Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt! (https://www.trojaner-board.de/98039-tr-kazy-mekml-1-infektion-dateien-weg-festplatte-beschaedigt.html)

john_woo 24.04.2011 18:29
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!
 
Hallo,

habe wie viele hier den TR/Kazy.mekml.1 auf dem laptop. hoffe es kann mir jemand helfen, habe den OTL-scan bereits durchgeführt, wie hier von "markusg" beschrieben:

Zitat:
Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
OTL.txt:

Code:
OTL logfile created on: 24.04.2011 18:59:05 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\Chico\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 330,00 Mb Available Physical Memory | 32,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 46,57 Gb Total Space | 5,91 Gb Free Space | 12,70% Space Free | Partition Type: NTFS
Drive D: | 39,60 Gb Total Space | 21,60 Gb Free Space | 54,53% Space Free | Partition Type: NTFS
Drive F: | 618,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NAME-4FA6E57B07 | User Name: Chico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Chico\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dAmLSTWYyWMb.exe (WinTrust)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Greenshot\Greenshot.exe ()
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\attrib.exe (Microsoft Corporation)
PRC - C:\Programme\Videoload Manager\ContentManager.exe (ACE GmbH)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe ()
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktopDisplay.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPROXY.EXE (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCSETMGR.EXE (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCAPP.EXE (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Chico\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\Programme\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.)
MOD - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCL40.DLL (Symantec Corporation)
MOD - C:\Programme\Gemeinsame Dateien\Symantec Shared\AntiSpam\asOEHook.dll (Symantec Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) --  File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (osppsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ContentMgrService) -- C:\Programme\Videoload Manager\ContentManager.exe (ACE GmbH)
SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (SNDSrvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccProxy) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccISPwdSvc) -- C:\Programme\Norton Internet Security\ccPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Programme\Norton Internet Security\comHost.exe (Symantec Corporation)
SRV - (MZCCntrl) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
SRV - (NSCService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ithsgt) -- C:\WINDOWS\system32\drivers\ithsgt.sys ()
DRV - (lilsgt) -- C:\WINDOWS\system32\drivers\lilsgt.sys ()
DRV - (SYMIDSCO) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\idsdefs\20110312.001\SymIDSCo.sys (Symantec Corporation)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (SSHDRV86) -- C:\WINDOWS\system32\drivers\SSHDRV86.sys ()
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (MACNDIS5) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys (Marmiko IT-Solutions GmbH)
DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (PTV337) -- C:\WINDOWS\system32\drivers\PTV337.SYS ()
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (SI3132) -- C:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (PrivateDisk) -- C:\WINDOWS\system32\drivers\privatediskm.sys (Utimaco Safeware AG)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
 
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.8
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..network.proxy.http: "204.8.155.227"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.08.28 20:36:55 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2011.04.24 16:05:58 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.25 13:58:31 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.25 13:58:31 | 000,000,000 | -H-D | M]
 
