Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 24.04.2011, 18:29   #1
john_woo
 
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Standard

TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!



Hallo,

habe wie viele hier den TR/Kazy.mekml.1 auf dem laptop. hoffe es kann mir jemand helfen, habe den OTL-scan bereits durchgeführt, wie hier von "markusg" beschrieben:

Zitat:
Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
OTL.txt:

Code:
ATTFilter
OTL logfile created on: 24.04.2011 18:59:05 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Chico\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 330,00 Mb Available Physical Memory | 32,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 46,57 Gb Total Space | 5,91 Gb Free Space | 12,70% Space Free | Partition Type: NTFS
Drive D: | 39,60 Gb Total Space | 21,60 Gb Free Space | 54,53% Space Free | Partition Type: NTFS
Drive F: | 618,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NAME-4FA6E57B07 | User Name: Chico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Chico\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dAmLSTWYyWMb.exe (WinTrust)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Greenshot\Greenshot.exe ()
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\attrib.exe (Microsoft Corporation)
PRC - C:\Programme\Videoload Manager\ContentManager.exe (ACE GmbH)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe ()
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktopDisplay.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPROXY.EXE (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCSETMGR.EXE (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCAPP.EXE (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Chico\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\Programme\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.)
MOD - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCL40.DLL (Symantec Corporation)
MOD - C:\Programme\Gemeinsame Dateien\Symantec Shared\AntiSpam\asOEHook.dll (Symantec Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) --  File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (osppsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ContentMgrService) -- C:\Programme\Videoload Manager\ContentManager.exe (ACE GmbH)
SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (SNDSrvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccProxy) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccISPwdSvc) -- C:\Programme\Norton Internet Security\ccPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Programme\Norton Internet Security\comHost.exe (Symantec Corporation)
SRV - (MZCCntrl) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
SRV - (NSCService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ithsgt) -- C:\WINDOWS\system32\drivers\ithsgt.sys ()
DRV - (lilsgt) -- C:\WINDOWS\system32\drivers\lilsgt.sys ()
DRV - (SYMIDSCO) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\idsdefs\20110312.001\SymIDSCo.sys (Symantec Corporation)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (SSHDRV86) -- C:\WINDOWS\system32\drivers\SSHDRV86.sys ()
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (MACNDIS5) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys (Marmiko IT-Solutions GmbH)
DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (PTV337) -- C:\WINDOWS\system32\drivers\PTV337.SYS ()
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (SI3132) -- C:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (PrivateDisk) -- C:\WINDOWS\system32\drivers\privatediskm.sys (Utimaco Safeware AG)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
 
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.8
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..network.proxy.http: "204.8.155.227"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.08.28 20:36:55 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2011.04.24 16:05:58 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.25 13:58:31 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.25 13:58:31 | 000,000,000 | -H-D | M]
 
[2008.12.25 23:49:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Extensions
[2011.04.24 16:57:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\extensions
[2011.04.22 13:24:52 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.02.27 21:44:42 | 000,000,000 | -H-D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.04.11 14:54:30 | 000,000,000 | -H-D | M] (Mein Gutscheincode Finder) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\extensions\finder@meingutscheincode.de
[2011.01.26 21:42:18 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\extensions\firefox@tvunetworks.com
[2010.03.08 19:30:38 | 000,000,000 | -H-D | M] (Personas) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\extensions\personas@christopher.beard
[2010.09.11 14:13:26 | 000,000,000 | -H-D | M] (vShare Plugin) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\extensions\vshare@toolbar
[2010.10.01 13:24:45 | 000,000,873 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\searchplugins\conduit.xml
[2009.02.27 21:44:38 | 000,003,915 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\searchplugins\sweetim.xml
[2011.04.24 16:57:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.14 19:02:39 | 000,000,000 | -H-D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.15 14:19:12 | 000,000,000 | -H-D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.24 16:05:58 | 000,000,000 | -H-D | M] (ZoneAlarm Security Engine) -- C:\PROGRAMME\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2010.11.14 19:02:20 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.11.12 19:53:06 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2006.08.09 12:16:08 | 000,030,408 | -H-- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npWebLaunch.dll
[2010.11.06 01:35:04 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.06 01:35:04 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.06 01:35:04 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.06 01:35:05 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.06 01:35:05 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} -  File not found
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} -  File not found
O3 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [ISUSPM Startup]  File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run:  C:\Programme\Norton Internet Security\URLLSTCK.EXE (Symantec Corporation)
O4 - HKLM..\Run: [VAIO Update 4] C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008..\Run: [dAmLSTWYyWMb] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dAmLSTWYyWMb.exe (WinTrust)
O4 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008..\Run: [Greenshot] C:\Programme\Greenshot\Greenshot.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MediaTV Monitor.lnk = C:\Programme\ADS Tech\MediaTV\MediaTVMonitor.exe (ADS Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Übertragen mit Image Converter 2 Plus - C:\Programme\Sony\Image Converter 2\menu.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..Trusted Domains: bk-giulini.com ([owa] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..Trusted Domains: bk-giulini.com ([www.owa] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as01.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.16 16:05:55 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003.07.15 20:57:36 | 000,544,768 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.07.12 00:46:10 | 000,569,344 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2004.10.22 11:35:40 | 000,000,000 | R--D | M] - F:\autorun -- [ CDFS ]
O32 - AutoRun File - [2003.06.12 15:28:08 | 000,000,076 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3338d706-1b70-11de-bb2b-0013a90a57fc}\Shell\AutoRun\command - "" = G:\Menu.exe
O33 - MountPoints2\{6e88bb40-ab3f-11de-bcb1-0013a90a57fc}\Shell\AutoRun\command - "" = H:\WDSetup.exe
O33 - MountPoints2\{a264a37f-f5f4-11de-bd39-001302adddf7}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\Shell\AutoRun\command - "" = F:\Madden04.exe -- [2003.07.06 01:39:04 | 000,172,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Programme\Gemeinsame Dateien\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (65034330371522560)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.24 19:03:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Chico\Recent
[2011.04.24 18:53:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Malwarebytes
[2011.04.24 18:53:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.24 18:53:32 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.24 18:53:30 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.24 18:53:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.04.24 18:53:22 | 000,000,000 | -H-D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.24 18:52:26 | 007,734,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Chico\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.24 17:09:57 | 000,066,896 | -H-- | C] (Malwarebytes Corporation) -- C:\Dokumente und Einstellungen\Chico\Desktop\mbam-clean.exe
[2011.04.24 16:22:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.24 16:06:05 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Eigene Dateien\ForceField Shared Files
[2011.04.24 16:06:04 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\CheckPoint
[2011.04.24 16:05:37 | 000,000,000 | -H-D | C] -- C:\Programme\CheckPoint
[2011.04.24 16:05:33 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ZoneAlarm
[2011.04.24 16:05:26 | 000,046,592 | -H-- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc0407.dll
[2011.04.24 16:05:24 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2011.04.24 16:05:21 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2011.04.24 16:05:21 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2011.04.24 16:05:15 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2011.04.24 16:05:13 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2011.04.24 16:05:13 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2011.04.24 16:05:13 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2011.04.24 16:05:13 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2011.04.24 16:05:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2011.04.24 16:05:11 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2011.04.24 16:05:10 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs
[2011.04.24 16:04:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011.04.24 16:04:25 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2011.04.24 16:04:25 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2011.04.24 16:04:25 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2011.04.23 14:16:12 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Chico\Desktop\OTL.exe
[2011.04.23 13:21:01 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Desktop\desktop
[2011.04.23 11:28:03 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Startmenü\Programme\Windows Recovery
[2011.04.23 11:17:53 | 000,569,344 | -H-- | C] (WinTrust) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dAmLSTWYyWMb.exe
[2011.04.13 20:01:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Eigene Dateien\MVP Baseball 2005
[2011.04.12 17:53:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\XPSViewer
[2011.04.12 17:52:55 | 000,000,000 | -H-D | C] -- C:\Programme\MSBuild
[2011.04.12 17:52:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\en-US
[2011.04.12 17:52:40 | 000,000,000 | -H-D | C] -- C:\Programme\Reference Assemblies
[2011.04.12 17:51:58 | 000,597,504 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011.04.12 17:51:58 | 000,575,488 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011.04.12 17:51:58 | 000,117,760 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011.04.12 17:51:58 | 000,089,088 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011.04.12 17:51:57 | 001,676,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011.04.12 17:51:57 | 001,676,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011.04.11 15:03:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Greenshot
[2011.04.11 15:03:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Greenshot
[2011.04.11 15:03:09 | 000,000,000 | -H-D | C] -- C:\Programme\Greenshot
[2011.04.11 14:54:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2011.04.11 14:54:38 | 000,000,000 | -H-D | C] -- C:\Programme\Conduit
[2011.04.11 14:54:37 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\Winload
[2011.04.11 14:54:35 | 000,000,000 | -H-D | C] -- C:\Programme\Winload
[2011.04.01 22:00:15 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Eigene Dateien\Madden NFL 2004
[2011.04.01 20:31:05 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Eigene Dateien\NBA Live 2003
[2011.04.01 20:21:59 | 000,000,000 | -H-D | C] -- C:\Programme\EA SPORTS
[2008.08.29 20:17:03 | 025,842,760 | -H-- | C] (Microsoft Corporation) -- C:\Programme\wmp11-windowsxp-x86-DE-DE.exe
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.24 18:53:32 | 000,000,760 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.24 18:52:24 | 007,734,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Chico\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.24 18:46:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.24 18:46:50 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.24 18:27:33 | 000,000,344 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18472756
[2011.04.24 18:27:30 | 000,487,424 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18472756.exe
[2011.04.24 18:26:01 | 048,132,096 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Desktop\zaSetup_92_105_000_de.exe
[2011.04.24 17:27:54 | 000,000,344 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19849012
[2011.04.24 17:09:52 | 000,066,896 | -H-- | M] (Malwarebytes Corporation) -- C:\Dokumente und Einstellungen\Chico\Desktop\mbam-clean.exe
[2011.04.24 16:46:19 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.24 16:06:39 | 000,427,421 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011.04.24 16:05:34 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011.04.24 16:05:33 | 000,000,715 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Desktop\ZoneAlarm Security.lnk
[2011.04.24 15:42:52 | 048,045,056 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Desktop\zaSetup_92_058_000_de.exe
[2011.04.23 14:16:10 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Chico\Desktop\OTL.exe
[2011.04.23 11:49:18 | 000,045,378 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.04.23 11:27:52 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19652404
[2011.04.23 11:17:50 | 000,569,344 | -H-- | M] (WinTrust) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dAmLSTWYyWMb.exe
[2011.04.22 11:06:50 | 000,481,976 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.22 11:06:50 | 000,459,288 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.22 11:06:50 | 000,094,816 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.22 11:06:50 | 000,078,942 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.16 12:54:03 | 000,285,312 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.16 12:47:38 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.13 20:54:10 | 000,001,724 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MVP Baseball 2005.lnk
[2011.04.05 16:53:17 | 000,056,832 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.01 21:32:55 | 000,001,721 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Madden NFL 2004.lnk
[2011.04.01 21:24:15 | 000,001,383 | -H-- | M] () -- C:\WINDOWS\eReg.dat
[2011.04.01 20:25:56 | 000,001,688 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NBA Live 2003.lnk
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.24 18:53:32 | 000,000,760 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.24 18:27:33 | 000,000,344 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18472756
[2011.04.24 18:27:30 | 000,487,424 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18472756.exe
[2011.04.24 18:24:28 | 048,132,096 | -H-- | C] () -- C:\Dokumente und Einstellungen\Chico\Desktop\zaSetup_92_105_000_de.exe
[2011.04.24 17:27:54 | 000,000,344 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19849012
[2011.04.24 16:05:34 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011.04.24 16:05:33 | 000,000,715 | -H-- | C] () -- C:\Dokumente und Einstellungen\Chico\Desktop\ZoneAlarm Security.lnk
[2011.04.24 16:05:11 | 000,427,421 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011.04.24 16:04:15 | 048,045,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\Chico\Desktop\zaSetup_92_058_000_de.exe
[2011.04.23 11:27:52 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19652404
[2011.04.13 19:47:21 | 000,001,724 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MVP Baseball 2005.lnk
[2011.04.01 21:32:55 | 000,001,721 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Madden NFL 2004.lnk
[2011.04.01 20:25:56 | 000,001,688 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NBA Live 2003.lnk
[2011.01.03 21:10:34 | 000,000,059 | -H-- | C] () -- C:\WINDOWS\RUNAWAY.INI
[2010.11.05 16:50:59 | 000,162,432 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys
[2010.11.05 16:50:58 | 000,012,032 | -H-- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys
[2010.03.19 15:37:37 | 000,281,760 | -H-- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010.03.19 15:37:36 | 000,025,888 | -H-- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.12.20 18:52:46 | 000,000,010 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat
[2008.12.25 23:49:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2008.10.15 21:29:39 | 000,000,009 | -H-- | C] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\mdb.bin
[2008.09.17 19:05:18 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.08.28 20:31:29 | 009,960,408 | -H-- | C] () -- C:\Programme\Videoload_Manager_Setup_1.0.1514.exe
[2008.08.16 13:48:22 | 000,056,832 | -H-- | C] () -- C:\Dokumente und Einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.01 22:34:42 | 000,000,138 | -H-- | C] () -- C:\Dokumente und Einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.01.04 22:09:22 | 000,081,408 | -H-- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV86.sys
[2007.12.30 10:38:45 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\patchw32.dll
[2007.12.30 10:37:39 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\pw32a.dll
[2007.07.23 09:03:32 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.01.29 12:16:34 | 000,000,305 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.12.19 21:15:26 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006.10.30 13:26:36 | 000,184,064 | -H-- | C] () -- C:\WINDOWS\System32\drivers\PTV337.SYS
[2006.10.29 15:57:10 | 000,001,383 | -H-- | C] () -- C:\WINDOWS\eReg.dat
[2006.04.27 06:09:58 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006.04.27 06:00:57 | 000,019,968 | -H-- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006.04.27 05:57:55 | 000,000,143 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2006.03.17 14:18:13 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006.03.17 11:49:15 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006.03.17 11:49:15 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006.03.17 11:49:15 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006.03.17 11:49:15 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006.03.17 11:49:15 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006.03.17 11:49:15 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006.03.17 11:41:14 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2006.03.17 11:40:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006.03.16 16:08:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.03.16 16:02:07 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.03.16 15:54:56 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.03.16 15:54:05 | 000,285,312 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.03.16 07:48:19 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.03.16 07:48:10 | 000,004,152 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.03.16 07:47:56 | 000,481,976 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.03.16 07:47:56 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.03.16 07:47:56 | 000,094,816 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.03.16 07:47:56 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.03.16 07:47:21 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.03.16 07:47:18 | 000,459,288 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.03.16 07:47:18 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.03.16 07:47:18 | 000,078,942 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.03.16 07:47:18 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.03.16 07:47:16 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.03.16 07:47:16 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.03.16 07:47:15 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.03.16 07:47:09 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.03.16 07:47:09 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.03.16 07:46:59 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.03.16 07:46:52 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005.11.01 10:53:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005.08.05 15:26:04 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[1998.03.25 21:12:00 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\vbzlib.dll
 
