1e7-11dd-99b7-001bfb8cc560}\Shell\Auto\command - "" = msnmsgr_plus.exe
O33 - MountPoints2\{b37ad6be-d1e7-11dd-99b7-001bfb8cc560}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr_plus.exe
O4 - HKLM..\Run: [] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Active Scan 2.0 findet Trj/Nabload.DMH |
|
16.04.2011, 09:22
| #7 |
| | Active Scan 2.0 findet Trj/Nabload.DMH Hier das logfile: All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06982c9a-af5e-11de-9e9c-001bfb8cc560}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06982c9a-af5e-11de-9e9c-001bfb8cc560}\ not found. File WDSetup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67b5b23d-9147-11dd-a47d-00059a3c7800}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67b5b23d-9147-11dd-a47d-00059a3c7800}\ not found. File msnmsgr_plus.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67b5b23d-9147-11dd-a47d-00059a3c7800}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67b5b23d-9147-11dd-a47d-00059a3c7800}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr_plus.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ee3ef62-decd-11df-ac92-001bfb8cc560}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ee3ef62-decd-11df-ac92-001bfb8cc560}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ee3ef62-decd-11df-ac92-001bfb8cc560}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ee3ef62-decd-11df-ac92-001bfb8cc560}\ not found. File H:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b37ad6be-d1e7-11dd-99b7-001bfb8cc560}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b37ad6be-d1e7-11dd-99b7-001bfb8cc560}\ not found. File msnmsgr_plus.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b37ad6be-d1e7-11dd-99b7-001bfb8cc560}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b37ad6be-d1e7-11dd-99b7-001bfb8cc560}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr_plus.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Annina ->Temp folder emptied: 87484973 bytes ->Temporary Internet Files folder emptied: 4354166 bytes ->Java cache emptied: 26506576 bytes ->FireFox cache emptied: 115971666 bytes ->Google Chrome cache emptied: 9723454 bytes ->Flash cache emptied: 6601 bytes User: Default ->Temp folder emptied: 16384 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 157 bytes User: Default User User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5420423 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 238,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04162011_101721 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
16.04.2011, 12:07
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Active Scan 2.0 findet Trj/Nabload.DMH Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.04.2011, 12:20
| #9 |
| | Active Scan 2.0 findet Trj/Nabload.DMH Hab ich gemacht und das Teil hat nichts gefunden. 2011/04/16 13:18:08.0731 4956 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/16 13:18:09.0025 4956 ================================================================================ 2011/04/16 13:18:09.0025 4956 SystemInfo: 2011/04/16 13:18:09.0025 4956 2011/04/16 13:18:09.0025 4956 OS Version: 6.0.6002 ServicePack: 2.0 2011/04/16 13:18:09.0025 4956 Product type: Workstation 2011/04/16 13:18:09.0025 4956 ComputerName: ANNINA-PC 2011/04/16 13:18:09.0026 4956 UserName: Annina 2011/04/16 13:18:09.0026 4956 Windows directory: C:\Windows 2011/04/16 13:18:09.0026 4956 System windows directory: C:\Windows 2011/04/16 13:18:09.0026 4956 Processor architecture: Intel x86 2011/04/16 13:18:09.0026 4956 Number of processors: 2 2011/04/16 13:18:09.0026 4956 Page size: 0x1000 2011/04/16 13:18:09.0026 4956 Boot type: Normal boot 2011/04/16 13:18:09.0026 4956 ================================================================================ 2011/04/16 13:18:09.0734 4956 Initialize success 2011/04/16 13:18:15.0500 4424 ================================================================================ 2011/04/16 13:18:15.0500 4424 Scan started 2011/04/16 13:18:15.0500 4424 Mode: Manual; 2011/04/16 13:18:15.0500 4424 ================================================================================ 2011/04/16 13:18:17.0033 4424 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/04/16 13:18:17.0375 4424 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/04/16 13:18:17.0723 4424 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/04/16 13:18:17.0935 4424 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/04/16 13:18:18.0030 4424 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/04/16 13:18:18.0237 4424 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/04/16 13:18:18.0322 4424 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/04/16 13:18:18.0421 4424 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/16 13:18:18.0587 4424 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/04/16 13:18:18.0660 4424 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/04/16 13:18:18.0731 4424 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/04/16 13:18:18.0815 4424 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/04/16 13:18:18.0979 4424 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/04/16 13:18:19.0260 4424 ApfiltrService (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32\DRIVERS\Apfiltr.sys 2011/04/16 13:18:19.0532 4424 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/04/16 13:18:19.0686 4424 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/04/16 13:18:19.0814 4424 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/16 13:18:19.0982 4424 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/04/16 13:18:20.0512 4424 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/04/16 13:18:20.0804 4424 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/16 13:18:20.0990 4424 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/16 13:18:21.0261 4424 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/04/16 13:18:21.0882 4424 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/16 13:18:21.0979 4424 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/16 13:18:22.0246 4424 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/16 13:18:22.0486 4424 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/16 13:18:22.0730 4424 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/16 13:18:22.0892 4424 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/16 13:18:23.0006 4424 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/16 