[2008.12.25 23:49:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Extensions
[2011.04.24 16:57:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\extensions
[2011.04.22 13:24:52 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.02.27 21:44:42 | 000,000,000 | -H-D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.04.11 14:54:30 | 000,000,000 | -H-D | M] (Mein Gutscheincode Finder) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\extensions\finder@meingutscheincode.de
[2011.01.26 21:42:18 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\extensions\firefox@tvunetworks.com
[2010.03.08 19:30:38 | 000,000,000 | -H-D | M] (Personas) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\extensions\personas@christopher.beard
[2010.09.11 14:13:26 | 000,000,000 | -H-D | M] (vShare Plugin) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\extensions\vshare@toolbar
[2010.10.01 13:24:45 | 000,000,873 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\searchplugins\conduit.xml
[2009.02.27 21:44:38 | 000,003,915 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\searchplugins\sweetim.xml
[2011.04.24 16:57:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.14 19:02:39 | 000,000,000 | -H-D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.15 14:19:12 | 000,000,000 | -H-D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.24 16:05:58 | 000,000,000 | -H-D | M] (ZoneAlarm Security Engine) -- C:\PROGRAMME\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2010.11.14 19:02:20 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.11.12 19:53:06 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2006.08.09 12:16:08 | 000,030,408 | -H-- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npWebLaunch.dll
[2010.11.06 01:35:04 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.06 01:35:04 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.06 01:35:04 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.06 01:35:05 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.06 01:35:05 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} -  File not found
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} -  File not found
O3 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [ISUSPM Startup]  File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run:  C:\Programme\Norton Internet Security\URLLSTCK.EXE (Symantec Corporation)
O4 - HKLM..\Run: [VAIO Update 4] C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008..\Run: [dAmLSTWYyWMb] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dAmLSTWYyWMb.exe (WinTrust)
O4 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008..\Run: [Greenshot] C:\Programme\Greenshot\Greenshot.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MediaTV Monitor.lnk = C:\Programme\ADS Tech\MediaTV\MediaTVMonitor.exe (ADS Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Übertragen mit Image Converter 2 Plus - C:\Programme\Sony\Image Converter 2\menu.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..Trusted Domains: bk-giulini.com ([owa] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..Trusted Domains: bk-giulini.com ([www.owa] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1618721415-3483923378-2945908914-1008\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as01.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.16 16:05:55 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003.07.15 20:57:36 | 000,544,768 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.07.12 00:46:10 | 000,569,344 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2004.10.22 11:35:40 | 000,000,000 | R--D | M] - F:\autorun -- [ CDFS ]
O32 - AutoRun File - [2003.06.12 15:28:08 | 000,000,076 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3338d706-1b70-11de-bb2b-0013a90a57fc}\Shell\AutoRun\command - "" = G:\Menu.exe
O33 - MountPoints2\{6e88bb40-ab3f-11de-bcb1-0013a90a57fc}\Shell\AutoRun\command - "" = H:\WDSetup.exe
O33 - MountPoints2\{a264a37f-f5f4-11de-bd39-001302adddf7}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\Shell\AutoRun\command - "" = F:\Madden04.exe -- [2003.07.06 01:39:04 | 000,172,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Programme\Gemeinsame Dateien\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (65034330371522560)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.24 19:03:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Chico\Recent
[2011.04.24 18:53:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Malwarebytes
[2011.04.24 18:53:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.24 18:53:32 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.24 18:53:30 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.24 18:53:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.04.24 18:53:22 | 000,000,000 | -H-D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.24 18:52:26 | 007,734,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Chico\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.24 17:09:57 | 000,066,896 | -H-- | C] (Malwarebytes Corporation) -- C:\Dokumente und Einstellungen\Chico\Desktop\mbam-clean.exe
[2011.04.24 16:22:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.24 16:06:05 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Eigene Dateien\ForceField Shared Files
[2011.04.24 16:06:04 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\CheckPoint
[2011.04.24 16:05:37 | 000,000,000 | -H-D | C] -- C:\Programme\CheckPoint
[2011.04.24 16:05:33 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ZoneAlarm
[2011.04.24 16:05:26 | 000,046,592 | -H-- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc0407.dll
[2011.04.24 16:05:24 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2011.04.24 16:05:21 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2011.04.24 16:05:21 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2011.04.24 16:05:15 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2011.04.24 16:05:13 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2011.04.24 16:05:13 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2011.04.24 16:05:13 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2011.04.24 16:05:13 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2011.04.24 16:05:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2011.04.24 16:05:11 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2011.04.24 16:05:10 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs
[2011.04.24 16:04:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011.04.24 16:04:25 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2011.04.24 16:04:25 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2011.04.24 16:04:25 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2011.04.23 14:16:12 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Chico\Desktop\OTL.exe
[2011.04.23 13:21:01 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Desktop\desktop
[2011.04.23 11:28:03 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Startmenü\Programme\Windows Recovery
[2011.04.23 11:17:53 | 000,569,344 | -H-- | C] (WinTrust) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dAmLSTWYyWMb.exe
[2011.04.13 20:01:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Eigene Dateien\MVP Baseball 2005
[2011.04.12 17:53:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\XPSViewer
[2011.04.12 17:52:55 | 000,000,000 | -H-D | C] -- C:\Programme\MSBuild
[2011.04.12 17:52:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\en-US
[2011.04.12 17:52:40 | 000,000,000 | -H-D | C] -- C:\Programme\Reference Assemblies
[2011.04.12 17:51:58 | 000,597,504 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011.04.12 17:51:58 | 000,575,488 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011.04.12 17:51:58 | 000,117,760 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011.04.12 17:51:58 | 000,089,088 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011.04.12 17:51:57 | 001,676,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011.04.12 17:51:57 | 001,676,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011.04.11 15:03:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Greenshot
[2011.04.11 15:03:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Greenshot
[2011.04.11 15:03:09 | 000,000,000 | -H-D | C] -- C:\Programme\Greenshot
[2011.04.11 14:54:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2011.04.11 14:54:38 | 000,000,000 | -H-D | C] -- C:\Programme\Conduit
[2011.04.11 14:54:37 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\Winload
[2011.04.11 14:54:35 | 000,000,000 | -H-D | C] -- C:\Programme\Winload
[2011.04.01 22:00:15 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Eigene Dateien\Madden NFL 2004
[2011.04.01 20:31:05 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chico\Eigene Dateien\NBA Live 2003
[2011.04.01 20:21:59 | 000,000,000 | -H-D | C] -- C:\Programme\EA SPORTS
[2008.08.29 20:17:03 | 025,842,760 | -H-- | C] (Microsoft Corporation) -- C:\Programme\wmp11-windowsxp-x86-DE-DE.exe
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.24 18:53:32 | 000,000,760 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.24 18:52:24 | 007,734,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Chico\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.24 18:46:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.24 18:46:50 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.24 18:27:33 | 000,000,344 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18472756
[2011.04.24 18:27:30 | 000,487,424 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18472756.exe
[2011.04.24 18:26:01 | 048,132,096 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Desktop\zaSetup_92_105_000_de.exe
[2011.04.24 17:27:54 | 000,000,344 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19849012
[2011.04.24 17:09:52 | 000,066,896 | -H-- | M] (Malwarebytes Corporation) -- C:\Dokumente und Einstellungen\Chico\Desktop\mbam-clean.exe
[2011.04.24 16:46:19 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.24 16:06:39 | 000,427,421 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011.04.24 16:05:34 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011.04.24 16:05:33 | 000,000,715 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Desktop\ZoneAlarm Security.lnk
[2011.04.24 15:42:52 | 048,045,056 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Desktop\zaSetup_92_058_000_de.exe
[2011.04.23 14:16:10 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Chico\Desktop\OTL.exe
[2011.04.23 11:49:18 | 000,045,378 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.04.23 11:27:52 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19652404
[2011.04.23 11:17:50 | 000,569,344 | -H-- | M] (WinTrust) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dAmLSTWYyWMb.exe
[2011.04.22 11:06:50 | 000,481,976 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.22 11:06:50 | 000,459,288 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.22 11:06:50 | 000,094,816 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.22 11:06:50 | 000,078,942 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.16 12:54:03 | 000,285,312 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.16 12:47:38 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.13 20:54:10 | 000,001,724 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MVP Baseball 2005.lnk
[2011.04.05 16:53:17 | 000,056,832 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.01 21:32:55 | 000,001,721 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Madden NFL 2004.lnk
[2011.04.01 21:24:15 | 000,001,383 | -H-- | M] () -- C:\WINDOWS\eReg.dat
[2011.04.01 20:25:56 | 000,001,688 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NBA Live 2003.lnk
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.24 18:53:32 | 000,000,760 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.24 18:27:33 | 000,000,344 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18472756
[2011.04.24 18:27:30 | 000,487,424 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18472756.exe
[2011.04.24 18:24:28 | 048,132,096 | -H-- | C] () -- C:\Dokumente und Einstellungen\Chico\Desktop\zaSetup_92_105_000_de.exe
[2011.04.24 17:27:54 | 000,000,344 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19849012
[2011.04.24 16:05:34 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011.04.24 16:05:33 | 000,000,715 | -H-- | C] () -- C:\Dokumente und Einstellungen\Chico\Desktop\ZoneAlarm Security.lnk
[2011.04.24 16:05:11 | 000,427,421 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011.04.24 16:04:15 | 048,045,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\Chico\Desktop\zaSetup_92_058_000_de.exe
[2011.04.23 11:27:52 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19652404
[2011.04.13 19:47:21 | 000,001,724 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MVP Baseball 2005.lnk
[2011.04.01 21:32:55 | 000,001,721 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Madden NFL 2004.lnk
[2011.04.01 20:25:56 | 000,001,688 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NBA Live 2003.lnk
[2011.01.03 21:10:34 | 000,000,059 | -H-- | C] () -- C:\WINDOWS\RUNAWAY.INI
[2010.11.05 16:50:59 | 000,162,432 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys
[2010.11.05 16:50:58 | 000,012,032 | -H-- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys
[2010.03.19 15:37:37 | 000,281,760 | -H-- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010.03.19 15:37:36 | 000,025,888 | -H-- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.12.20 18:52:46 | 000,000,010 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat
[2008.12.25 23:49:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2008.10.15 21:29:39 | 000,000,009 | -H-- | C] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\mdb.bin
[2008.09.17 19:05:18 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.08.28 20:31:29 | 009,960,408 | -H-- | C] () -- C:\Programme\Videoload_Manager_Setup_1.0.1514.exe
[2008.08.16 13:48:22 | 000,056,832 | -H-- | C] () -- C:\Dokumente und Einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.01 22:34:42 | 000,000,138 | -H-- | C] () -- C:\Dokumente und Einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.01.04 22:09:22 | 000,081,408 | -H-- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV86.sys
[2007.12.30 10:38:45 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\patchw32.dll
[2007.12.30 10:37:39 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\pw32a.dll
[2007.07.23 09:03:32 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.01.29 12:16:34 | 000,000,305 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.12.19 21:15:26 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006.10.30 13:26:36 | 000,184,064 | -H-- | C] () -- C:\WINDOWS\System32\drivers\PTV337.SYS
[2006.10.29 15:57:10 | 000,001,383 | -H-- | C] () -- C:\WINDOWS\eReg.dat
[2006.04.27 06:09:58 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006.04.27 06:00:57 | 000,019,968 | -H-- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006.04.27 05:57:55 | 000,000,143 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2006.03.17 14:18:13 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006.03.17 11:49:15 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006.03.17 11:49:15 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006.03.17 11:49:15 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006.03.17 11:49:15 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006.03.17 11:49:15 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006.03.17 11:49:15 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006.03.17 11:41:14 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2006.03.17 11:40:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006.03.16 16:08:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.03.16 16:02:07 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.03.16 15:54:56 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.03.16 15:54:05 | 000,285,312 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.03.16 07:48:19 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.03.16 07:48:10 | 000,004,152 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.03.16 07:47:56 | 000,481,976 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.03.16 07:47:56 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.03.16 07:47:56 | 000,094,816 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.03.16 07:47:56 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.03.16 07:47:21 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.03.16 07:47:18 | 000,459,288 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.03.16 07:47:18 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.03.16 07:47:18 | 000,078,942 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.03.16 07:47:18 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.03.16 07:47:16 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.03.16 07:47:16 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.03.16 07:47:15 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.03.16 07:47:09 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.03.16 07:47:09 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.03.16 07:46:59 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.03.16 07:46:52 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005.11.01 10:53:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005.08.05 15:26:04 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[1998.03.25 21:12:00 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\vbzlib.dll
 