========== LOP Check ==========
 
[2008.03.13 04:36:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2008.08.28 20:36:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fluxDVD
[2010.04.06 17:15:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI
[2008.08.28 20:36:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpDRM
[2009.02.27 21:44:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2008.08.16 14:04:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2008.08.17 14:05:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WEBDE
[2011.04.24 16:06:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\CheckPoint
[2010.07.19 23:42:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Games
[2011.04.11 15:03:17 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Greenshot
[2011.01.24 23:50:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\gtk-2.0
[2008.09.25 02:44:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\ICQ
[2008.08.17 16:01:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\ICQ Toolbar
[2008.08.09 13:52:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\InterVideo
[2010.05.19 16:27:01 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Leadertech
[2008.11.16 23:32:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\OpenOffice.org
[2011.04.07 20:15:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\PriceGong
[2011.03.19 22:54:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\ScummVM
[2008.08.17 14:05:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\SmartSurfer
[2008.09.21 22:18:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony
[2008.08.16 14:06:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\T-Online
[2008.10.28 21:40:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\WEB.DE
[2008.08.17 14:05:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\WEBDE
[2008.08.13 18:17:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SmartSurfer
[2007.01.07 17:32:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\sony
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.05.01 16:10:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Adobe
[2008.08.24 20:18:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\AdobeUM
[2008.08.01 22:35:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\ArcSoft
[2010.05.05 22:23:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Avira
[2011.04.24 16:06:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\CheckPoint
[2011.03.20 00:04:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\dvdcss
[2010.07.19 23:42:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Games
[2008.08.16 17:44:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Google
[2011.04.11 15:03:17 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Greenshot
[2011.01.24 23:50:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\gtk-2.0
[2008.09.25 02:44:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\ICQ
[2008.08.17 16:01:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\ICQ Toolbar
[2006.03.16 16:06:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Identities
[2008.08.09 13:52:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\InterVideo
[2010.05.19 16:27:01 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Leadertech
[2010.01.18 01:28:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Macromedia
[2011.04.24 18:53:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Malwarebytes
[2011.02.25 16:50:38 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft
[2008.12.25 23:49:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla
[2008.11.16 23:32:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\OpenOffice.org
[2011.04.07 20:15:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\PriceGong
[2011.03.19 22:54:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\ScummVM
[2010.05.19 16:30:27 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\SecuROM
[2008.08.17 14:05:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\SmartSurfer
[2008.09.21 22:18:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony
[2008.11.23 16:47:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Sony Corporation
[2008.11.10 18:57:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Sun
[2008.08.16 14:06:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\T-Online
[2010.06.10 22:48:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\vlc
[2008.10.28 21:40:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\WEB.DE
[2008.08.17 14:05:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\WEBDE
[2010.01.18 12:47:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.11.05 16:50:57 | 000,010,134 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\ARPPRODUCTICON.exe
[2010.11.05 16:50:57 | 000,004,286 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Fahrenheit.exe_B11493A1D18C4B5FAD8D53D777C9C16A.exe
[2010.11.05 16:50:58 | 000,008,854 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Uninstall_Fahrenheit_8C2B6FBDC8D14FA595F7B3231B7D8CBC.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_125f4299.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_23282bdc.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_2d9c7675.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_336a1ea6.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_3b7168ec.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_3eba2d5d.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_4a0d7d39.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_4a284e1.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_5bbf367c.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_68476603.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_6f9a65a9.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_71196d74.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_779c5be5.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_7fd2260b.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_8a42c42.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_c8d278f.exe
[2005.02.13 18:22:00 | 001,178,540 | -H-- | M] (Sony ITE                                                                                                                                                                                                                 ) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\npm.exe
[2005.10.10 22:12:00 | 003,933,908 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_de.exe
[2005.10.10 22:12:00 | 003,943,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_en.exe
[2005.10.10 22:12:00 | 003,939,540 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_es.exe
[2005.10.10 22:12:00 | 003,942,068 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_fr.exe
[2005.10.10 22:12:00 | 003,938,964 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_it.exe
[2005.10.10 22:08:00 | 003,942,708 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_nl.exe
[2005.10.10 22:06:00 | 003,357,076 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_de.exe
[2005.10.10 22:07:00 | 003,362,060 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_en.exe
[2005.10.10 22:07:00 | 003,355,524 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_es.exe
[2005.10.10 22:07:00 | 003,356,780 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_fr.exe
[2005.10.10 22:07:00 | 003,356,484 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_it.exe
[2005.10.10 22:06:00 | 003,357,324 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_nl.exe
[2004.12.01 11:00:00 | 000,405,504 | -H-- | M] (Sony Corporation) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\tools\PcName.exe
[2005.10.13 13:16:26 | 001,922,580 | -H-- | M] (Sony Corporation) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\update\update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.10 14:00:00 | 017,006,491 | RH-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.10 14:00:00 | 017,006,491 | RH-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.10 14:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 08:52:12 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:52:12 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.10 14:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2007.06.13 15:10:08 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 15:21:45 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 08:52:20 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:52:20 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.10 14:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 08:52:24 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:52:24 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.10 14:00:00 | 000,186,880 | -H-- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | -H-- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | -H-- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 08:53:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.10 14:00:00 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.14 01:07:41 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=4C5B48AB9179DE15A7B6A48DC8E56121 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.10 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.10 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.03.16 16:53:32 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.03.16 16:53:32 | 000,663,552 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.03.16 16:53:32 | 000,442,368 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >
         

Alt 24.04.2011, 18:30   #2
john_woo
 
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Standard

TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!



Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 24.04.2011 18:59:05 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Chico\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 330,00 Mb Available Physical Memory | 32,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 46,57 Gb Total Space | 5,91 Gb Free Space | 12,70% Space Free | Partition Type: NTFS
Drive D: | 39,60 Gb Total Space | 21,60 Gb Free Space | 54,53% Space Free | Partition Type: NTFS
Drive F: | 618,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NAME-4FA6E57B07 | User Name: Chico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1618721415-3483923378-2945908914-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Google\Google Talk\googletalk.exe" = C:\Programme\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Programme\Avira\AntiVir Desktop\update.exe" = C:\Programme\Avira\AntiVir Desktop\update.exe:*:Enabled:update -- (Avira GmbH)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Enabled:Adobe Photoshop Elements Media Server -- ()
"C:\Programme\Avira\AntiVir PersonalEdition Classic\avcenter.exe" = C:\Programme\Avira\AntiVir PersonalEdition Classic\avcenter.exe:*:Enabled:Avira AntiVir Personal starten
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam
"C:\Programme\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe" = C:\Programme\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe:*:Enabled:Audiosurf
"C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" = C:\Programme\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:mbam -- (Malwarebytes Corporation)
"C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" = C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:mbamgui -- (Malwarebytes Corporation)
"C:\Programme\Malwarebytes' Anti-Malware\mbam.dll" = C:\Programme\Malwarebytes' Anti-Malware\mbam.dll:*:Enabled:mbam.dll -- (Malwarebytes Corporation)
"C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe" = C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe:*:Enabled:mbamservice -- (Malwarebytes Corporation)
"C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll" = C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll:*:Enabled:mbamext.dll -- (Malwarebytes Corporation)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref:*:Enabled:rules.ref -- ()
"C:\WINDOWS\system32\drivers\mbam.sys" = C:\WINDOWS\system32\drivers\mbam.sys:*:Enabled:mbam -- (Malwarebytes Corporation)
"C:\WINDOWS\system32\drivers\mbamswissarmy.sys" = C:\WINDOWS\system32\drivers\mbamswissarmy.sys:*:Enabled:mbamswissarmy -- (Malwarebytes Corporation)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{16E43D5F-5296-4D53-B303-9D951AFE510F}" = Airline Tycoon Evolution
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{266C7330-C0F4-49E5-8F20-A56F9F822875}" = SweetIM Toolbar for Internet Explorer 3.3
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3B29A786-5803-4E9E-9B58-3014A5B4E519}" = Norton AntiSpam
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Google AFE
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{48E9DE14-39D1-4974-91A6-D4E1836F648D}" = SafeGuard® PrivateDisk 1.00.6 - Try and Buy Version
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{5549C19D-46FE-4975-AD54-5B37E87FF6E2}" = SweetIM for Messenger 2.6
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{57ABE5FC-9E26-49E0-00A3-CF45D750B1AB}" = MVP Baseball 2005
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7032E73F-68A0-48F9-8100-E70E79169BAE}" = AGEIA PhysX v6.12.02
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{827B97A9-B347-4110-9F89-37AF2B758F94}" = NHL™ 09
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9F60FF4E-725D-4B28-0094-FDADF5E73647}" = NBA Live 2003
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.4
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{AD8C0C77-7BBF-4CE7-89B7-DB95AFBE2708}" = ADS Tech MediaTV
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BA10AC78-E687-4523-8B93-540428FC256F}" = Fahrenheit
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C2FCB62F-D79F-4395-009C-A703AC9FB64F}" = Madden NFL 2004
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.20
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F656DC79-013A-4683-8692-B938FC00B941}" = DkZ Studio
"{F9BB1E62-F290-427E-9480-993101301EC8}" = Mini DigitalTV USB
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine 
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Desktop" = Google Desktop
"Greenshot_is1" = Greenshot
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"Jagged Alliance 2" = Jagged Alliance 2
"Leisure Suit Larry 2 Point and Click" = Leisure Suit Larry 2 Point and Click
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenMG HotFix4.4-05-12-06-01" = OpenMG Limited Patch 4.4-06-13-19-01
"Picasa2" = Picasa 2
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ScummVM Tools_is1" = ScummVM Tools 1.2.0
"ScummVM_is1" = ScummVM 1.2.1
"SopCast" = SopCast 3.2.4
"Stacked with Daniel Negreanu_is1" = Stacked 1.1
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2006 (Symantec Corporation)
"The Westerner_is1" = The Westerner 1.3
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VERMEER" = VERMEER
"Videoload Manager" = Videoload Manager 1.0.1514
"VLC media player" = VLC media player 0.9.8a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zattoo" = Zattoo 3.3.4 Beta
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"Zuma Deluxe_is1" = Zuma Deluxe
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.04.2011 11:53:27 | Computer Name = NAME-4FA6E57B07 | Source = LiveUpdate | ID = 2752570
Description = 
 