13:18:23.0699 4424 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/04/16 13:18:23.0836 4424 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/04/16 13:18:23.0939 4424 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 2011/04/16 13:18:24.0121 4424 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys 2011/04/16 13:18:24.0272 4424 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys 2011/04/16 13:18:24.0416 4424 btwaudio (6ca69fa57cf251e890105923ad215b99) C:\Windows\system32\drivers\btwaudio.sys 2011/04/16 13:18:24.0515 4424 btwavdt (12b4a9afa82bfe5a7d8819bf7ae20601) C:\Windows\system32\drivers\btwavdt.sys 2011/04/16 13:18:24.0789 4424 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys 2011/04/16 13:18:24.0922 4424 btwrchid (d5e554f6c1a3baeb79daf9e1684f8102) C:\Windows\system32\DRIVERS\btwrchid.sys 2011/04/16 13:18:25.0024 4424 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/16 13:18:25.0143 4424 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/16 13:18:25.0471 4424 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/04/16 13:18:25.0634 4424 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/04/16 13:18:25.0795 4424 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/16 13:18:25.0918 4424 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/04/16 13:18:25.0999 4424 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/16 13:18:26.0189 4424 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/04/16 13:18:26.0434 4424 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/04/16 13:18:26.0693 4424 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 2011/04/16 13:18:26.0887 4424 CVPNDRVA (8a15d7bd4cf1a8ccd7c65f7349f22e35) C:\Windows\system32\Drivers\CVPNDRVA.sys 2011/04/16 13:18:27.0181 4424 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/04/16 13:18:27.0469 4424 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/04/16 13:18:27.0581 4424 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys 2011/04/16 13:18:27.0743 4424 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys 2011/04/16 13:18:27.0877 4424 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 2011/04/16 13:18:28.0005 4424 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 2011/04/16 13:18:28.0245 4424 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 2011/04/16 13:18:28.0366 4424 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/04/16 13:18:28.0602 4424 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/16 13:18:28.0822 4424 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/16 13:18:29.0060 4424 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/04/16 13:18:29.0240 4424 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/04/16 13:18:29.0513 4424 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/04/16 13:18:29.0617 4424 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/04/16 13:18:29.0726 4424 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/16 13:18:29.0820 4424 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/04/16 13:18:29.0916 4424 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/04/16 13:18:30.0251 4424 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/16 13:18:30.0404 4424 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/04/16 13:18:30.0499 4424 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/16 13:18:30.0599 4424 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/16 13:18:30.0859 4424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2011/04/16 13:18:31.0131 4424 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys 2011/04/16 13:18:31.0350 4424 hcw66xxx (081c32475cfc1aa48e281d5d2dd24c68) C:\Windows\system32\Drivers\hcw66xxx.sys 2011/04/16 13:18:31.0724 4424 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/04/16 13:18:32.0004 4424 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/16 13:18:32.0294 4424 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/04/16 13:18:32.0354 4424 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/04/16 13:18:32.0672 4424 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/16 13:18:32.0867 4424 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/04/16 13:18:33.0221 4424 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/04/16 13:18:33.0688 4424 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/04/16 13:18:34.0010 4424 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/04/16 13:18:34.0198 4424 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/04/16 13:18:34.0571 4424 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/04/16 13:18:34.0867 4424 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/16 13:18:35.0088 4424 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys 2011/04/16 13:18:35.0499 4424 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/04/16 13:18:35.0741 4424 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/16 13:18:35.0857 4424 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/04/16 13:18:36.0053 4424 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/16 13:18:36.0142 4424 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/16 13:18:36.0286 4424 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/16 13:18:36.0377 4424 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/16 13:18:36.0491 4424 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/04/16 13:18:36.0602 4424 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/04/16 13:18:36.0669 4424 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/16 13:18:36.0707 4424 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/16 13:18:36.0795 4424 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/16 13:18:36.0902 4424 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/16 13:18:36.0989 4424 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/16 13:18:37.0080 4424 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/16 13:18:37.0282 4424 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys 2011/04/16 13:18:37.0362 4424 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/16 13:18:37.0430 4424 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys 2011/04/16 13:18:37.0499 4424 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/16 13:18:37.0638 4424 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/16 13:18:37.0704 4424 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/16 13:18:37.0780 4424 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/04/16 13:18:37.0887 4424 