========== LOP Check ==========
 
[2008.03.13 04:36:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2008.08.28 20:36:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fluxDVD
[2010.04.06 17:15:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI
[2008.08.28 20:36:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpDRM
[2009.02.27 21:44:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2008.08.16 14:04:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2008.08.17 14:05:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WEBDE
[2011.04.24 16:06:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\CheckPoint
[2010.07.19 23:42:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Games
[2011.04.11 15:03:17 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Greenshot
[2011.01.24 23:50:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\gtk-2.0
[2008.09.25 02:44:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\ICQ
[2008.08.17 16:01:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\ICQ Toolbar
[2008.08.09 13:52:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\InterVideo
[2010.05.19 16:27:01 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Leadertech
[2008.11.16 23:32:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\OpenOffice.org
[2011.04.07 20:15:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\PriceGong
[2011.03.19 22:54:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\ScummVM
[2008.08.17 14:05:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\SmartSurfer
[2008.09.21 22:18:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony
[2008.08.16 14:06:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\T-Online
[2008.10.28 21:40:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\WEB.DE
[2008.08.17 14:05:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\WEBDE
[2008.08.13 18:17:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SmartSurfer
[2007.01.07 17:32:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\sony
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.05.01 16:10:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Adobe
[2008.08.24 20:18:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\AdobeUM
[2008.08.01 22:35:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\ArcSoft
[2010.05.05 22:23:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Avira
[2011.04.24 16:06:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\CheckPoint
[2011.03.20 00:04:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\dvdcss
[2010.07.19 23:42:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Games
[2008.08.16 17:44:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Google
[2011.04.11 15:03:17 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Greenshot
[2011.01.24 23:50:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\gtk-2.0
[2008.09.25 02:44:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\ICQ
[2008.08.17 16:01:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\ICQ Toolbar
[2006.03.16 16:06:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Identities
[2008.08.09 13:52:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\InterVideo
[2010.05.19 16:27:01 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Leadertech
[2010.01.18 01:28:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Macromedia
[2011.04.24 18:53:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Malwarebytes
[2011.02.25 16:50:38 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft
[2008.12.25 23:49:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Mozilla
[2008.11.16 23:32:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\OpenOffice.org
[2011.04.07 20:15:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\PriceGong
[2011.03.19 22:54:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\ScummVM
[2010.05.19 16:30:27 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\SecuROM
[2008.08.17 14:05:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\SmartSurfer
[2008.09.21 22:18:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony
[2008.11.23 16:47:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Sony Corporation
[2008.11.10 18:57:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Sun
[2008.08.16 14:06:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\T-Online
[2010.06.10 22:48:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\vlc
[2008.10.28 21:40:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\WEB.DE
[2008.08.17 14:05:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\WEBDE
[2010.01.18 12:47:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.11.05 16:50:57 | 000,010,134 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\ARPPRODUCTICON.exe
[2010.11.05 16:50:57 | 000,004,286 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Fahrenheit.exe_B11493A1D18C4B5FAD8D53D777C9C16A.exe
[2010.11.05 16:50:58 | 000,008,854 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Uninstall_Fahrenheit_8C2B6FBDC8D14FA595F7B3231B7D8CBC.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_125f4299.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_23282bdc.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_2d9c7675.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_336a1ea6.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_3b7168ec.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_3eba2d5d.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_4a0d7d39.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_4a284e1.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_5bbf367c.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_68476603.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_6f9a65a9.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_71196d74.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_779c5be5.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_7fd2260b.exe
[2010.01.18 12:50:51 | 000,007,406 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_8a42c42.exe
[2010.01.18 12:50:51 | 000,005,390 | RH-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_c8d278f.exe
[2005.02.13 18:22:00 | 001,178,540 | -H-- | M] (Sony ITE                                                                                                                                                                                                                ) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\npm.exe
[2005.10.10 22:12:00 | 003,933,908 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_de.exe
[2005.10.10 22:12:00 | 003,943,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_en.exe
[2005.10.10 22:12:00 | 003,939,540 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_es.exe
[2005.10.10 22:12:00 | 003,942,068 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_fr.exe
[2005.10.10 22:12:00 | 003,938,964 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_it.exe
[2005.10.10 22:08:00 | 003,942,708 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pre2_nl.exe
[2005.10.10 22:06:00 | 003,357,076 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_de.exe
[2005.10.10 22:07:00 | 003,362,060 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_en.exe
[2005.10.10 22:07:00 | 003,355,524 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_es.exe
[2005.10.10 22:07:00 | 003,356,780 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_fr.exe
[2005.10.10 22:07:00 | 003,356,484 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_it.exe
[2005.10.10 22:06:00 | 003,357,324 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\sections\software\shows\pse4_nl.exe
[2004.12.01 11:00:00 | 000,405,504 | -H-- | M] (Sony Corporation) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\tools\PcName.exe
[2005.10.13 13:16:26 | 001,922,580 | -H-- | M] (Sony Corporation) -- C:\Dokumente und Einstellungen\Chico\Anwendungsdaten\sony\myclubvaio\update\update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.10 14:00:00 | 017,006,491 | RH-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.10 14:00:00 | 017,006,491 | RH-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.10 14:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 08:52:12 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:52:12 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.10 14:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2007.06.13 15:10:08 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 15:21:45 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 08:52:20 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:52:20 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.10 14:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 08:52:24 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:52:24 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.10 14:00:00 | 000,186,880 | -H-- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | -H-- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | -H-- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 08:53:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.10 14:00:00 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.14 01:07:41 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=4C5B48AB9179DE15A7B6A48DC8E56121 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.10 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.10 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.03.16 16:53:32 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.03.16 16:53:32 | 000,663,552 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.03.16 16:53:32 | 000,442,368 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