Error - 23.04.2011 11:53:27 | Computer Name = NAME-4FA6E57B07 | Source = LiveUpdate | ID = 2752567
Description = 
 
Error - 24.04.2011 09:42:56 | Computer Name = NAME-4FA6E57B07 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung 18472756.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 24.04.2011 09:51:19 | Computer Name = NAME-4FA6E57B07 | Source = MBAMService | ID = 131073
Description = 
 
Error - 24.04.2011 09:53:15 | Computer Name = NAME-4FA6E57B07 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.4095, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.04.2011 09:53:37 | Computer Name = NAME-4FA6E57B07 | Source = LiveUpdate | ID = 2752570
Description = 
 
Error - 24.04.2011 09:53:37 | Computer Name = NAME-4FA6E57B07 | Source = LiveUpdate | ID = 2752567
Description = 
 
Error - 24.04.2011 10:33:19 | Computer Name = NAME-4FA6E57B07 | Source = MsiInstaller | ID = 11922
Description = Product: SPBBC -- Error 1922.Service Symantec SPBBCSvc (SPBBCSvc) 
could not be deleted.  Verify that you have sufficient privileges to remove system
 services.
 
Error - 24.04.2011 10:34:48 | Computer Name = NAME-4FA6E57B07 | Source = MsiInstaller | ID = 11922
Description = Product: SPBBC -- Error 1922.Service Symantec SPBBCSvc (SPBBCSvc) 
could not be deleted.  Verify that you have sufficient privileges to remove system
 services.
 
Error - 24.04.2011 11:43:08 | Computer Name = NAME-4FA6E57B07 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung 19849012.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 23.04.2011 07:56:33 | Computer Name = NAME-4FA6E57B07 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
 
Error - 23.04.2011 09:27:04 | Computer Name = NAME-4FA6E57B07 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SI3132
 
Error - 23.04.2011 09:27:08 | Computer Name = NAME-4FA6E57B07 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 24.04.2011 11:14:45 | Computer Name = NAME-4FA6E57B07 | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Die Hardware des Embedded Controllers (EC) hat nicht
 innerhalb des Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware
 oder -Firmware bzw. auf ein schlecht angelegtes BIOS hin, das auf nicht sichere
 Art und Weise auf den EC zugreift. Der EC-Treiber wird erneut versuchen, die fehlgeschlagene
 Transaktion durchzuführen.
 
Error - 24.04.2011 11:16:03 | Computer Name = NAME-4FA6E57B07 | Source = NetBT | ID = 4321
Description = Der Name "MSHEIMNETZ     :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.104
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.04.2011 11:23:02 | Computer Name = NAME-4FA6E57B07 | Source = NetBT | ID = 4321
Description = Der Name "MSHEIMNETZ     :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.104
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.04.2011 11:28:12 | Computer Name = NAME-4FA6E57B07 | Source = NetBT | ID = 4321
Description = Der Name "MSHEIMNETZ     :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.104
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.04.2011 12:17:53 | Computer Name = NAME-4FA6E57B07 | Source = BROWSER | ID = 8032
Description = Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport
 "\Device\NetBT_Tcpip_{5AEFB258-B610-4F09-8DD2-E0D6F7C171D6}" zu oft fehl.  Der Sicherungssuchdienst
 wird beendet.
 
Error - 24.04.2011 12:23:54 | Computer Name = NAME-4FA6E57B07 | Source = PlugPlayManager | ID = 12
Description = Das Gerät "SONY DVD RW DW-G520A" (IDE\CdRomSONY_DVD_RW_DW-G520A____________________GFS2____\5&1fd6619f&0&0.0.0)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 24.04.2011 12:53:10 | Computer Name = NAME-4FA6E57B07 | Source = BROWSER | ID = 8032
Description = Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport
 "\Device\NetBT_Tcpip_{5AEFB258-B610-4F09-8DD2-E0D6F7C171D6}" zu oft fehl.  Der Sicherungssuchdienst
 wird beendet.
 
 
< End of report >
         
habe jetzt mal noch Malwarebytes drüber laufen lassen und unhide.exe ausgeführt. dateien sind wieder sichtbar und ich bekomme keine fehlermeldungen mehr.
kann mir bitte jemand helfen, wie ich jetzt weiter verfahren muss, oder bin ich den virus schon los. danke!

malwarebytes-log:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 6433
 
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
 
25.04.2011 00:19:28
mbam-log-2011-04-25 (00-19-28).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 267827
Laufzeit: 1 Stunde(n), 39 Minute(n), 19 Sekunde(n)
 
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
 
Infizierte Speicherprozesse:
c:\dokumente und einstellungen\all users\anwendungsdaten\damlstwyywmb.exe (Trojan.FakeAlert) -> 3724 -> Unloaded process successfully.
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dAmLSTWYyWMb (Trojan.FakeAlert) -> Value: dAmLSTWYyWMb -> Quarantined and deleted successfully.
 
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
c:\dokumente und einstellungen\all users\anwendungsdaten\damlstwyywmb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\18472756.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Chico\Desktop\ultrasurf.exe (Trojan.UltraSurf) -> Quarantined and deleted successfully.
         
__________________


Alt 25.04.2011, 15:05   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Standard

TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________

Alt 25.04.2011, 17:35   #4
john_woo
 
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Standard

TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!



hallo arne,

hier noch ein aktueller log von eben. davor hab ich keine:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6440

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

25.04.2011 18:24:44
mbam-log-2011-04-25 (18-24-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 268529
Laufzeit: 3 Stunde(n), 31 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programme\WinRAR\Zip.SFX (Malware.Packer.Gen) -> Quarantined and deleted successfully.
         
hab in einem anderen thread gelesen, dass zonealarm nicht gut wär, kann ich das also gleich wieder runterlöschen? reicht die windows-firewall alleine aus, oder benötigt man noch zusätzliche programme.


gruß - john

PS: sorry für den ersten strang, da hatte ich noch das problem, dass das updaten von Malwarebytes nicht funktioniert hat, hat sich aber erledigt.

Alt 25.04.2011, 20:23   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Standard

TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!



Behalt nur die Windows-Firewall, andere Software-Firewalls sind kontraproduktiv.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.16 16:05:55 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003.07.15 20:57:36 | 000,544,768 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.07.12 00:46:10 | 000,569,344 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2004.10.22 11:35:40 | 000,000,000 | R--D | M] - F:\autorun -- [ CDFS ]
O32 - AutoRun File - [2003.06.12 15:28:08 | 000,000,076 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3338d706-1b70-11de-bb2b-0013a90a57fc}\Shell\AutoRun\command - "" = G:\Menu.exe
O33 - MountPoints2\{6e88bb40-ab3f-11de-bcb1-0013a90a57fc}\Shell\AutoRun\command - "" = H:\WDSetup.exe
O33 - MountPoints2\{a264a37f-f5f4-11de-bd39-001302adddf7}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\Shell\AutoRun\command - "" = F:\Madden04.exe -- [2003.07.06 01:39:04 | 000,172,032 | R--- | M] ()
FF - prefs.js..network.proxy.http: "204.8.155.227"
FF - prefs.js..network.proxy.http_port: 3127
:Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1*
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~*
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.04.2011, 23:01   #6
john_woo
 
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Standard

TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!



alles klar, hier der log:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\AutoRunGUI.dll scheduled to be moved on reboot.
File  not found.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3338d706-1b70-11de-bb2b-0013a90a57fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3338d706-1b70-11de-bb2b-0013a90a57fc}\ not found.
File G:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e88bb40-ab3f-11de-bcb1-0013a90a57fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e88bb40-ab3f-11de-bcb1-0013a90a57fc}\ not found.
File H:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a264a37f-f5f4-11de-bd39-001302adddf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a264a37f-f5f4-11de-bd39-001302adddf7}\ not found.
File G:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{baf24a82-613a-11db-b693-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{baf24a82-613a-11db-b693-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{baf24a82-613a-11db-b693-806d6172696f}\ not found.
File move failed. F:\Madden04.exe scheduled to be moved on reboot.
Prefs.js: "204.8.155.227" removed from network.proxy.http
Prefs.js: 3127 removed from network.proxy.http_port
========== FILES ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18472756 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19652404 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19849012 moved successfully.
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~* not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: All Users
 
User: Chico
->Temp folder emptied: 349777317 bytes
->Temporary Internet Files folder emptied: 69885286 bytes
->Java cache emptied: 19070672 bytes
->FireFox cache emptied: 113654996 bytes
->Flash cache emptied: 532714 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: LocalService
->Temp folder emptied: 1130728 bytes
->Temporary Internet Files folder emptied: 58690 bytes
->Flash cache emptied: 348 bytes
 
User: NetworkService
->Temp folder emptied: 2130344 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 4 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 4551933 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25995865 bytes
RecycleBin emptied: 5679 bytes
 
Total Files Cleaned = 560,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04252011_234117

Files\Folders moved on Reboot...
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\AutoRunGUI.dll scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\Madden04.exe scheduled to be moved on reboot.
C:\WINDOWS\temp\IswTmp\Logs\ISWSHEX.swl moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_78c.dat not found!

Registry entries deleted on Reboot...
         