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys 2011/04/16 13:18:37.0997 4424 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/04/16 13:18:38.0103 4424 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/04/16 13:18:38.0192 4424 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/04/16 13:18:38.0304 4424 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/16 13:18:38.0365 4424 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/16 13:18:38.0429 4424 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/16 13:18:38.0514 4424 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/04/16 13:18:38.0643 4424 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/04/16 13:18:38.0906 4424 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/16 13:18:38.0989 4424 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/16 13:18:39.0106 4424 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/04/16 13:18:39.0202 4424 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/16 13:18:39.0320 4424 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/16 13:18:39.0365 4424 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/16 13:18:39.0414 4424 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/04/16 13:18:39.0495 4424 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/04/16 13:18:39.0578 4424 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/04/16 13:18:39.0648 4424 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/04/16 13:18:39.0715 4424 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/16 13:18:39.0786 4424 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/16 13:18:39.0842 4424 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/04/16 13:18:39.0947 4424 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/04/16 13:18:40.0020 4424 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/16 13:18:40.0135 4424 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/04/16 13:18:40.0305 4424 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/04/16 13:18:40.0406 4424 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/16 13:18:40.0499 4424 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/04/16 13:18:40.0667 4424 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/16 13:18:40.0758 4424 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/16 13:18:40.0839 4424 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/16 13:18:40.0914 4424 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/04/16 13:18:41.0044 4424 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/16 13:18:41.0112 4424 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/16 13:18:41.0377 4424 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys 2011/04/16 13:18:41.0567 4424 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/16 13:18:41.0684 4424 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/04/16 13:18:41.0772 4424 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/16 13:18:41.0909 4424 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/04/16 13:18:42.0054 4424 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/16 13:18:42.0161 4424 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/04/16 13:18:42.0424 4424 nvlddmkm (39d8f5a92427c57309355199592ead9f) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/04/16 13:18:42.0695 4424 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/04/16 13:18:42.0789 4424 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/04/16 13:18:42.0873 4424 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/04/16 13:18:43.0130 4424 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/16 13:18:43.0246 4424 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/04/16 13:18:43.0314 4424 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/04/16 13:18:43.0372 4424 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/04/16 13:18:43.0467 4424 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys 2011/04/16 13:18:43.0547 4424 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/04/16 13:18:43.0650 4424 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 2011/04/16 13:18:43.0788 4424 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/04/16 13:18:44.0036 4424 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/16 13:18:44.0335 4424 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/16 13:18:44.0406 4424 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/04/16 13:18:44.0529 4424 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/16 13:18:44.0620 4424 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys 2011/04/16 13:18:44.0783 4424 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/04/16 13:18:44.0905 4424 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/16 13:18:45.0018 4424 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/16 13:18:45.0134 4424 R5U870FLx86 (9ac8ac6cd00100443ea6afd0a4ade8f7) C:\Windows\system32\Drivers\R5U870FLx86.sys 2011/04/16 13:18:45.0222 4424 R5U870FUx86 (1ae358affffd13bf6ec7dc72dccfac12) C:\Windows\system32\Drivers\R5U870FUx86.sys 2011/04/16 13:18:45.0280 4424 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/16 13:18:45.0363 4424 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/16 13:18:45.0479 4424 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/16 13:18:45.0571 4424 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/16 13:18:45.0684 4424 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/16 13:18:45.0777 4424 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/16 13:18:45.0893 4424 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/04/16 13:18:45.0954 4424 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/16 13:18:46.0085 4424 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/04/16 13:18:46.0215 4424 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys 2011/04/16 13:18:46.0351 4424 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/04/16 13:18:46.0476 4424 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys 2011/04/16 13:18:46.0557 4424 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/16 13:18:46.0662 4424 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/16 13:18:46.0803 4424 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/16 13:18:46.0888 4424 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/04/16 13:18:46.0966 4424 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/04/16 13:18:47.0061 4424 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/04/16 13:18:47.0205 4424 