john_woo 24.04.2011 18:30
TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!
 
Extras.txt:
Code:
OTL Extras logfile created on: 24.04.2011 18:59:05 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\Chico\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 330,00 Mb Available Physical Memory | 32,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 46,57 Gb Total Space | 5,91 Gb Free Space | 12,70% Space Free | Partition Type: NTFS
Drive D: | 39,60 Gb Total Space | 21,60 Gb Free Space | 54,53% Space Free | Partition Type: NTFS
Drive F: | 618,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NAME-4FA6E57B07 | User Name: Chico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1618721415-3483923378-2945908914-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Google\Google Talk\googletalk.exe" = C:\Programme\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Programme\Avira\AntiVir Desktop\update.exe" = C:\Programme\Avira\AntiVir Desktop\update.exe:*:Enabled:update -- (Avira GmbH)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Enabled:Adobe Photoshop Elements Media Server -- ()
"C:\Programme\Avira\AntiVir PersonalEdition Classic\avcenter.exe" = C:\Programme\Avira\AntiVir PersonalEdition Classic\avcenter.exe:*:Enabled:Avira AntiVir Personal starten
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam
"C:\Programme\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe" = C:\Programme\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe:*:Enabled:Audiosurf
"C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" = C:\Programme\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:mbam -- (Malwarebytes Corporation)
"C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" = C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:mbamgui -- (Malwarebytes Corporation)
"C:\Programme\Malwarebytes' Anti-Malware\mbam.dll" = C:\Programme\Malwarebytes' Anti-Malware\mbam.dll:*:Enabled:mbam.dll -- (Malwarebytes Corporation)
"C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe" = C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe:*:Enabled:mbamservice -- (Malwarebytes Corporation)
"C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll" = C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll:*:Enabled:mbamext.dll -- (Malwarebytes Corporation)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref:*:Enabled:rules.ref -- ()
"C:\WINDOWS\system32\drivers\mbam.sys" = C:\WINDOWS\system32\drivers\mbam.sys:*:Enabled:mbam -- (Malwarebytes Corporation)
"C:\WINDOWS\system32\drivers\mbamswissarmy.sys" = C:\WINDOWS\system32\drivers\mbamswissarmy.sys:*:Enabled:mbamswissarmy -- (Malwarebytes Corporation)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{16E43D5F-5296-4D53-B303-9D951AFE510F}" = Airline Tycoon Evolution
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{266C7330-C0F4-49E5-8F20-A56F9F822875}" = SweetIM Toolbar for Internet Explorer 3.3
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3B29A786-5803-4E9E-9B58-3014A5B4E519}" = Norton AntiSpam
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Google AFE
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{48E9DE14-39D1-4974-91A6-D4E1836F648D}" = SafeGuard® PrivateDisk 1.00.6 - Try and Buy Version
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{5549C19D-46FE-4975-AD54-5B37E87FF6E2}" = SweetIM for Messenger 2.6
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{57ABE5FC-9E26-49E0-00A3-CF45D750B1AB}" = MVP Baseball 2005
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7032E73F-68A0-48F9-8100-E70E79169BAE}" = AGEIA PhysX v6.12.02
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{827B97A9-B347-4110-9F89-37AF2B758F94}" = NHL™ 09
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9F60FF4E-725D-4B28-0094-FDADF5E73647}" = NBA Live 2003
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.4
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{AD8C0C77-7BBF-4CE7-89B7-DB95AFBE2708}" = ADS Tech MediaTV
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BA10AC78-E687-4523-8B93-540428FC256F}" = Fahrenheit
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C2FCB62F-D79F-4395-009C-A703AC9FB64F}" = Madden NFL 2004
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.20
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F656DC79-013A-4683-8692-B938FC00B941}" = DkZ Studio
"{F9BB1E62-F290-427E-9480-993101301EC8}" = Mini DigitalTV USB
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Desktop" = Google Desktop
"Greenshot_is1" = Greenshot
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"Jagged Alliance 2" = Jagged Alliance 2
"Leisure Suit Larry 2 Point and Click" = Leisure Suit Larry 2 Point and Click
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenMG HotFix4.4-05-12-06-01" = OpenMG Limited Patch 4.4-06-13-19-01
"Picasa2" = Picasa 2
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ScummVM Tools_is1" = ScummVM Tools 1.2.0
"ScummVM_is1" = ScummVM 1.2.1
"SopCast" = SopCast 3.2.4
"Stacked with Daniel Negreanu_is1" = Stacked 1.1
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2006 (Symantec Corporation)
"The Westerner_is1" = The Westerner 1.3
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VERMEER" = VERMEER
"Videoload Manager" = Videoload Manager 1.0.1514
"VLC media player" = VLC media player 0.9.8a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zattoo" = Zattoo 3.3.4 Beta
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"Zuma Deluxe_is1" = Zuma Deluxe
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.04.2011 11:53:27 | Computer Name = NAME-4FA6E57B07 | Source = LiveUpdate | ID = 2752570
Description =
 