Alt 26.04.2011, 11:01   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Standard

TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.04.2011, 14:22   #8
john_woo
 
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Standard

TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!



hier der log vom tdsskiller (kein fund angezeigt):
Code:
ATTFilter
2011/04/26 12:48:48.0750 3848	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/26 12:48:48.0796 3848	================================================================================
2011/04/26 12:48:48.0796 3848	SystemInfo:
2011/04/26 12:48:48.0796 3848	
2011/04/26 12:48:48.0796 3848	OS Version: 5.1.2600 ServicePack: 3.0
2011/04/26 12:48:48.0796 3848	Product type: Workstation
2011/04/26 12:48:48.0796 3848	ComputerName: NAME-4FA6E57B07
2011/04/26 12:48:48.0796 3848	UserName: Chico
2011/04/26 12:48:48.0796 3848	Windows directory: C:\WINDOWS
2011/04/26 12:48:48.0796 3848	System windows directory: C:\WINDOWS
2011/04/26 12:48:48.0796 3848	Processor architecture: Intel x86
2011/04/26 12:48:48.0796 3848	Number of processors: 2
2011/04/26 12:48:48.0796 3848	Page size: 0x1000
2011/04/26 12:48:48.0796 3848	Boot type: Normal boot
2011/04/26 12:48:48.0796 3848	================================================================================
2011/04/26 12:48:49.0265 3848	Initialize success
2011/04/26 12:48:57.0750 0444	================================================================================
2011/04/26 12:48:57.0750 0444	Scan started
2011/04/26 12:48:57.0750 0444	Mode: Manual; 
2011/04/26 12:48:57.0750 0444	================================================================================
2011/04/26 12:48:59.0046 0444	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/26 12:48:59.0078 0444	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/04/26 12:48:59.0156 0444	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/26 12:48:59.0218 0444	AegisP          (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/26 12:48:59.0250 0444	Afc             (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/04/26 12:48:59.0312 0444	AFD             (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/04/26 12:48:59.0484 0444	ApfiltrService  (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/04/26 12:48:59.0515 0444	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/26 12:48:59.0640 0444	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/26 12:48:59.0656 0444	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/26 12:48:59.0734 0444	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/04/26 12:48:59.0921 0444	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/26 12:48:59.0968 0444	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/26 12:49:00.0062 0444	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/04/26 12:49:00.0109 0444	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/04/26 12:49:00.0140 0444	avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/04/26 12:49:00.0203 0444	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/26 12:49:00.0265 0444	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/26 12:49:00.0312 0444	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/26 12:49:00.0500 0444	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/26 12:49:00.0546 0444	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/26 12:49:00.0578 0444	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/26 12:49:00.0640 0444	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/26 12:49:00.0687 0444	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/26 12:49:00.0828 0444	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/26 12:49:00.0906 0444	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/26 12:49:00.0968 0444	DMICall         (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/04/26 12:49:01.0078 0444	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/26 12:49:01.0140 0444	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/26 12:49:01.0281 0444	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/26 12:49:01.0359 0444	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/26 12:49:01.0390 0444	E100B           (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/26 12:49:01.0468 0444	e1express       (389cf2cded384be477c3b3f15747d495) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/04/26 12:49:01.0593 0444	eeCtrl          (08035db1987412cced1d4201263776ed) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/26 12:49:01.0656 0444	EraserUtilRebootDrv (d5ea4a605147eeaaaa09fef41f007eb0) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/04/26 12:49:01.0828 0444	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/26 12:49:01.0875 0444	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/26 12:49:01.0906 0444	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/26 12:49:01.0921 0444	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/26 12:49:01.0984 0444	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/26 12:49:02.0046 0444	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/26 12:49:02.0078 0444	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/26 12:49:02.0109 0444	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/26 12:49:02.0156 0444	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/26 12:49:02.0203 0444	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/26 12:49:02.0296 0444	HSFHWAZL        (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/04/26 12:49:02.0437 0444	HSF_DPV         (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/04/26 12:49:02.0531 0444	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/26 12:49:02.0640 0444	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/26 12:49:02.0750 0444	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/26 12:49:02.0828 0444	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/26 12:49:02.0859 0444	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/26 12:49:02.0921 0444	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/26 12:49:02.0953 0444	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/26 12:49:03.0015 0444	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/26 12:49:03.0046 0444	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/26 12:49:03.0093 0444	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/26 12:49:03.0125 0444	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/26 12:49:03.0187 0444	ithsgt          (b7a5fadf67136fda7e8f25303565b674) C:\WINDOWS\system32\DRIVERS\ithsgt.sys
2011/04/26 12:49:03.0234 0444	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/26 12:49:03.0343 0444	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/26 12:49:03.0375 0444	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/26 12:49:03.0406 0444	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/26 12:49:03.0484 0444	lilsgt          (16767ea492b5d140e1de3679a65eae74) C:\WINDOWS\system32\DRIVERS\lilsgt.sys
2011/04/26 12:49:03.0531 0444	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/04/26 12:49:03.0640 0444	MACNDIS5        (e949d673842858d458f7e6bcd46a2a5d) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
2011/04/26 12:49:03.0703 0444	mdmxsdk         (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/04/26 12:49:03.0937 0444	MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/04/26 12:49:04.0031 0444	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/26 12:49:04.0156 0444	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/26 12:49:04.0187 0444	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/26 12:49:04.0250 0444	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/26 12:49:04.0281 0444	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/26 12:49:04.0312 0444	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/04/26 12:49:04.0359 0444	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/26 12:49:04.0421 0444	MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/26 12:49:04.0515 0444	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/26 12:49:04.0562 0444	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/26 12:49:04.0687 0444	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/26 12:49:04.0718 0444	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/26 12:49:04.0765 0444	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/26 12:49:04.0812 0444	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/26 12:49:04.0843 0444	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/26 12:49:04.0890 0444	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/26 12:49:04.0921 0444	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/26 12:49:04.0968 0444	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/26 12:49:05.0000 0444	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/26 12:49:05.0031 0444	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/26 12:49:05.0062 0444	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/26 12:49:05.0125 0444	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/26 12:49:05.0156 0444	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/26 12:49:05.0265 0444	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/26 12:49:05.0328 0444	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/26 12:49:05.0390 0444	nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/04/26 12:49:05.0421 0444	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/26 12:49:05.0484 0444	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/26 12:49:05.0562 0444	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/26 12:49:05.0750 0444	nv              (57e81d1fde97bb98f7373bce2f4ffb21) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/26 12:49:06.0109 0444	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/26 12:49:06.0156 0444	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/26 12:49:06.0203 0444	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/26 12:49:06.0281 0444	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2011/04/26 12:49:06.0296 0444	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/26 12:49:06.0343 0444	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/26 12:49:06.0437 0444	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/26 12:49:06.0531 0444	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/26 12:49:06.0593 0444	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/04/26 12:49:06.0796 0444	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/26 12:49:06.0828 0444	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/26 12:49:06.0875 0444	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/26 12:49:06.0921 0444	PTV337          (02ad3fc36606771a38d78358c3d1ed01) C:\WINDOWS\system32\DRIVERS\PTV337.SYS
2011/04/26 12:49:07.0062 0444	PxHelp20        (f91d5cbfc43e61d80c347b2ea1ecc9e7) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/26 12:49:07.0218 0444	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/26 12:49:07.0281 0444	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/26 12:49:07.0296 0444	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/26 12:49:07.0328 0444	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/26 12:49:07.0359 0444	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/26 12:49:07.0437 0444	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/26 12:49:07.0484 0444	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/26 12:49:07.0578 0444	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/26 12:49:07.0625 0444	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/26 12:49:07.0718 0444	s24trans        (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/04/26 12:49:07.0859 0444	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/26 12:49:07.0984 0444	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2011/04/26 12:49:08.0046 0444	sfdrv01         (4354d1eea9b4b6e29d53151acde7980f) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/04/26 12:49:08.0109 0444	sfhlp02         (3ad2b15ccc03febfbaf5ff057822aa75) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/04/26 12:49:08.0140 0444	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/26 12:49:08.0171 0444	sfsync02        (d14d5c9c11998da690fa75460f4f1cf3) C:\WINDOWS\system32\drivers\sfsync02.sys
2011/04/26 12:49:08.0203 0444	SI3132          (716a724a447c559f122ea140d636fa48) C:\WINDOWS\system32\DRIVERS\SI3132.sys
2011/04/26 12:49:08.0234 0444	SiFilter        (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
2011/04/26 12:49:08.0265 0444	SiRemFil        (62fd549acf2943f89612a8777295fa57) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
2011/04/26 12:49:08.0296 0444	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/26 12:49:08.0359 0444	SNC             (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
2011/04/26 12:49:08.0421 0444	SonyImgF        (fb77021110eaa16ea6e0961c844ef0d2) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
2011/04/26 12:49:08.0468 0444	SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/04/26 12:49:08.0703 0444	SPBBCDrv        (66554c1e84176d12797d141c45da2004) C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/04/26 12:49:08.0781 0444	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/26 12:49:08.0828 0444	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/26 12:49:08.0937 0444	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/26 12:49:09.0062 0444	SSHDRV86        (b9e31f2a3640403b0ea3a867bb73b9f4) C:\WINDOWS\system32\drivers\SSHDRV86.sys
2011/04/26 12:49:09.0125 0444	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/04/26 12:49:09.0218 0444	STHDA           (c80ec509026f6cc88486742083386ff6) C:\WINDOWS\system32\drivers\sthda.sys
2011/04/26 12:49:09.0328 0444	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/26 12:49:09.0343 0444	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/26 12:49:09.0375 0444	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/26 12:49:09.0500 0444	SYMDNS          (61a932f6e04c1d125659ec5f9a158cc1) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2011/04/26 12:49:09.0640 0444	SymEvent        (9e4188476848b2ef86f9c44d5164e724) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/04/26 12:49:09.0656 0444	SYMFW           (033a6a91aa4162540c1e39a0d5c563c8) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2011/04/26 12:49:09.0687 0444	SYMIDS          (071f8c6c95d8b632e73dcdbf865d8e46) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2011/04/26 12:49:09.0812 0444	SYMIDSCO        (2133d1f879b280121b0e6a7d34b24a02) C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20110312.001\symidsco.sys
2011/04/26 12:49:09.0890 0444	symlcbrd        (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/04/26 12:49:09.0921 0444	SYMNDIS         (a6bbadd2472ffc5b6ce3198e13ee0e74) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2011/04/26 12:49:09.0984 0444	SYMREDRV        (df5514802a2e0a478e29be2e33360807) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/04/26 12:49:10.0203 0444	SYMTDI          (9da226bc68389fbd6ec0e01286e7639c) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/04/26 12:49:10.0296 0444	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/26 12:49:10.0359 0444	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/26 12:49:10.0421 0444	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/26 12:49:10.0453 0444	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/26 12:49:10.0484 0444	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/26 12:49:10.0546 0444	ti21sony        (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
2011/04/26 12:49:10.0609 0444	toshidpt        (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
2011/04/26 12:49:10.0750 0444	tosporte        (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/04/26 12:49:10.0796 0444	Tosrfbd         (294675c8e4316302efe14b1a1219d942) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2011/04/26 12:49:10.0828 0444	Tosrfbnp        (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/04/26 12:49:10.0859 0444	Tosrfcom        (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/04/26 12:49:10.0906 0444	Tosrfhid        (31b0145c289d2b3e3e9948345caa7b6f) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/04/26 12:49:10.0937 0444	tosrfnds        (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/04/26 12:49:10.0968 0444	TosRfSnd        (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys
2011/04/26 12:49:11.0031 0444	Tosrfusb        (7414a6461bc83a22b0ae009ace3e375b) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2011/04/26 12:49:11.0093 0444	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/26 12:49:11.0156 0444	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/26 12:49:11.0218 0444	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/26 12:49:11.0328 0444	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/26 12:49:11.0390 0444	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/26 12:49:11.0421 0444	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/26 12:49:11.0453 0444	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/26 12:49:11.0484 0444	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/26 12:49:11.0546 0444	usbvm321        (c7f4158ea3915f4194aee233ff8d4728) C:\WINDOWS\system32\Drivers\usbvm321.sys
2011/04/26 12:49:11.0625 0444	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/26 12:49:11.0687 0444	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/26 12:49:11.0812 0444	w39n51          (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/04/26 12:49:12.0093 0444	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/26 12:49:12.0140 0444	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/26 12:49:12.0234 0444	winachsf        (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/04/26 12:49:12.0453 0444	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/04/26 12:49:12.0515 0444	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/26 12:49:12.0562 0444	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/26 12:49:12.0609 0444	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/26 12:49:12.0875 0444	================================================================================
2011/04/26 12:49:12.0875 0444	Scan finished
2011/04/26 12:49:12.0875 0444	================================================================================
         
hier der log vom anschließenden malwarebytes-scan:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6447