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 2011/04/16 13:18:47.0289 4424 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/16 13:18:47.0349 4424 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/16 13:18:47.0402 4424 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/04/16 13:18:47.0470 4424 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/04/16 13:18:47.0538 4424 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/04/16 13:18:47.0620 4424 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/04/16 13:18:47.0712 4424 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/04/16 13:18:47.0799 4424 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys 2011/04/16 13:18:47.0892 4424 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys 2011/04/16 13:18:47.0997 4424 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/04/16 13:18:48.0130 4424 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/04/16 13:18:48.0213 4424 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/16 13:18:48.0284 4424 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/16 13:18:48.0386 4424 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/04/16 13:18:48.0532 4424 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys 2011/04/16 13:18:48.0655 4424 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/16 13:18:48.0752 4424 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/16 13:18:48.0848 4424 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/16 13:18:48.0923 4424 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/16 13:18:49.0052 4424 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/04/16 13:18:49.0195 4424 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/16 13:18:49.0317 4424 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/16 13:18:49.0382 4424 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/04/16 13:18:49.0463 4424 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/04/16 13:18:49.0582 4424 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/16 13:18:49.0699 4424 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/16 13:18:49.0811 4424 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys 2011/04/16 13:18:50.0018 4424 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/16 13:18:50.0144 4424 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/16 13:18:50.0202 4424 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/16 13:18:50.0292 4424 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/04/16 13:18:50.0383 4424 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/16 13:18:50.0485 4424 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/16 13:18:50.0602 4424 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/04/16 13:18:50.0695 4424 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/16 13:18:50.0778 4424 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/16 13:18:50.0858 4424 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/16 13:18:51.0020 4424 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 2011/04/16 13:18:51.0135 4424 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2011/04/16 13:18:51.0226 4424 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/16 13:18:51.0357 4424 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/16 13:18:51.0420 4424 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/16 13:18:51.0524 4424 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/16 13:18:51.0592 4424 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/04/16 13:18:51.0708 4424 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/16 13:18:51.0781 4424 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/04/16 13:18:51.0866 4424 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/16 13:18:51.0942 4424 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/16 13:18:52.0094 4424 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/04/16 13:18:52.0310 4424 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/16 13:18:52.0394 4424 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/04/16 13:18:52.0444 4424 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/04/16 13:18:52.0540 4424 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/04/16 13:18:52.0603 4424 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/04/16 13:18:52.0698 4424 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/04/16 13:18:52.0785 4424 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/04/16 13:18:52.0906 4424 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/04/16 13:18:53.0033 4424 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys 2011/04/16 13:18:53.0134 4424 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/04/16 13:18:53.0263 4424 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/16 13:18:53.0344 4424 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/16 13:18:53.0361 4424 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/16 13:18:53.0470 4424 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/04/16 13:18:53.0565 4424 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/16 13:18:53.0816 4424 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys 2011/04/16 13:18:53.0885 4424 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/04/16 13:18:54.0033 4424 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2011/04/16 13:18:54.0132 4424 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/16 13:18:54.0260 4424 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/16 13:18:54.0312 4424 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys 2011/04/16 13:18:54.0419 4424 yukonwlh (7927e830ecde6db3682cc319bad26984) C:\Windows\system32\DRIVERS\yk60x86.sys 2011/04/16 13:18:54.0488 4424 ================================================================================ 2011/04/16 13:18:54.0488 4424 Scan finished 2011/04/16 13:18:54.0488 4424 ================================================================================ |
|
16.04.2011, 14:08
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Active Scan 2.0 findet Trj/Nabload.DMH Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.04.2011, 20:22
| #11 |
| | Active Scan 2.0 findet Trj/Nabload.DMH So, hier das nächste log: Combofix Logfile: Code:
ATTFilter ComboFix 11-04-15.06 - Annina 16.04.2011 20:56:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1175 [GMT 2:00]
ausgeführt von:: c:\users\Annina\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-16 bis 2011-04-16 ))))))))))))))))))))))))))))))
.
.