Error - 23.04.2011 11:53:27 | Computer Name = NAME-4FA6E57B07 | Source = LiveUpdate | ID = 2752567
Description =
 
Error - 24.04.2011 09:42:56 | Computer Name = NAME-4FA6E57B07 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung 18472756.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 24.04.2011 09:51:19 | Computer Name = NAME-4FA6E57B07 | Source = MBAMService | ID = 131073
Description =
 
Error - 24.04.2011 09:53:15 | Computer Name = NAME-4FA6E57B07 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.4095, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.04.2011 09:53:37 | Computer Name = NAME-4FA6E57B07 | Source = LiveUpdate | ID = 2752570
Description =
 
Error - 24.04.2011 09:53:37 | Computer Name = NAME-4FA6E57B07 | Source = LiveUpdate | ID = 2752567
Description =
 
Error - 24.04.2011 10:33:19 | Computer Name = NAME-4FA6E57B07 | Source = MsiInstaller | ID = 11922
Description = Product: SPBBC -- Error 1922.Service Symantec SPBBCSvc (SPBBCSvc)
could not be deleted.  Verify that you have sufficient privileges to remove system
 services.
 
Error - 24.04.2011 10:34:48 | Computer Name = NAME-4FA6E57B07 | Source = MsiInstaller | ID = 11922
Description = Product: SPBBC -- Error 1922.Service Symantec SPBBCSvc (SPBBCSvc)
could not be deleted.  Verify that you have sufficient privileges to remove system
 services.
 
Error - 24.04.2011 11:43:08 | Computer Name = NAME-4FA6E57B07 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung 19849012.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 23.04.2011 07:56:33 | Computer Name = NAME-4FA6E57B07 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
 
Error - 23.04.2011 09:27:04 | Computer Name = NAME-4FA6E57B07 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SI3132
 
Error - 23.04.2011 09:27:08 | Computer Name = NAME-4FA6E57B07 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 24.04.2011 11:14:45 | Computer Name = NAME-4FA6E57B07 | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Die Hardware des Embedded Controllers (EC) hat nicht
 innerhalb des Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware
 oder -Firmware bzw. auf ein schlecht angelegtes BIOS hin, das auf nicht sichere
 Art und Weise auf den EC zugreift. Der EC-Treiber wird erneut versuchen, die fehlgeschlagene
 Transaktion durchzuführen.
 
Error - 24.04.2011 11:16:03 | Computer Name = NAME-4FA6E57B07 | Source = NetBT | ID = 4321
Description = Der Name "MSHEIMNETZ    :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.104
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.04.2011 11:23:02 | Computer Name = NAME-4FA6E57B07 | Source = NetBT | ID = 4321
Description = Der Name "MSHEIMNETZ    :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.104
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.04.2011 11:28:12 | Computer Name = NAME-4FA6E57B07 | Source = NetBT | ID = 4321
Description = Der Name "MSHEIMNETZ    :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.104
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.04.2011 12:17:53 | Computer Name = NAME-4FA6E57B07 | Source = BROWSER | ID = 8032
Description = Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport
 "\Device\NetBT_Tcpip_{5AEFB258-B610-4F09-8DD2-E0D6F7C171D6}" zu oft fehl.  Der Sicherungssuchdienst
 wird beendet.
 
Error - 24.04.2011 12:23:54 | Computer Name = NAME-4FA6E57B07 | Source = PlugPlayManager | ID = 12
Description = Das Gerät "SONY DVD RW DW-G520A" (IDE\CdRomSONY_DVD_RW_DW-G520A____________________GFS2____\5&1fd6619f&0&0.0.0)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 24.04.2011 12:53:10 | Computer Name = NAME-4FA6E57B07 | Source = BROWSER | ID = 8032
Description = Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport
 "\Device\NetBT_Tcpip_{5AEFB258-B610-4F09-8DD2-E0D6F7C171D6}" zu oft fehl.  Der Sicherungssuchdienst
 wird beendet.
 
 
< End of report >
habe jetzt mal noch malwarebytes drüber laufen lassen und unhide.exe ausgeführt. dateien sind wieder sichtbar und ich bekomme keine fehlermeldungen mehr.
kann mir bitte jemand helfen, wie ich jetzt weiter verfahren muss, oder bin ich den virus schon los. danke!

malwarebytes-log:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 6433
 
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
 
25.04.2011 00:19:28
mbam-log-2011-04-25 (00-19-28).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 267827
Laufzeit: 1 Stunde(n), 39 Minute(n), 19 Sekunde(n)
 
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
 
Infizierte Speicherprozesse:
c:\dokumente und einstellungen\all users\anwendungsdaten\damlstwyywmb.exe (Trojan.FakeAlert) -> 3724 -> Unloaded process successfully.
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dAmLSTWYyWMb (Trojan.FakeAlert) -> Value: dAmLSTWYyWMb -> Quarantined and deleted successfully.
 