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

26.04.2011 15:09:58
mbam-log-2011-04-26 (15-09-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 266052
Laufzeit: 1 Stunde(n), 1 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Alt 26.04.2011, 14:39   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Standard

TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.04.2011, 15:22   #10
john_woo
 
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Standard

TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!



hier der combofix-log:

Code:
ATTFilter
ComboFix 11-04-25.03 - Chico 26.04.2011  16:05:01.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1022.600 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Chico\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {8557EDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {85586B8C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {855BA054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {856C4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {859ADDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {85ADCB64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {853A4914-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8598A054-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8598D49C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85992DDC-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {859A0054-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {859A4DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85A98DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85AA1DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85AB3B64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85AB8704-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85ABA6EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85ABE704-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85AC549C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85ACC93C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84EB5234-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8506580C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8508D054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8508FB8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {850BEB8C-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85103054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851316EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85158464-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851A0704-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851A6054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851AD93C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851B070C-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851C4B8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D0DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D16EC-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D2DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D493C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D56BC-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D5B44-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851DC054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851DEA0C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851E6B64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851E86C4-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851E8B9C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851EBB64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851FB93C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851FEB94-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85215B8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8522E054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8522F054-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8523093C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85230B64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {852336C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85235054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85237DDC-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8523B6EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8523E6EC-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85240DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85245DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85261DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8530193C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85302474-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85307B8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8530CDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8530D6EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8531198C-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8531493C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853176FC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8531E944-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8532C6EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85339474-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8533A054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8533D054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8533F054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8533F49C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85345B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85352054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8535393C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8535A6C4-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85363054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85365054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8536C974-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8536CDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85373054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85374054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8537493C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85374B94-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8537BB64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8538393C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8538794C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85387B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8538B91C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8538FB8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8538FDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85390054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85394B8C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85394B94-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853957A4-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853A5DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853B0B8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853B5914-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853B7054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853C1DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853C5054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853CC924-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853D2B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853F36F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8540A6EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8540E6EC-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85412674-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85416714-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854229C4-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85423B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85424DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8542B93C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8542D93C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85430DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85433DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8543593C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85436DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85437DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8543ABBC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8543D6EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8543E6EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85440B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85441624-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85442474-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85442DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85448474-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854486EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85449DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8544EB8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85452DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85454B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85459B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8546193C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85463B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85465054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85466054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8546A49C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8546E93C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8546F61C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85470054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854706EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854736EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854746EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8547493C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85475B64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85479DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8547A47C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8547DDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85480DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85481914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85482054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85482B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85484054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85485B94-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85486054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85489054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8548949C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85489B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8548BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8548D054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8548EB8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8548FD14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85490054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8549049C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85492054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85497BB4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85498054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85498DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8549993C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8549ADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8549F49C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854A5054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854A549C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854AC4DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854ACDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854AFDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854B2DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854B4DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854B66C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854B9B8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854BB6BC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854BE49C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854C0054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854C0DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854C16EC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854C18EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854C4B8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854C6054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854C86EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854CF9BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854D06EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854D0954-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854D56EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854D6C0C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854D849C-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854D8B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854E26FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854E3B8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854E4914-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854E7054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854E7A1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854E9054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854ECB8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854ECDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854ED054-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854EE94C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854EFB8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854EFDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F0704-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F27A4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F3DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F4B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F591C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F5DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F6B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F795C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85506B94-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85509914-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8550ADDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8550C974-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8550EB64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85515DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8551693C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85517B64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85519A24-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8551AB8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8553093C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85534DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8553C5F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8553D6FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85547B5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85547B8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8554A93C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8554B6DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8554EB64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8554F694-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85551DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8555293C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85553B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85558B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85559DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85561054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85561DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85567DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85568B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85569054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855706EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85575054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8557764C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8557BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8557F6C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8557F7D4-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855806EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558093C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558093C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855829EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85583B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85583DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85584DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855858EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85585DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855876EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558990C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85589B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558ADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558C5AC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558C6EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558C97C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558D93C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558DB8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558E92C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558EDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558FDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85590B8C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855936F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85596054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855964BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8559693C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8559793C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85599914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85599DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8559BB8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8559CDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8559D054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8559FB8C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855A0DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855A293C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855A449C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855A96CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855AA93C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855ACDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855ACDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855AD054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855AD914-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855AF054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B06EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B0B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B2054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B398C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B3B94-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B5054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B5B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B66EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B6B8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B76EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B9B8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855BAB64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855BADDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855BEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855BF944-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855C0AA4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855C1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855C249C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855C270C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855C649C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855C66C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CA6DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CA6EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CA93C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CB49C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CD6EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CF93C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CFB5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855D1B94-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855D65E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855D6914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855D7DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855DC6BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855DC914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855DDBAC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855DDDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855DEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E793C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E8DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855EADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855EF054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F0DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F1B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F38EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F3DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F66C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F993C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855FB95C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855FC054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855FEA6C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85602DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856069C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85609DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8560BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85614884-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85615DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8561668C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85621DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85625B8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8562A704-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856366EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8563A054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8563E6EC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85646054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85647054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85649B8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8565669C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85662DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856696C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85669914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8566B054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85671BBC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85695BAC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8569E054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856A8DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856C649C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8570693C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8575F6EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8580449C-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8581A054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85830DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {858566EC-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8593F054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8595A054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8595C944-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8596F054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8597893C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8597AB8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8597F054-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85981B64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85993B64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {859A06EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85A2B054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85A336EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85A39B8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85A76054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85ABB914-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85AD3B94-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85B3DDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85B58054-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85B596EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85B65B8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85B7BB8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85B8EDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85B94054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85BABDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85CB4B8C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85CBD054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8601BB64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8650C95C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8651B054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8654AB9C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86556DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8659F054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865A1894-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865B195C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865B693C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865C293C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865C7914-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-0100-0D24-347CA8A3377C}
FW: Norton Internet Security 2006 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\z.xml
c:\dokumente und einstellungen\Chico\WINDOWS
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-26 bis 2011-04-26  ))))))))))))))))))))))))))))))
.
.
2011-04-26 13:52 . 2011-04-26 13:53	--------	d-----w-	c:\programme\CCleaner
2011-04-26 10:46 . 2011-04-26 10:46	--------	d-----w-	c:\dokumente und einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\Help
2011-04-25 21:55 . 2011-04-25 21:55	--------	d-----w-	c:\windows\Internet Logs
2011-04-25 21:41 . 2011-04-25 21:41	--------	d-----w-	C:\_OTL
2011-04-24 16:53 . 2011-04-24 16:53	--------	d-----w-	c:\dokumente und einstellungen\Chico\Anwendungsdaten\Malwarebytes
2011-04-24 16:53 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-24 16:53 . 2011-04-24 16:53	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-04-24 16:53 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-24 16:53 . 2011-04-24 16:53	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2011-04-24 14:06 . 2011-04-24 14:06	--------	d-----w-	c:\dokumente und einstellungen\Chico\Anwendungsdaten\CheckPoint
2011-04-24 14:05 . 2011-04-24 14:05	--------	d-----w-	c:\programme\CheckPoint
2011-04-24 14:05 . 2010-06-28 11:00	46592	----a-w-	c:\windows\system32\vsutil_loc0407.dll
2011-04-12 15:53 . 2011-04-12 15:53	--------	d-----w-	c:\windows\system32\XPSViewer
2011-04-12 15:52 . 2011-04-12 15:52	--------	d-----w-	c:\programme\MSBuild
2011-04-12 15:52 . 2011-04-12 15:52	--------	d-----w-	c:\programme\Reference Assemblies
2011-04-12 15:52 . 2008-07-06 12:06	89088	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-04-12 15:51 . 2008-07-06 12:06	89088	-c----w-	c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-04-12 15:51 . 2008-07-06 12:06	575488	-c----w-	c:\windows\system32\dllcache\xpsshhdr.dll
2011-04-12 15:51 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\xpsshhdr.dll
2011-04-12 15:51 . 2008-07-06 12:06	117760	------w-	c:\windows\system32\prntvpt.dll
2011-04-12 15:51 . 2008-07-06 10:50	597504	-c----w-	c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-04-12 15:51 . 2008-07-06 10:50	597504	------w-	c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-04-12 15:51 . 2008-07-06 12:06	1676288	-c----w-	c:\windows\system32\dllcache\xpssvcs.dll
2011-04-12 15:51 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\xpssvcs.dll
2011-04-11 13:03 . 2011-04-11 13:03	--------	d-----w-	c:\dokumente und einstellungen\Chico\Anwendungsdaten\Greenshot
2011-04-11 13:03 . 2011-04-11 13:03	--------	d-----w-	c:\programme\Greenshot
2011-04-11 12:54 . 2011-04-11 12:54	--------	d-----w-	c:\dokumente und einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
2011-04-11 12:54 . 2011-04-11 12:54	--------	d-----w-	c:\programme\Conduit
2011-04-11 12:54 . 2011-04-25 22:19	--------	d-----w-	c:\dokumente und einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\Winload
2011-04-11 12:54 . 2011-04-11 12:57	--------	d-----w-	c:\programme\Winload
2011-04-01 18:21 . 2011-04-13 17:36	--------	d-----w-	c:\programme\EA SPORTS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 14:50 . 2009-11-05 19:19	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-07 05:33 . 2006-03-16 14:03	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-04 06:44 . 2006-03-16 05:47	434176	----a-w-	c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-16 05:47	1858048	----a-w-	c:\windows\system32\win32k.sys
2011-02-17 18:56 . 2006-03-16 05:47	832512	----a-w-	c:\windows\system32\wininet.dll
2011-02-17 18:56 . 2006-03-16 05:47	1830912	----a-w-	c:\windows\system32\inetcpl.cpl
2011-02-17 18:56 . 2006-03-16 05:47	78336	----a-w-	c:\windows\system32\ieencode.dll
2011-02-17 18:56 . 2006-03-16 05:46	17408	----a-w-	c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2006-03-16 05:47	455936	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-03-16 05:47	357888	----a-w-	c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2006-03-16 05:47	389120	----a-w-	c:\windows\system32\html.iec
2011-02-15 12:56 . 2006-03-16 05:46	290432	----a-w-	c:\windows\system32\atmfd.dll
2011-02-08 13:33 . 2006-03-16 05:47	978944	----a-w-	c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-03-16 05:47	974848	----a-w-	c:\windows\system32\mfc42u.dll
2011-02-04 16:48 . 2006-03-16 05:47	456192	----a-w-	c:\windows\system32\encdec.dll
2011-02-04 16:48 . 2006-03-16 05:47	291840	----a-w-	c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2006-03-16 14:00	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2006-03-16 14:00	677888	----a-w-	c:\windows\system32\mstsc.exe
2008-08-29 18:17 . 2008-08-29 18:17	25842760	----a-w-	c:\programme\wmp11-windowsxp-x86-DE-DE.exe
2008-08-28 18:31 . 2008-08-28 18:31	9960408	----a-w-	c:\programme\Videoload_Manager_Setup_1.0.1514.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\programme\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\programme\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45	2355224	----a-w-	c:\programme\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54	175912	----a-w-	c:\programme\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22	1172792	----a-w-	c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\programme\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\programme\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\programme\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-04 68856]
"Greenshot"="c:\programme\Greenshot\Greenshot.exe" [2010-07-12 548864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-06 7557120]
"Apoint"="c:\programme\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"VAIOCameraUtility"="c:\programme\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"SonyPowerCfg"="c:\programme\Sony\VAIO Power Management\SPMgr.exe" [2005-12-13 217088]
"ISBMgr.exe"="c:\programme\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\programme\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"ccApp"="c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-02-22 52840]
"URLLSTCK.exe"="c:\programme\Norton Internet Security\UrlLstCk.exe" [2007-02-01 23168]
"Acrobat Assistant 7.0"="c:\programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-03 169472]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SweetIM"="c:\programme\SweetIM\Messenger\SweetIM.exe" [2008-10-08 111928]
"VAIO Update 4"="c:\programme\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-11-11 417792]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42	73728	----a-w-	c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\update.exe"=
"c:\\Programme\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Programme\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programme\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Programme\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\Programme\\Malwarebytes' Anti-Malware\\mbam.dll"=
"c:\\Programme\\Malwarebytes' Anti-Malware\\mbamservice.exe"=
"c:\\Programme\\Malwarebytes' Anti-Malware\\mbamext.dll"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Malwarebytes\\Malwarebytes' Anti-Malware\\rules.ref"=
"c:\\WINDOWS\\system32\\drivers\\mbam.sys"=
"c:\\WINDOWS\\system32\\drivers\\mbamswissarmy.sys"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [04.01.2008 22:09 81408]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [05.11.2009 21:19 135336]
R2 ContentMgrService;Content Management Service;c:\programme\Videoload Manager\ContentManager.exe [12.03.2008 18:26 508928]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [16.08.2008 19:27 61440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [01.12.2006 15:29 102712]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [16.03.2006 07:48 226304]
S3 DMSKSSRh;DMSKSSRh;\??\c:\dokume~1\Chico\LOKALE~1\Temp\DMSKSSRh.sys --> c:\dokume~1\Chico\LOKALE~1\Temp\DMSKSSRh.sys [?]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [16.08.2008 19:27 17280]
S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 22:37 4640000]
S3 PTV337;Mini DigitalTV USB;c:\windows\system32\drivers\PTV337.SYS [30.10.2006 13:26 184064]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [16.03.2006 07:48 29184]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv	REG_MULTI_SZ   	Tapisrv
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: &Google-Suche - c:\programme\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Ins Deutsche übersetzen - c:\programme\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Im Cache gespeicherte Seite - c:\programme\Google\GoogleToolbar1.dll/cmcache.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Verweisseiten - c:\programme\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Ähnliche Seiten - c:\programme\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Übertragen mit Image Converter 2 Plus - c:\programme\Sony\Image Converter 2\menu.htm
Trusted Zone: bk-giulini.com\owa
Trusted Zone: bk-giulini.com\www.owa
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
FF - ProfilePath - c:\dokumente und einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Mein Gutscheincode Finder: finder@meingutscheincode.de - %profile%\extensions\finder@meingutscheincode.de
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ISUSPM Startup - c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe
Notify-WgaLogon - (no file)
AddRemove-conduitEngine - c:\programme\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-Zuma Deluxe_is1 - c:\programme\Zuma Deluxe\ReflexiveArcade\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-26 16:10
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1618721415-3483923378-2945908914-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1618721415-3483923378-2945908914-1008\Software\SecuROM\License information*]
"datasecu"=hex:31,48,b7,53,6d,10,39,af,af,21,e1,9a,a4,b5,13,3e,a7,a4,61,14,b3,
   b1,1f,33,da,cc,ef,69,8e,07,eb,b5,25,64,05,f1,80,8c,d3,67,ae,e4,90,c1,ec,2b,\
"rkeysecu"=hex:85,7d,1f,0a,83,58,4b,8a,36,e7,ec,05,ed,87,f2,79
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\VESWinlogon.dll
.
Zeit der Fertigstellung: 2011-04-26  16:13:29
ComboFix-quarantined-files.txt  2011-04-26 14:13
.
Vor Suchlauf: 7.391.621.120 Bytes frei
Nach Suchlauf: 7.430.877.184 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E6A1CE1F8284F519F51EB748514E428D
         