2011-04-16 19:10 . 2011-04-16 19:10 -------- d-----w- c:\users\Annina\AppData\Local\temp
2011-04-16 19:10 . 2011-04-16 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-16 15:33 . 2007-03-23 02:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2011-04-16 08:17 . 2011-04-16 08:17 -------- d-----w- C:\_OTL
2011-04-15 05:45 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E72616CA-AE58-43B3-A99A-145455A5229C}\mpengine.dll
2011-03-23 16:45 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 16:45 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 16:45 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 22:17 . 2010-01-04 14:23 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-11 15:45 . 2011-02-11 15:45 8952 ----a-w- c:\windows\system32\vpncategories.dll
2011-02-11 15:44 . 2011-02-11 15:44 28920 ----a-w- c:\windows\system32\vpnevents.dll
2011-02-02 20:40 . 2010-10-18 21:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2009-10-07 18:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-13 18:48 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-13 18:48 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-13 18:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-13 18:48 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-13 18:48 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-13 18:48 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-13 18:47 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-13 18:47 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-13 18:48 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-13 18:48 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-13 18:47 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-13 18:48 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-13 18:47 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-13 18:48 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-13 18:48 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-13 18:48 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-13 18:48 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-13 18:48 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-13 18:48 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-13 18:48 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-13 18:48 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-13 18:48 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-13 18:48 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-13 18:48 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-13 18:48 683008 ----a-w- c:\windows\system32\d2d1.dll
2010-08-22 10:29 . 2008-10-16 20:03 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-21 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-22 30192]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2010-12-16 274608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-6-22 739880]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-26 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-12 06:33 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)]
2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-22 30192]
R3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\Drivers\hcw66xxx.sys [2008-02-27 418304]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-05 292152]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-07-05 79736]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 722288]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-02-11 603896]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-07-03 28464]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-06-28 75008]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-06-28 43904]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-20 15:17]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 17:43]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 17:43]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4135678904-582703395-1593682083-1000Core.job
- c:\users\Annina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 16:07]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4135678904-582703395-1593682083-1000UA.job
- c:\users\Annina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 16:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\users\Annina\AppData\Roaming\Mozilla\Firefox\Profiles\trrruo5j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: network.proxy.ftp - www-cache.uni-mannheim.de
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - www-cache.uni-mannheim.de
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - www-cache.uni-mannheim.de
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - www-cache.uni-mannheim.de
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - www-cache.uni-mannheim.de
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
FF - Ext: Zotero WinWord Integration: zoteroWinWordIntegration@zotero.org - %profile%\extensions\zoteroWinWordIntegration@zotero.org
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-EPGServiceTool - c:\progra~1\WinTV\EPG Services\System\EPGClient.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-16 21:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5876)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\btmmhook.dll
.
Zeit der Fertigstellung: 2011-04-16 21:14:37
ComboFix-quarantined-files.txt 2011-04-16 19:14
.
Vor Suchlauf: 13 Verzeichnis(se), 150.949.425.152 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 150.857.482.240 Bytes frei
.
- - End Of File - - B179060A62DF5A8A3F8EA7C0A2440D59
|
|
17.04.2011, 20:13
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Active Scan 2.0 findet Trj/Nabload.DMH Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.04.2011, 20:49
| #13 |
| | Active Scan 2.0 findet Trj/Nabload.DMH Number 1, der Rest folgt sofort: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-17 21:48:08
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0041