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
c:\dokumente und einstellungen\all users\anwendungsdaten\damlstwyywmb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\18472756.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Chico\Desktop\ultrasurf.exe (Trojan.UltraSurf) -> Quarantined and deleted successfully.

cosinus 25.04.2011 15:05
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

john_woo 25.04.2011 17:35
hallo arne,

hier noch ein aktueller log von eben. davor hab ich keine:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6440

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

25.04.2011 18:24:44
mbam-log-2011-04-25 (18-24-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 268529
Laufzeit: 3 Stunde(n), 31 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programme\WinRAR\Zip.SFX (Malware.Packer.Gen) -> Quarantined and deleted successfully.
hab in einem anderen thread gelesen, dass zonealarm nicht gut wär, kann ich das also gleich wieder runterlöschen? reicht die windows-firewall alleine aus, oder benötigt man noch zusätzliche programme.


gruß - john

PS: sorry für den ersten strang, da hatte ich noch das problem, dass das updaten von malwarebytes nicht funktioniert hat, hat sich aber erledigt.

cosinus 25.04.2011 20:23
Behalt nur die Windows-Firewall, andere Software-Firewalls sind kontraproduktiv.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.16 16:05:55 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003.07.15 20:57:36 | 000,544,768 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.07.12 00:46:10 | 000,569,344 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2004.10.22 11:35:40 | 000,000,000 | R--D | M] - F:\autorun -- [ CDFS ]
O32 - AutoRun File - [2003.06.12 15:28:08 | 000,000,076 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3338d706-1b70-11de-bb2b-0013a90a57fc}\Shell\AutoRun\command - "" = G:\Menu.exe
O33 - MountPoints2\{6e88bb40-ab3f-11de-bcb1-0013a90a57fc}\Shell\AutoRun\command - "" = H:\WDSetup.exe
O33 - MountPoints2\{a264a37f-f5f4-11de-bd39-001302adddf7}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\Shell\AutoRun\command - "" = F:\Madden04.exe -- [2003.07.06 01:39:04 | 000,172,032 | R--- | M] ()
FF - prefs.js..network.proxy.http: "204.8.155.227"
FF - prefs.js..network.proxy.http_port: 3127
:Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1*
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~*
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

john_woo 25.04.2011 23:01
alles klar, hier der log:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\AutoRunGUI.dll scheduled to be moved on reboot.
File  not found.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3338d706-1b70-11de-bb2b-0013a90a57fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3338d706-1b70-11de-bb2b-0013a90a57fc}\ not found.
File G:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e88bb40-ab3f-11de-bcb1-0013a90a57fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e88bb40-ab3f-11de-bcb1-0013a90a57fc}\ not found.
File H:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a264a37f-f5f4-11de-bd39-001302adddf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a264a37f-f5f4-11de-bd39-001302adddf7}\ not found.
File G:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{baf24a82-613a-11db-b693-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{baf24a82-613a-11db-b693-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{baf24a82-613a-11db-b693-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{baf24a82-613a-11db-b693-806d6172696f}\ not found.
File move failed. F:\Madden04.exe scheduled to be moved on reboot.
Prefs.js: "204.8.155.227" removed from network.proxy.http
Prefs.js: 3127 removed from network.proxy.http_port
========== FILES ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18472756 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19652404 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19849012 moved successfully.
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~* not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: All Users
 
User: Chico
->Temp folder emptied: 349777317 bytes
->Temporary Internet Files folder emptied: 69885286 bytes
->Java cache emptied: 19070672 bytes
->FireFox cache emptied: 113654996 bytes
->Flash cache emptied: 532714 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: LocalService
->Temp folder emptied: 1130728 bytes
->Temporary Internet Files folder emptied: 58690 bytes
->Flash cache emptied: 348 bytes
 
User: NetworkService
->Temp folder emptied: 2130344 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 4 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 4551933 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25995865 bytes
RecycleBin emptied: 5679 bytes
 
Total Files Cleaned = 560,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04252011_234117

Files\Folders moved on Reboot...
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\AutoRunGUI.dll scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\Madden04.exe scheduled to be moved on reboot.
C:\WINDOWS\temp\IswTmp\Logs\ISWSHEX.swl moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_78c.dat not found!

Registry entries deleted on Reboot...