Alt 26.04.2011, 17:30   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Standard

TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.04.2011, 19:30   #12
john_woo
 
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Standard

TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!



hier der GMER-log:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-26 20:06:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e HTS541010G9SA00 rev.MBZOC65D
Running: m58jm2f3.exe; Driver: C:\DOKUME~1\Chico\LOKALE~1\Temp\ufddqaow.sys


---- System - GMER 1.0.15 ----

SSDT            86DC6748                                         ZwAlertResumeThread
SSDT            87080690                                         ZwAlertThread
SSDT            86E64218                                         ZwAllocateVirtualMemory
SSDT            86EA81E0                                         ZwConnectPort
SSDT            F7BA41CE                                         ZwCreateKey
SSDT            86DF87C8                                         ZwCreateMutant
SSDT            F7BA41C4                                         ZwCreateThread
SSDT            F7BA41D3                                         ZwDeleteKey
SSDT            F7BA41DD                                         ZwDeleteValueKey
SSDT            86DD3868                                         ZwFreeVirtualMemory
SSDT            86E3C228                                         ZwImpersonateAnonymousToken
SSDT            86C24180                                         ZwImpersonateThread
SSDT            F7BA41E2                                         ZwLoadKey
SSDT            86E041A8                                         ZwMapViewOfSection
SSDT            87084DF0                                         ZwOpenEvent
SSDT            F7BA41B0                                         ZwOpenProcess
SSDT            86E78520                                         ZwOpenProcessToken
SSDT            F7BA41B5                                         ZwOpenThread
SSDT            86E11CB8                                         ZwOpenThreadToken
SSDT            F7BA41EC                                         ZwReplaceKey
SSDT            F7BA41E7                                         ZwRestoreKey
SSDT            86FAA1D0                                         ZwResumeThread
SSDT            86E72208                                         ZwSetContextThread
SSDT            863F5840                                         ZwSetInformationProcess
SSDT            86E1AE78                                         ZwSetInformationThread
SSDT            F7BA41D8                                         ZwSetValueKey
SSDT            87087208                                         ZwSuspendProcess
SSDT            8707E280                                         ZwSuspendThread
SSDT            86EF30C8                                         ZwTerminateProcess
SSDT            8707F4A0                                         ZwTerminateThread
SSDT            86DDF430                                         ZwUnmapViewOfSection
SSDT            86FE9B70                                         ZwWriteVirtualMemory

Code            \??\C:\DOKUME~1\Chico\LOKALE~1\Temp\catchme.sys  pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys         section is writeable [0xF61A0360, 0x21E0FD, 0xE8000020]
.text           C:\WINDOWS\system32\drivers\SSHDRV86.sys         section is writeable [0xF3AEE000, 0x26354, 0xE8000020]
.pklstb         C:\WINDOWS\system32\drivers\SSHDRV86.sys         entry point in ".pklstb" section [0xF3B23000]
.relo2          C:\WINDOWS\system32\drivers\SSHDRV86.sys         unknown last section [0xF3B3A000, 0x8E, 0x42000040]
.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys           section is writeable [0xB95D3300, 0x3B6D8, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\ithsgt.sys           section is writeable [0xB9542300, 0x21770, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys           section is writeable [0xF3498300, 0x1BEE, 0xE8000020]
?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS       Das System kann die angegebene Datei nicht finden. !
?               C:\DOKUME~1\Chico\LOKALE~1\Temp\catchme.sys      Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                           SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                         SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                        SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\ti21sony \Device\000000a2                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort0               sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3      sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1               sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort2               sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e      sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice  \Driver\Tcpip \Device\Udp                        SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                      SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\ti21sony \Device\TIFMxx21DE-0            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice  \FileSystem\Fastfat \Fat                         SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                         fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
OSAM-log:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:20:05 on 26.04.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"PhysX.cpl" - ? - C:\WINDOWS\system32\PhysX.cpl
"stac97.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\stac97.cpl
"VCCenter.cpl" - "Sony Corporation" - C:\WINDOWS\system32\VCCenter.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~2\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.4.9.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth Audio Device (WDM) from TOSHIBA" (TosRfSnd) - "TOSHIBA Corporation" - C:\WINDOWS\System32\drivers\TosRfSnd.sys
"Bluetooth Personal Area Network from TOSHIBA" (tosrfnds) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\tosrfnds.sys
"Bluetooth Port Driver from Toshiba" (tosporte) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tosporte.sys
"Bluetooth RFBNEP from TOSHIBA" (Tosrfbnp) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfbnp.sys
"Bluetooth RFBUS from TOSHIBA" (Tosrfbd) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfbd.sys
"Bluetooth RFCOMM from TOSHIBA" (Tosrfcom) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfcom.sys
"Bluetooth RFHID from TOSHIBA" (Tosrfhid) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys
"Bluetooth USB Controller" (Tosrfusb) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfusb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Chico\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DMSKSSRh" (DMSKSSRh) - ? - C:\DOKUME~1\Chico\LOKALE~1\Temp\DMSKSSRh.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"ithsgt" (ithsgt) - ? - C:\WINDOWS\System32\DRIVERS\ithsgt.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lilsgt" (lilsgt) - ? - C:\WINDOWS\System32\DRIVERS\lilsgt.sys  (File found, but it contains no detailed information)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"mbr" (mbr) - ? - C:\cofi\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys
"Mini DigitalTV USB" (PTV337) - ? - C:\WINDOWS\System32\DRIVERS\PTV337.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Sony Image Conversion Filter Driver" (SonyImgF) - "Sony Corporation" - C:\WINDOWS\System32\DRIVERS\SonyImgF.sys
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
"SSHDRV86" (SSHDRV86) - ? - C:\WINDOWS\system32\drivers\SSHDRV86.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"SYMDNS" (SYMDNS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMDNS.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
"SYMFW" (SYMFW) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMFW.SYS
"SYMIDS" (SYMIDS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMIDS.SYS
"SYMIDSCO" (SYMIDSCO) - "Symantec Corporation" - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20110312.001\symidsco.sys
"symlcbrd" (symlcbrd) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\symlcbrd.sys
"SYMNDIS" (SYMNDIS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
"SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
"SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMTDI.SYS
"TOSHIBA Bluetooth HID port driver" (toshidpt) - "TOSHIBA Corporation." - C:\WINDOWS\System32\drivers\Toshidpt.sys
"ufddqaow" (ufddqaow) - ? - C:\DOKUME~1\Chico\LOKALE~1\Temp\ufddqaow.sys  (Hidden registry entry, rootkit activity | File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\VISSHE.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\Lib\XEB\XEBShell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{C6643EC0-49AC-4c15-A455-04104DB900A9} "Image Converter context menu" - " " - C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\VISSHE.DLL
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONFILTER.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMPanel.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Norton Internet Security 2006" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
<binary data> "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / hxxp://as01.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Programme\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} "Norton Internet Security 2006" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - ? - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll  (File not found)
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} "CNisExtBho Class" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{19C8E43B-07B3-49CB-BFFC-6777B593E6F8} "Download Manager Browser Helper Object" - "Protect Software GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Chico\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Greenshot" - ? - C:\Programme\Greenshot\Greenshot.exe
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 7.0" - "Adobe Systems Inc." - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"ccApp" - "Symantec Corporation" - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
"Google Desktop Search" - ? - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup  (File found, but it contains no detailed information)
"ISBMgr.exe" - "Sony Corporation" - C:\Programme\Sony\ISB Utility\ISBMgr.exe
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SonyPowerCfg" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMgr.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe
"Switcher.exe" - "Sony Corporation" - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
"URLLSTCK.exe" - "Symantec Corporation" - C:\Programme\Norton Internet Security\UrlLstCk.exe
"VAIO Update 4" - "Sony Corporation" - "C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe"  /Stationary
"VAIOCameraUtility" - "Sony Corporation" - "C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Active File Monitor V4" (AdobeActiveFileMonitor4.0) - ? - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"COM Host" (comHost) - "Symantec Corporation" - C:\Programme\Norton Internet Security\comHost.exe
"Content Management Service" (ContentMgrService) - "ACE GmbH" - C:\Programme\Videoload Manager\ContentManager.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Image Converter video recording monitor for VAIO Entertainment" (Image Converter video recording monitor for VAIO Entertainment) - "Sony Corporation" - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll
"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
"MSSQL$VAIO_VEDB" (MSSQL$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
"MSSQLServerADHelper" (MSSQLServerADHelper) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
"Norton Protection Center Service" (NSCService) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
"SonicStage SCSI Service" (SSScsiSV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
"SPBBCSvc" (SPBBCSvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
"SQLAgent$VAIO_VEDB" (SQLAgent$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE
"Symantec Core LC" (Symantec Core LC) - ? - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
"Symantec Internet Security Password Validation" (ccISPwdSvc) - "Symantec Corporation" - C:\Programme\Norton Internet Security\ccPwdSvc.exe
"Symantec Network Drivers Service" (SNDSrvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
"Symantec Network Proxy" (ccProxy) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
"VAIO Cooporated Initialisation" (VCI) - "Sony Corporation" - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
"VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
"VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
"VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
"VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
"VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
"VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
"VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
"VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"VESWinlogon" - "Sony Corporation" - C:\WINDOWS\system32\VESWinlogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
MBRCheck-log:
Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Professional
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x0000003c