Running: 1ecrf364.exe; Driver: C:\Users\Annina\AppData\Local\Temp\awdiqpod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C606340, 0x3441C7, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2100] kernel32.dll!SetUnhandledExceptionFilter 7733A84F 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019c1ea12d4
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb1b08b1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb8cc560
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0019c1ea12d4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bfb1b08b1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bfb8cc560 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
|
|
17.04.2011, 21:08
| #14 |
| | Active Scan 2.0 findet Trj/Nabload.DMH Hab Online-Abfrage ausversehen auch gemacht. Hoffe das ist nicht schlimm? OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:06:42 on 17.04.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-4135678904-582703395-1593682083-1000Core.job" - "Google Inc." - C:\Users\Annina\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-4135678904-582703395-1593682083-1000UA.job" - "Google Inc." - C:\Users\Annina\AppData\Local\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Annina\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "giveio" (giveio) - ? - C:\Windows\System32\giveio.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "pavboot" (pavboot) - "Panda Security, S.L." - C:\Windows\System32\drivers\pavboot.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys "Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys "speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "{555D4D79-4BD2-4094-A395-CFC534424A05}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Annina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "googletalk" - "Google" - C:\Program Files\Google\Google Talk\googletalk.exe /autostart "ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "c:\program files\real\realplayer\Update\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll "hpf3l70v.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l70v.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Active File Monitor V5" (AdobeActiveFileMonitor5.0) - ? - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (File found, but it contains no detailed information) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PACSPTISVR" (PACSPTISVR) - ? - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe "SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) "VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe "VAIO Content Metadata XML Interface" (VcmXmlIfHelper) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe "VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe "VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe "VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe "VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe "VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe "VAIO Media Content Collection" (VAIOMediaPlatform-UCLS-AppServer) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe "VAIO Media Content Collection (HTTP)" (VAIOMediaPlatform-UCLS-HTTP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe "VAIO Media Content Collection (UPnP)" (VAIOMediaPlatform-UCLS-UPnP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe "VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe "VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe "VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe "VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe "VUAgent" (VUAgent) - "Sony Corporation" - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
17.04.2011, 21:09
| #15 |
| | Active Scan 2.0 findet Trj/Nabload.DMH MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Sony Corporation BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: Sony Corporation System Product Name: VGN-FZ21Z Logical Drives Mask: 0x0000003c Kernel Drivers (total 175): 0x82208000 \SystemRoot\system32\ntkrnlpa.exe 0x825C2000 \SystemRoot\system32\hal.dll 0x8060B000 \SystemRoot\system32\kdcom.dll 0x80612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80682000 \SystemRoot\system32\PSHED.dll 0x80693000 \SystemRoot\system32\BOOTVID.dll 0x8069B000 \SystemRoot\system32\CLFS.SYS 0x806DC000 \SystemRoot\system32\CI.dll 0x88006000 \SystemRoot\system32\drivers\Wdf01000.sys 0x88082000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8808F000 \SystemRoot\system32\drivers\acpi.sys 0x880D5000 \SystemRoot\system32\drivers\WMILIB.SYS 0x880DE000 \SystemRoot\system32\drivers\msisadrv.sys 0x880E6000 \SystemRoot\system32\drivers\pci.sys 0x8810D000 \SystemRoot\System32\drivers\partmgr.sys 0x8811C000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8811F000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x88129000 \SystemRoot\system32\drivers\volmgr.sys 0x88138000 \SystemRoot\System32\drivers\volmgrx.sys 0x88182000 \SystemRoot\system32\drivers\intelide.sys 0x88189000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x88197000 \SystemRoot\system32\DRIVERS\pcmcia.sys 0x881C4000 \SystemRoot\System32\drivers\mountmgr.sys 0x881D4000 \SystemRoot\system32\drivers\pavboot.sys 0x88203000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x882C1000 \SystemRoot\system32\drivers\atapi.sys 0x882C9000 \SystemRoot\system32\drivers\ataport.SYS 0x882E7000 \SystemRoot\system32\drivers\fltmgr.sys 0x88319000 \SystemRoot\system32\drivers\fileinfo.sys 0x88329000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x88332000 \SystemRoot\System32\Drivers\ksecdd.sys 0x88400000 \SystemRoot\system32\drivers\ndis.sys 0x8850B000 \SystemRoot\system32\drivers\msrpc.sys 0x88536000 \SystemRoot\system32\drivers\NETIO.SYS 0x88607000 \SystemRoot\System32\drivers\tcpip.sys 0x886F1000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8880F000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8891F000 \SystemRoot\system32\drivers\volsnap.sys 0x88958000 \SystemRoot\System32\Drivers\spldr.sys 0x88960000 \SystemRoot\system32\speedfan.sys 0x88962000 \SystemRoot\System32\Drivers\mup.sys 0x88971000 \SystemRoot\system32\giveio.sys 0x88972000 \SystemRoot\System32\drivers\ecache.sys 0x88999000 \SystemRoot\system32\drivers\disk.sys 0x889AA000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x889CB000 \SystemRoot\system32\drivers\crcdisk.sys 0x889E1000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x889EC000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x88800000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x889F5000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8C806000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8CED0000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8CF70000 \SystemRoot\System32\drivers\watchdog.sys 0x8CF7C000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8CF87000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8CFC5000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x88571000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8D434000 \SystemRoot\system32\DRIVERS\yk60x86.sys 0x8D472000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8D482000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8D490000 \SystemRoot\system32\drivers\ti21sony.sys 0x8D55C000 \SystemRoot\System32\Drivers\SonyNC.sys 0x8D563000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8D576000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8D581000 \SystemRoot\system32\DRIVERS\Apfiltr.sys 0x8D5AA000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8D5B5000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8D5CD000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0x8D5D3000 \SystemRoot\system32\DRIVERS\dne2000.sys 0x887CA000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x883A3000 \SystemRoot\system32\DRIVERS\storport.sys 0x8D5F1000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8CFD4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8D200000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x881DA000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8CFEB000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x883E4000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x807BC000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x807D1000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8D5FC000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8D801000 \SystemRoot\system32\DRIVERS\ks.sys 0x8D82B000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8D835000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8D842000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8D877000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8D888000 \SystemRoot\system32\drivers\stwrt.sys 0x8D8DB000 \SystemRoot\system32\drivers\portcls.sys 0x8D908000 \SystemRoot\system32\drivers\drmk.sys 0x8D92D000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x8F800000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x8F903000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x8F9B7000 \SystemRoot\system32\drivers\modem.sys 0x8F9C4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8F9CD000 \SystemRoot\System32\Drivers\Null.SYS 0x8F9D4000 \SystemRoot\System32\Drivers\Beep.SYS 0x8F9E4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8F9EB000 \SystemRoot\System32\drivers\vga.sys 0x8D96A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8F9F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8D98B000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8F9DB000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8D9A2000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8D9AA000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8D9B5000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8D9C3000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8D9CC000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8D9E2000 \SystemRoot\system32\DRIVERS\smb.sys 0x8FE0D000 \SystemRoot\system32\drivers\afd.sys 0x8FE55000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8FE87000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8FE9D000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8FEAB000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8FEBE000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8FEC4000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8FF00000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8FF0A000 \SystemRoot\system32\DRIVERS\DMICall.sys 0x8FF0B000 \SystemRoot\System32\Drivers\dfsc.sys 0x8FF22000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8FF48000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x8FF4A000 \SystemRoot\System32\Drivers\R5U870FLx86.sys 0x8FF5D000 \SystemRoot\System32\Drivers\usbvideo.sys 0x8FF7E000 \SystemRoot\System32\Drivers\R5U870FUx86.sys 0x8FF89000 \SystemRoot\System32\Drivers\LUsbFilt.Sys 0x8FF8F000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x8FF98000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8FFA8000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys 0x8FFAF000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8FFB7000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys 0x8FFBF000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8870C000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x8FFCC000 \SystemRoot\system32\drivers\usbaudio.sys 0x994D0000 \SystemRoot\System32\win32k.sys 0x8FFDE000 \SystemRoot\System32\drivers\Dxapi.sys 0x8FFE8000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x9A009000 \SystemRoot\System32\Drivers\bthport.sys 0x9A089000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x9A092000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9A0A1000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x9A0CA000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0x9A0D4000 \SystemRoot\system32\DRIVERS\bthpan.sys 0x9A0EE000 \SystemRoot\system32\drivers\btwavdt.sys 0x9A15B000 \SystemRoot\system32\drivers\btwaudio.sys 0x9A1D7000 \SystemRoot\system32\DRIVERS\btwl2cap.sys 0x9A1E1000 \SystemRoot\system32\DRIVERS\btwrchid.sys 0x996F0000 \SystemRoot\System32\TSDDD.dll 0x99710000 \SystemRoot\System32\cdd.dll 0x9A1E4000 \SystemRoot\system32\drivers\luafv.sys 