cosinus 26.04.2011 11:01
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

john_woo 26.04.2011 14:22
hier der log vom tdsskiller (kein fund angezeigt):
Code:
2011/04/26 12:48:48.0750 3848        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/26 12:48:48.0796 3848        ================================================================================
2011/04/26 12:48:48.0796 3848        SystemInfo:
2011/04/26 12:48:48.0796 3848       
2011/04/26 12:48:48.0796 3848        OS Version: 5.1.2600 ServicePack: 3.0
2011/04/26 12:48:48.0796 3848        Product type: Workstation
2011/04/26 12:48:48.0796 3848        ComputerName: NAME-4FA6E57B07
2011/04/26 12:48:48.0796 3848        UserName: Chico
2011/04/26 12:48:48.0796 3848        Windows directory: C:\WINDOWS
2011/04/26 12:48:48.0796 3848        System windows directory: C:\WINDOWS
2011/04/26 12:48:48.0796 3848        Processor architecture: Intel x86
2011/04/26 12:48:48.0796 3848        Number of processors: 2
2011/04/26 12:48:48.0796 3848        Page size: 0x1000
2011/04/26 12:48:48.0796 3848        Boot type: Normal boot
2011/04/26 12:48:48.0796 3848        ================================================================================
2011/04/26 12:48:49.0265 3848        Initialize success
2011/04/26 12:48:57.0750 0444        ================================================================================
2011/04/26 12:48:57.0750 0444        Scan started
2011/04/26 12:48:57.0750 0444        Mode: Manual;
2011/04/26 12:48:57.0750 0444        ================================================================================
2011/04/26 12:48:59.0046 0444        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/26 12:48:59.0078 0444        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/04/26 12:48:59.0156 0444        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/26 12:48:59.0218 0444        AegisP          (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/26 12:48:59.0250 0444        Afc            (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/04/26 12:48:59.0312 0444        AFD            (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/04/26 12:48:59.0484 0444        ApfiltrService  (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/04/26 12:48:59.0515 0444        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/26 12:48:59.0640 0444        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/26 12:48:59.0656 0444        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/26 12:48:59.0734 0444        atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/04/26 12:48:59.0921 0444        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/26 12:48:59.0968 0444        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/26 12:49:00.0062 0444        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/04/26 12:49:00.0109 0444        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/04/26 12:49:00.0140 0444        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/04/26 12:49:00.0203 0444        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/26 12:49:00.0265 0444        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/26 12:49:00.0312 0444        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/26 12:49:00.0500 0444        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/26 12:49:00.0546 0444        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/26 12:49:00.0578 0444        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/26 12:49:00.0640 0444        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/26 12:49:00.0687 0444        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/26 12:49:00.0828 0444        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/26 12:49:00.0906 0444        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/26 12:49:00.0968 0444        DMICall        (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/04/26 12:49:01.0078 0444        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/26 12:49:01.0140 0444        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/26 12:49:01.0281 0444        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/26 12:49:01.0359 0444        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/26 12:49:01.0390 0444        E100B          (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/26 12:49:01.0468 0444        e1express      (389cf2cded384be477c3b3f15747d495) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/04/26 12:49:01.0593 0444        eeCtrl          (08035db1987412cced1d4201263776ed) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/26 12:49:01.0656 0444        EraserUtilRebootDrv (d5ea4a605147eeaaaa09fef41f007eb0) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/04/26 12:49:01.0828 0444        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/26 12:49:01.0875 0444        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/26 12:49:01.0906 0444        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/26 12:49:01.0921 0444        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/26 12:49:01.0984 0444        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/26 12:49:02.0046 0444        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/26 12:49:02.0078 0444        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/26 12:49:02.0109 0444        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/26 12:49:02.0156 0444        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/26 12:49:02.0203 0444        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/26 12:49:02.0296 0444        HSFHWAZL        (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/04/26 12:49:02.0437 0444        HSF_DPV        (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/04/26 12:49:02.0531 0444        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/26 12:49:02.0640 0444        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/26 12:49:02.0750 0444        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/26 12:49:02.0828 0444        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/26 12:49:02.0859 0444        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/26 12:49:02.0921 0444        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/26 12:49:02.0953 0444        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/26 12:49:03.0015 0444        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/26 12:49:03.0046 0444        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/26 12:49:03.0093 0444        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/26 12:49:03.0125 0444        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/26 12:49:03.0187 0444        ithsgt          (b7a5fadf67136fda7e8f25303565b674) C:\WINDOWS\system32\DRIVERS\ithsgt.sys
2011/04/26 12:49:03.0234 0444        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/26 12:49:03.0343 0444        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/26 12:49:03.0375 0444        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/26 12:49:03.0406 0444        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/26 12:49:03.0484 0444        lilsgt          (16767ea492b5d140e1de3679a65eae74) C:\WINDOWS\system32\DRIVERS\lilsgt.sys
2011/04/26 12:49:03.0531 0444        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/04/26 12:49:03.0640 0444        MACNDIS5        (e949d673842858d458f7e6bcd46a2a5d) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
2011/04/26 12:49:03.0703 0444        mdmxsdk        (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/04/26 12:49:03.0937 0444        MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/04/26 12:49:04.0031 0444        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/26 12:49:04.0156 0444        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/26 12:49:04.0187 0444        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/26 12:49:04.0250 0444        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/26 12:49:04.0281 0444        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/26 12:49:04.0312 0444        MPE            (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/04/26 12:49:04.0359 0444        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/26 12:49:04.0421 0444        MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/26 12:49:04.0515 0444        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/26 12:49:04.0562 0444        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/26 12:49:04.0687 0444        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/26 12:49:04.0718 0444        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/26 12:49:04.0765 0444        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/26 12:49:04.0812 0444        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/26 12:49:04.0843 0444        Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/26 12:49:04.0890 0444        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/26 12:49:04.0921 0444        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/26 12:49:04.0968 0444        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/26 12:49:05.0000 0444        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/26 12:49:05.0031 0444        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/26 12:49:05.0062 0444        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/26 12:49:05.0125 0444        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/26 12:49:05.0156 0444        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/26 12:49:05.0265 0444        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/26 12:49:05.0328 0444        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/26 12:49:05.0390 0444        nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/04/26 12:49:05.0421 0444        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/26 12:49:05.0484 0444        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/26 12:49:05.0562 0444        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/26 12:49:05.0750 0444        nv              (57e81d1fde97bb98f7373bce2f4ffb21) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/26 12:49:06.0109 0444        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/26 12:49:06.0156 0444        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/26 12:49:06.0203 0444        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/26 12:49:06.0281 0444        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2011/04/26 12:49:06.0296 0444        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/26 12:49:06.0343 0444        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/26 12:49:06.0437 0444        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/26 12:49:06.0531 0444        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/26 12:49:06.0593 0444        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/04/26 12:49:06.0796 0444        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/26 12:49:06.0828 0444        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/26 12:49:06.0875 0444        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/26 12:49:06.0921 0444        PTV337          (02ad3fc36606771a38d78358c3d1ed01) C:\WINDOWS\system32\DRIVERS\PTV337.SYS
2011/04/26 12:49:07.0062 0444        PxHelp20        (f91d5cbfc43e61d80c347b2ea1ecc9e7) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/26 12:49:07.0218 0444        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/26 12:49:07.0281 0444        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/26 12:49:07.0296 0444        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/26 12:49:07.0328 0444        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/26 12:49:07.0359 0444        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/26 12:49:07.0437 0444        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/26 12:49:07.0484 0444        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/26 12:49:07.0578 0444        RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/26 12:49:07.0625 0444        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/26 12:49:07.0718 0444        s24trans        (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/04/26 12:49:07.0859 0444        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/26 12:49:07.0984 0444        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2011/04/26 12:49:08.0046 0444        sfdrv01        (4354d1eea9b4b6e29d53151acde7980f) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/04/26 12:49:08.0109 0444        sfhlp02        (3ad2b15ccc03febfbaf5ff057822aa75) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/04/26 12:49:08.0140 0444        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/26 12:49:08.0171 0444        sfsync02        (d14d5c9c11998da690fa75460f4f1cf3) C:\WINDOWS\system32\drivers\sfsync02.sys
2011/04/26 12:49:08.0203 0444        SI3132          (716a724a447c559f122ea140d636fa48) C:\WINDOWS\system32\DRIVERS\SI3132.sys
2011/04/26 12:49:08.0234 0444        SiFilter        (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
2011/04/26 12:49:08.0265 0444        SiRemFil        (62fd549acf2943f89612a8777295fa57) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
2011/04/26 12:49:08.0296 0444        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/26 12:49:08.0359 0444        SNC            (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
2011/04/26 12:49:08.0421 0444        SonyImgF        (fb77021110eaa16ea6e0961c844ef0d2) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
2011/04/26 12:49:08.0468 0444        SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/04/26 12:49:08.0703 0444        SPBBCDrv        (66554c1e84176d12797d141c45da2004) C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/04/26 12:49:08.0781 0444        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/26 12:49:08.0828 0444        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/26 12:49:08.0937 0444        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/26 12:49:09.0062 0444        SSHDRV86        (b9e31f2a3640403b0ea3a867bb73b9f4) C:\WINDOWS\system32\drivers\SSHDRV86.sys
2011/04/26 12:49:09.0125 0444        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/04/26 12:49:09.0218 0444        STHDA          (c80ec509026f6cc88486742083386ff6) C:\WINDOWS\system32\drivers\sthda.sys
2011/04/26 12:49:09.0328 0444        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/26 12:49:09.0343 0444        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/26 12:49:09.0375 0444        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/26 12:49:09.0500 0444        SYMDNS          (61a932f6e04c1d125659ec5f9a158cc1) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2011/04/26 12:49:09.0640 0444        SymEvent        (9e4188476848b2ef86f9c44d5164e724) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/04/26 12:49:09.0656 0444        SYMFW          (033a6a91aa4162540c1e39a0d5c563c8) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2011/04/26 12:49:09.0687 0444        SYMIDS          (071f8c6c95d8b632e73dcdbf865d8e46) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2011/04/26 12:49:09.0812 0444        SYMIDSCO        (2133d1f879b280121b0e6a7d34b24a02) C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20110312.001\symidsco.sys
2011/04/26 12:49:09.0890 0444        symlcbrd        (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/04/26 12:49:09.0921 0444        SYMNDIS        (a6bbadd2472ffc5b6ce3198e13ee0e74) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2011/04/26 12:49:09.0984 0444        SYMREDRV        (df5514802a2e0a478e29be2e33360807) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/04/26 12:49:10.0203 0444        SYMTDI          (9da226bc68389fbd6ec0e01286e7639c) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/04/26 12:49:10.0296 0444        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/26 12:49:10.0359 0444        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/26 12:49:10.0421 0444        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/26 12:49:10.0453 0444        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/26 12:49:10.0484 0444        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/26 12:49:10.0546 0444        ti21sony        (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
2011/04/26 12:49:10.0609 0444        toshidpt        (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
2011/04/26 12:49:10.0750 0444        tosporte        (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/04/26 12:49:10.0796 0444        Tosrfbd        (294675c8e4316302efe14b1a1219d942) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2011/04/26 12:49:10.0828 0444        Tosrfbnp        (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/04/26 12:49:10.0859 0444        Tosrfcom        (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/04/26 12:49:10.0906 0444        Tosrfhid        (31b0145c289d2b3e3e9948345caa7b6f) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/04/26 12:49:10.0937 0444        tosrfnds        (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/04/26 12:49:10.0968 0444        TosRfSnd        (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys
2011/04/26 12:49:11.0031 0444        Tosrfusb        (7414a6461bc83a22b0ae009ace3e375b) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2011/04/26 12:49:11.0093 0444        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/26 12:49:11.0156 0444        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/26 12:49:11.0218 0444        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/26 12:49:11.0328 0444        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/26 12:49:11.0390 0444        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/26 12:49:11.0421 0444        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/26 12:49:11.0453 0444        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/26 12:49:11.0484 0444        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/26 12:49:11.0546 0444        usbvm321        (c7f4158ea3915f4194aee233ff8d4728) C:\WINDOWS\system32\Drivers\usbvm321.sys
2011/04/26 12:49:11.0625 0444        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/26 12:49:11.0687 0444        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/26 12:49:11.0812 0444        w39n51          (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/04/26 12:49:12.0093 0444        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/26 12:49:12.0140 0444        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/26 12:49:12.0234 0444        winachsf        (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/04/26 12:49:12.0453 0444        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/04/26 12:49:12.0515 0444        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/26 12:49:12.0562 0444        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/26 12:49:12.0609 0444        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/26 12:49:12.0875 0444        ================================================================================
2011/04/26 12:49:12.0875 0444        Scan finished
2011/04/26 12:49:12.0875 0444        ================================================================================
hier der log vom anschließenden malwarebytes-scan:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6447