Kernel Drivers (total 154):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E6000 \WINDOWS\system32\hal.dll
  0xF7A92000 \WINDOWS\system32\KDCOM.DLL
  0xF79A2000 \WINDOWS\system32\BOOTVID.dll
  0xF7462000 ACPI.sys
  0xF7A94000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF7451000 pci.sys
  0xF7592000 isapnp.sys
  0xF75A2000 ohci1394.sys
  0xF75B2000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF79A6000 compbatt.sys
  0xF79AA000 \WINDOWS\system32\DRIVERS\BATTC.SYS
  0xF7B5A000 pciide.sys
  0xF7812000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF7433000 pcmcia.sys
  0xF75C2000 MountMgr.sys
  0xF7414000 ftdisk.sys
  0xF79AE000 ACPIEC.sys
  0xF7B5B000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
  0xF781A000 PartMgr.sys
  0xF7822000 sfsync02.sys
  0xF75D2000 VolSnap.sys
  0xF73FC000 atapi.sys
  0xF73EB000 SI3132.sys
  0xF73D3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
  0xF75E2000 disk.sys
  0xF75F2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF73B3000 fltmgr.sys
  0xF73A1000 sr.sys
  0xF782A000 PxHelp20.sys
  0xF79B2000 SiWinAcc.sys
  0xF738A000 KSecDD.sys
  0xF7377000 WudfPf.sys
  0xF72EA000 Ntfs.sys
  0xF72BD000 NDIS.sys
  0xF7A96000 SiRemFil.sys
  0xF7832000 sfhlp02.sys
  0xF7602000 sfdrv01.sys
  0xF72A3000 Mup.sys
  0xF7632000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xF7A72000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0xF61A0000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xF618C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF6164000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF6007000 \SystemRoot\system32\DRIVERS\w39n51.sys
  0xF7932000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xF5FE3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF793A000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF5FA6000 \SystemRoot\system32\drivers\ti21sony.sys
  0xF5F7E000 \SystemRoot\system32\DRIVERS\e100b325.sys
  0xF7942000 \SystemRoot\System32\Drivers\SonyNC.sys
  0xF7642000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF794A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF5F64000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0xF7952000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF7652000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF795A000 \SystemRoot\system32\drivers\Afc.sys
  0xF7662000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF7672000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF5F41000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF7682000 \SystemRoot\System32\Drivers\tosrfcom.sys
  0xF7CA8000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF7692000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF7A8E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF5F2A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF76A2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF76B2000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF7962000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF5F19000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF76C2000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF796A000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF7972000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF5EE9000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xF76D2000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF7ABA000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF5E63000 \SystemRoot\system32\DRIVERS\update.sys
  0xF7267000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF76E2000 \SystemRoot\system32\DRIVERS\tosporte.sys
  0xF76F2000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF3D36000 \SystemRoot\system32\drivers\sthda.sys
  0xF3D12000 \SystemRoot\system32\drivers\portcls.sys
  0xF7702000 \SystemRoot\system32\drivers\drmk.sys
  0xF3CE0000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
  0xF3BEC000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
  0xF3B3B000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
  0xF7982000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF7712000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF7AC0000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF3AED000 \??\C:\WINDOWS\system32\drivers\SSHDRV86.sys
  0xF7A3E000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF7732000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF786A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF7AD4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7C78000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7AD6000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF7872000 \SystemRoot\System32\drivers\vga.sys
  0xF7AD8000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7ADA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF787A000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7882000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF7A4E000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xF3ABA000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xF3A61000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xF3A3B000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF3A02000 \SystemRoot\System32\Drivers\SYMTDI.SYS
  0xF39B5000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
  0xF7742000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF398D000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xF396B000 \SystemRoot\System32\drivers\afd.sys
  0xF7752000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF788A000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xF3909000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
  0xF7A62000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xF38DE000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF386E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF7762000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF376C000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
  0xF374F000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
  0xF7BA3000 \SystemRoot\system32\DRIVERS\DMICall.sys
  0xF3729000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xF7AE0000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xF77D2000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xF36E9000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF7AF4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF651E000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF78CA000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7C03000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBF3DA000 \SystemRoot\System32\ATMFD.DLL
  0xBA4D3000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xF3570000 \SystemRoot\system32\DRIVERS\AegisP.sys
  0xBA4A7000 \SystemRoot\system32\DRIVERS\s24trans.sys
  0xBA483000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB9706000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xB95D3000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xB956A000 \SystemRoot\System32\Drivers\HTTP.sys
  0xB9542000 \SystemRoot\system32\DRIVERS\ithsgt.sys
  0xB962E000 \SystemRoot\system32\DRIVERS\lilsgt.sys
  0xF3498000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xB9626000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xB93FA000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB9686000 \SystemRoot\system32\DRIVERS\secdrv.sys
  0xF3488000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
  0xB90C5000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB934A000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB86FA000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
  0xF7B1A000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
  0xF78C2000 \??\C:\DOKUME~1\Chico\LOKALE~1\Temp\catchme.sys
  0xB5183000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xB473B000 \??\C:\DOKUME~1\Chico\LOKALE~1\Temp\ufddqaow.sys
  0xB3EE3000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 58):
       0 System Idle Process
       4 System
     832 C:\WINDOWS\system32\smss.exe
     896 csrss.exe
     920 C:\WINDOWS\system32\winlogon.exe
     964 C:\WINDOWS\system32\services.exe
     976 C:\WINDOWS\system32\lsass.exe
    1160 C:\WINDOWS\system32\svchost.exe
    1228 svchost.exe
    1268 C:\WINDOWS\system32\svchost.exe
    1308 C:\WINDOWS\system32\svchost.exe
    1360 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    1392 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    1528 svchost.exe
    1584 svchost.exe
    1856 C:\Programme\Gemeinsame Dateien\Symantec Shared\CCSETMGR.EXE
    1940 C:\Programme\Gemeinsame Dateien\Symantec Shared\CCEVTMGR.EXE
     196 C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPROXY.EXE
     244 C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
     296 C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
     660 C:\WINDOWS\system32\spoolsv.exe
     712 C:\Programme\Avira\AntiVir Desktop\sched.exe
     740 svchost.exe
     880 C:\Programme\Avira\AntiVir Desktop\avguard.exe
    1100 C:\Programme\Videoload Manager\ContentManager.exe
    1188 C:\WINDOWS\ehome\ehSched.exe
    1436 C:\Programme\Java\jre6\bin\jqs.exe
    1544 C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    1704 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    1752 C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
    1768 C:\WINDOWS\system32\nvsvc32.exe
    1788 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    1884 svchost.exe
    1912 C:\WINDOWS\system32\svchost.exe
    2032 C:\Programme\Sony\VAIO Event Service\VESMgr.exe
    2128 C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    2220 mcrdsvc.exe
    2496 C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    2564 C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    2968 alg.exe
    3608 C:\Programme\Apoint\Apoint.exe
    3632 C:\WINDOWS\ehome\ehtray.exe
    3640 C:\WINDOWS\system32\svchost.exe
    3648 C:\WINDOWS\system32\ico.exe
    3812 C:\Programme\Sony\VAIO Power Management\SPMgr.exe
    3856 C:\Programme\Sony\ISB Utility\ISBMgr.exe
    3908 C:\Programme\Gemeinsame Dateien\Symantec Shared\CCAPP.EXE
    3944 C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
     136 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
     200 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
     580 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
    1184 C:\WINDOWS\system32\ctfmon.exe
    1816 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1848 C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
    2908 C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
    3696 C:\WINDOWS\explorer.exe
    2640 C:\Programme\Mozilla Firefox\firefox.exe
     432 C:\Dokumente und Einstellungen\Chico\Desktop\Virus-Bekämpfung\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`bf1f2000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`63719c00  (NTFS)

PhysicalDrive0 Model Number: HTS541010G9SA00, Rev: MBZOC65D

      Size  Device Name          MBR Status
  --------------------------------------------
     93 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
         

Alt 26.04.2011, 19:37   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Standard

TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!



Zitat:
"DMSKSSRh" (DMSKSSRh) - ? - C:\DOKUME~1\Chico\LOKALE~1\Temp\DMSKSSRh.sys (File not found)
Bitte mit OSAM deaktivieren und löschen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.04.2011, 20:09   #14
john_woo
 
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Standard

TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!