0x807E1000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xA0C06000 \SystemRoot\system32\drivers\spsys.sys 0xA0CB6000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xA0CC6000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xA0CF0000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA0CFA000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA0D0D000 \SystemRoot\system32\drivers\HTTP.sys 0xA0D7A000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA0D97000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA0DB0000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA0DC5000 \SystemRoot\system32\drivers\mrxdav.sys 0xAAA0B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xAAA2A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xAAA63000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xAAA7B000 \SystemRoot\System32\DRIVERS\srv2.sys 0xAAAA3000 \SystemRoot\System32\DRIVERS\srv.sys 0xAAB0A000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys 0xAAB9A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0x8D20B000 \SystemRoot\system32\DRIVERS\NETw4v32.sys 0x8B006000 \SystemRoot\system32\drivers\peauth.sys 0x8B0E4000 \SystemRoot\system32\drivers\regi.sys 0x8B0E6000 \SystemRoot\System32\Drivers\secdrv.SYS 0x8B0F0000 \SystemRoot\System32\drivers\tcpipreg.sys 0x8B0FC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x8B111000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x8B123000 \SystemRoot\system32\DRIVERS\xaudio.sys 0x8B12B000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x77700000 \Windows\System32\ntdll.dll Processes (total 89): 0 System Idle Process 4 System 504 C:\Windows\System32\smss.exe 572 csrss.exe 636 C:\Windows\System32\wininit.exe 648 csrss.exe 680 C:\Windows\System32\services.exe 692 C:\Windows\System32\lsass.exe 700 C:\Windows\System32\lsm.exe 776 C:\Windows\System32\winlogon.exe 888 C:\Windows\System32\svchost.exe 968 C:\Windows\System32\svchost.exe 1020 C:\Windows\System32\svchost.exe 1100 C:\Windows\System32\svchost.exe 1128 C:\Windows\System32\svchost.exe 1140 C:\Windows\System32\svchost.exe 1272 C:\Windows\System32\audiodg.exe 1296 C:\Windows\System32\svchost.exe 1320 C:\Windows\System32\SLsvc.exe 1356 C:\Windows\System32\svchost.exe 1516 C:\Windows\System32\svchost.exe 1616 C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe 1792 C:\Windows\explorer.exe 1804 C:\Windows\System32\dwm.exe 1964 C:\Program Files\Apoint\Apoint.exe 1996 C:\Program Files\Sony\ISB Utility\ISBMgr.exe 2016 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe 216 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE 356 C:\Windows\System32\rundll32.exe 364 C:\Windows\System32\rundll32.exe 536 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 632 C:\Program Files\Real\RealPlayer\Update\realsched.exe 484 C:\Program Files\Common Files\Java\Java Update\jusched.exe 876 C:\Program Files\iTunes\iTunesHelper.exe 696 C:\Windows\ehome\ehtray.exe 952 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 1164 C:\Windows\ehome\ehmsas.exe 1404 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 1476 C:\Program Files\Logitech\SetPoint\SetPoint.exe 1216 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe 380 C:\Windows\System32\spoolsv.exe 1092 C:\Program Files\Avira\AntiVir Desktop\sched.exe 576 C:\Windows\System32\taskeng.exe 1208 C:\Windows\System32\svchost.exe 2052 C:\Windows\System32\taskeng.exe 2416 C:\Windows\System32\taskeng.exe 2452 C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe 2468 C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe 2680 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe 2796 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2840 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2860 C:\Program Files\Bonjour\mDNSResponder.exe 2880 C:\Windows\System32\svchost.exe 2896 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 2944 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 3016 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 3100 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe 3204 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe 3360 C:\Windows\System32\svchost.exe 3472 C:\Windows\System32\svchost.exe 3488 C:\Windows\System32\svchost.exe 3516 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 3548 C:\Windows\System32\stacsv.exe 3596 C:\Windows\System32\svchost.exe 3632 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe 3756 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe 3840 C:\Windows\System32\svchost.exe 3916 C:\Windows\System32\SearchIndexer.exe 4036 WUDFHost.exe 4044 C:\Windows\System32\drivers\XAudio.exe 2172 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe 2388 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe 3256 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe 1248 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe 4300 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 4468 C:\Program Files\iPod\bin\iPodService.exe 4480 C:\Windows\System32\mobsync.exe 4888 C:\Program Files\Windows Media Player\wmplayer.exe 4980 C:\Program Files\Apoint\ApMsgFwd.exe 5156 C:\Program Files\Apoint\ApntEx.exe 5192 C:\Windows\System32\conime.exe 2152 C:\Windows\System32\svchost.exe 4656 C:\Program Files\Mozilla Firefox\firefox.exe 2992 taskeng.exe 3660 C:\Windows\System32\SearchProtocolHost.exe 5548 C:\Windows\System32\SearchFilterHost.exe 5672 dllhost.exe 6064 dllhost.exe 5048 C:\Users\Annina\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ac900000 (NTFS) PhysicalDrive0 Model Number: FUJITSUMHX2300BT, Rev: 0041000B Size Device Name MBR Status -------------------------------------------- 279 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
|
| Themen zu Active Scan 2.0 findet Trj/Nabload.DMH |
| .dll, antivir, csrss.exe, desktop, explorer.exe, free, google, log-file, lsass.exe, malware, microsoft, modul, namen, nt.dll, programm, prozesse, registry, rundll, rundll32.exe, scan, sched.exe, services.exe, software, svchost.exe, verweise, viren, virus gefunden, windows, winlogon.exe |
Linear-Darstellung