hier der log nach dem 1. reboot:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:55:26 on 26.04.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - ? - C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"PhysX.cpl" - ? - C:\WINDOWS\system32\PhysX.cpl
"stac97.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\stac97.cpl
"VCCenter.cpl" - "Sony Corporation" - C:\WINDOWS\system32\VCCenter.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~2\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.4.9.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth Audio Device (WDM) from TOSHIBA" (TosRfSnd) - "TOSHIBA Corporation" - C:\WINDOWS\System32\drivers\TosRfSnd.sys
"Bluetooth Personal Area Network from TOSHIBA" (tosrfnds) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\tosrfnds.sys
"Bluetooth Port Driver from Toshiba" (tosporte) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tosporte.sys
"Bluetooth RFBNEP from TOSHIBA" (Tosrfbnp) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfbnp.sys
"Bluetooth RFBUS from TOSHIBA" (Tosrfbd) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfbd.sys
"Bluetooth RFCOMM from TOSHIBA" (Tosrfcom) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfcom.sys
"Bluetooth RFHID from TOSHIBA" (Tosrfhid) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys
"Bluetooth USB Controller" (Tosrfusb) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfusb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Chico\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"ithsgt" (ithsgt) - ? - C:\WINDOWS\System32\DRIVERS\ithsgt.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lilsgt" (lilsgt) - ? - C:\WINDOWS\System32\DRIVERS\lilsgt.sys  (File found, but it contains no detailed information)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys
"Mini DigitalTV USB" (PTV337) - ? - C:\WINDOWS\System32\DRIVERS\PTV337.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Sony Image Conversion Filter Driver" (SonyImgF) - "Sony Corporation" - C:\WINDOWS\System32\DRIVERS\SonyImgF.sys
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
"SSHDRV86" (SSHDRV86) - ? - C:\WINDOWS\system32\drivers\SSHDRV86.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"SYMDNS" (SYMDNS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMDNS.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
"SYMFW" (SYMFW) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMFW.SYS
"SYMIDS" (SYMIDS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMIDS.SYS
"SYMIDSCO" (SYMIDSCO) - "Symantec Corporation" - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20110312.001\symidsco.sys
"symlcbrd" (symlcbrd) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\symlcbrd.sys
"SYMNDIS" (SYMNDIS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
"SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
"SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMTDI.SYS
"TOSHIBA Bluetooth HID port driver" (toshidpt) - "TOSHIBA Corporation." - C:\WINDOWS\System32\drivers\Toshidpt.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys
(Disabled) "DMSKSSRh" (DMSKSSRh) - ? - C:\DOKUME~1\Chico\LOKALE~1\Temp\DMSKSSRh.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\VISSHE.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\Lib\XEB\XEBShell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{C6643EC0-49AC-4c15-A455-04104DB900A9} "Image Converter context menu" - " " - C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\VISSHE.DLL
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONFILTER.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMPanel.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Norton Internet Security 2006" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
<binary data> "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / hxxp://as01.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Programme\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} "Norton Internet Security 2006" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - ? - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll  (File not found)
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} "CNisExtBho Class" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{19C8E43B-07B3-49CB-BFFC-6777B593E6F8} "Download Manager Browser Helper Object" - "Protect Software GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Chico\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Greenshot" - ? - C:\Programme\Greenshot\Greenshot.exe
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 7.0" - "Adobe Systems Inc." - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"ccApp" - "Symantec Corporation" - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
"Google Desktop Search" - ? - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup  (File found, but it contains no detailed information)
"ISBMgr.exe" - "Sony Corporation" - C:\Programme\Sony\ISB Utility\ISBMgr.exe
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SonyPowerCfg" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMgr.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe
"Switcher.exe" - "Sony Corporation" - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
"URLLSTCK.exe" - "Symantec Corporation" - C:\Programme\Norton Internet Security\UrlLstCk.exe
"VAIO Update 4" - "Sony Corporation" - "C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe"  /Stationary
"VAIOCameraUtility" - "Sony Corporation" - "C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Active File Monitor V4" (AdobeActiveFileMonitor4.0) - ? - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"COM Host" (comHost) - "Symantec Corporation" - C:\Programme\Norton Internet Security\comHost.exe
"Content Management Service" (ContentMgrService) - "ACE GmbH" - C:\Programme\Videoload Manager\ContentManager.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Image Converter video recording monitor for VAIO Entertainment" (Image Converter video recording monitor for VAIO Entertainment) - "Sony Corporation" - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll
"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
"MSSQL$VAIO_VEDB" (MSSQL$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
"MSSQLServerADHelper" (MSSQLServerADHelper) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
"Norton Protection Center Service" (NSCService) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
"SonicStage SCSI Service" (SSScsiSV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
"SPBBCSvc" (SPBBCSvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
"SQLAgent$VAIO_VEDB" (SQLAgent$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE
"Symantec Core LC" (Symantec Core LC) - ? - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
"Symantec Internet Security Password Validation" (ccISPwdSvc) - "Symantec Corporation" - C:\Programme\Norton Internet Security\ccPwdSvc.exe
"Symantec Network Drivers Service" (SNDSrvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
"Symantec Network Proxy" (ccProxy) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
"VAIO Cooporated Initialisation" (VCI) - "Sony Corporation" - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
"VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
"VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
"VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
"VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
"VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
"VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
"VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
"VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"VESWinlogon" - "Sony Corporation" - C:\WINDOWS\system32\VESWinlogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
hier nach dem 2. reboot:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:07:31 on 26.04.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - ? - C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"PhysX.cpl" - ? - C:\WINDOWS\system32\PhysX.cpl
"stac97.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\stac97.cpl
"VCCenter.cpl" - "Sony Corporation" - C:\WINDOWS\system32\VCCenter.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~2\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.4.9.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth Audio Device (WDM) from TOSHIBA" (TosRfSnd) - "TOSHIBA Corporation" - C:\WINDOWS\System32\drivers\TosRfSnd.sys
"Bluetooth Personal Area Network from TOSHIBA" (tosrfnds) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\tosrfnds.sys
"Bluetooth Port Driver from Toshiba" (tosporte) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tosporte.sys
"Bluetooth RFBNEP from TOSHIBA" (Tosrfbnp) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfbnp.sys
"Bluetooth RFBUS from TOSHIBA" (Tosrfbd) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfbd.sys
"Bluetooth RFCOMM from TOSHIBA" (Tosrfcom) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfcom.sys
"Bluetooth RFHID from TOSHIBA" (Tosrfhid) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys
"Bluetooth USB Controller" (Tosrfusb) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfusb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Chico\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"ithsgt" (ithsgt) - ? - C:\WINDOWS\System32\DRIVERS\ithsgt.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lilsgt" (lilsgt) - ? - C:\WINDOWS\System32\DRIVERS\lilsgt.sys  (File found, but it contains no detailed information)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys
"Mini DigitalTV USB" (PTV337) - ? - C:\WINDOWS\System32\DRIVERS\PTV337.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Sony Image Conversion Filter Driver" (SonyImgF) - "Sony Corporation" - C:\WINDOWS\System32\DRIVERS\SonyImgF.sys
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
"SSHDRV86" (SSHDRV86) - ? - C:\WINDOWS\system32\drivers\SSHDRV86.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"SYMDNS" (SYMDNS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMDNS.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
"SYMFW" (SYMFW) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMFW.SYS
"SYMIDS" (SYMIDS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMIDS.SYS
"SYMIDSCO" (SYMIDSCO) - "Symantec Corporation" - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20110312.001\symidsco.sys
"symlcbrd" (symlcbrd) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\symlcbrd.sys
"SYMNDIS" (SYMNDIS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
"SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
"SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMTDI.SYS
"TOSHIBA Bluetooth HID port driver" (toshidpt) - "TOSHIBA Corporation." - C:\WINDOWS\System32\drivers\Toshidpt.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\VISSHE.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\Lib\XEB\XEBShell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{C6643EC0-49AC-4c15-A455-04104DB900A9} "Image Converter context menu" - " " - C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\VISSHE.DLL
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONFILTER.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMPanel.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Norton Internet Security 2006" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
<binary data> "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / hxxp://as01.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Programme\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} "Norton Internet Security 2006" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - ? - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll  (File not found)
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} "CNisExtBho Class" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{19C8E43B-07B3-49CB-BFFC-6777B593E6F8} "Download Manager Browser Helper Object" - "Protect Software GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Chico\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 7.0" - "Adobe Systems Inc." - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"ccApp" - "Symantec Corporation" - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
"Google Desktop Search" - ? - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup  (File found, but it contains no detailed information)
"ISBMgr.exe" - "Sony Corporation" - C:\Programme\Sony\ISB Utility\ISBMgr.exe
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SonyPowerCfg" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMgr.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe
"Switcher.exe" - "Sony Corporation" - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
"URLLSTCK.exe" - "Symantec Corporation" - C:\Programme\Norton Internet Security\UrlLstCk.exe
"VAIO Update 4" - "Sony Corporation" - "C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe"  /Stationary
"VAIOCameraUtility" - "Sony Corporation" - "C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Active File Monitor V4" (AdobeActiveFileMonitor4.0) - ? - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"COM Host" (comHost) - "Symantec Corporation" - C:\Programme\Norton Internet Security\comHost.exe
"Content Management Service" (ContentMgrService) - "ACE GmbH" - C:\Programme\Videoload Manager\ContentManager.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Image Converter video recording monitor for VAIO Entertainment" (Image Converter video recording monitor for VAIO Entertainment) - "Sony Corporation" - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll
"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
"MSSQL$VAIO_VEDB" (MSSQL$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
"MSSQLServerADHelper" (MSSQLServerADHelper) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
"Norton Protection Center Service" (NSCService) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
"SonicStage SCSI Service" (SSScsiSV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
"SPBBCSvc" (SPBBCSvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
"SQLAgent$VAIO_VEDB" (SQLAgent$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE
"Symantec Core LC" (Symantec Core LC) - ? - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
"Symantec Internet Security Password Validation" (ccISPwdSvc) - "Symantec Corporation" - C:\Programme\Norton Internet Security\ccPwdSvc.exe
"Symantec Network Drivers Service" (SNDSrvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
"Symantec Network Proxy" (ccProxy) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
"VAIO Cooporated Initialisation" (VCI) - "Sony Corporation" - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
"VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
"VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
"VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
"VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
"VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
"VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
"VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
"VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"VESWinlogon" - "Sony Corporation" - C:\WINDOWS\system32\VESWinlogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Alt 27.04.2011, 09:39   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Standard

TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!
0x00000001, 4d36e972-e325-11ce-bfc1-08002be10318, administrator, adobe, antivir, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, checkpoint, conduit, converter, dateien weg, document, einstellungen, error, excel.exe, festplatte, festplatte beschädigt, firefox, format, google, helper, intranet, location, logfile, mozilla, msvcr80.dll, object, oldtimer, otl-scan, photoshop, plug-in, registry, rundll, sched.exe, searchplugins, security, security update, senden, software, sweetim, symantec, vista, windows, winload toolbar, wrapper




Ähnliche Themen: TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!


  1. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2018 (27)
  2. Festplatte Cluster beschädigt/Windows Xp Recovery/FakeAlert vermutlich TR/Kazy.mekml1
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (1)
  3. Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte
    Plagegeister aller Art und deren Bekämpfung - 06.05.2011 (17)
  4. TR/Kazy.mekml.1 - Festplatte beschädigt, Datein versteckt
    Log-Analyse und Auswertung - 04.05.2011 (11)
  5. TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt
    Log-Analyse und Auswertung - 02.05.2011 (27)
  6. Festplatte beschädigt. Private Daten sind in Gefahr. AntiVir Fund: TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (16)
  7. TR/Kazy.mekml.1, Festplatte beschädigt, Dateien nicht sichtbar
    Log-Analyse und Auswertung - 29.04.2011 (7)
  8. TR/Kazy.mekml.1 Festplatte C und D leer
    Log-Analyse und Auswertung - 29.04.2011 (23)
  9. Windows Securtiy Alert. Virus. Festplatte beschädigt. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (8)
  10. TR/Kazy.mekml.1 - Festplatte beschädigt. Das System hat ein Problem mit...
    Log-Analyse und Auswertung - 28.04.2011 (6)
  11. TR/Kazy.mekml.1, festplatten cluster beschädigt, daten nicht mehr lesbar, schwarzer hintergrund
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  12. TR/Kazy.mekml.1 - Dateien verschwunden,
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  13. TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (15)
  14. tr/kazy.mekml.1' desktop dateien weg
    Log-Analyse und Auswertung - 25.04.2011 (1)
  15. tr kazy.mekml.1 - dateien wieder sichtbar machen
    Plagegeister aller Art und deren Bekämpfung - 23.04.2011 (9)
  16. TR/kazy.mekml, Festplatte beschädigt, Dateien weg
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (11)
  17. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (1)

Zum Thema TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! - Hallo, habe wie viele hier den TR/Kazy.mekml.1 auf dem laptop. hoffe es kann mir jemand helfen, habe den OTL-scan bereits durchgeführt, wie hier von "markusg" beschrieben: Zitat: Doppelklick auf die - TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!...
Archiv
Du betrachtest: TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.