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

26.04.2011 15:09:58
mbam-log-2011-04-26 (15-09-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 266052
Laufzeit: 1 Stunde(n), 1 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 26.04.2011 14:39
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

john_woo 26.04.2011 15:22
hier der combofix-log:

Code:
ComboFix 11-04-25.03 - Chico 26.04.2011  16:05:01.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1022.600 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Chico\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {8557EDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {85586B8C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {855BA054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {856C4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {859ADDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {85ADCB64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {853A4914-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8598A054-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {8598D49C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85992DDC-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {859A0054-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {859A4DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85A98DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85AA1DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85AB3B64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85AB8704-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85ABA6EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85ABE704-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85AC549C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {85ACC93C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84EB5234-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8506580C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8508D054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8508FB8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {850BEB8C-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85103054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851316EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85158464-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851A0704-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851A6054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851AD93C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851B070C-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851C4B8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D0DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D16EC-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D2DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D493C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D56BC-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851D5B44-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851DC054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851DEA0C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851E6B64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851E86C4-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851E8B9C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851EBB64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851FB93C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {851FEB94-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85215B8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8522E054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8522F054-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8523093C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85230B64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {852336C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85235054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85237DDC-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8523B6EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8523E6EC-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85240DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85245DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85261DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8530193C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85302474-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85307B8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8530CDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8530D6EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8531198C-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8531493C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853176FC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8531E944-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8532C6EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85339474-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8533A054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8533D054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8533F054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8533F49C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85345B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85352054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8535393C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8535A6C4-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85363054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85365054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8536C974-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8536CDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85373054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85374054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8537493C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85374B94-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8537BB64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8538393C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8538794C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85387B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8538B91C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8538FB8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8538FDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85390054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85394B8C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85394B94-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853957A4-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853A5DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853B0B8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853B5914-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853B7054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853C1DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853C5054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853CC924-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853D2B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {853F36F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8540A6EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8540E6EC-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85412674-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85416714-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854229C4-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85423B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85424DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8542B93C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8542D93C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85430DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85433DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8543593C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85436DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85437DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8543ABBC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8543D6EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8543E6EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85440B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85441624-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85442474-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85442DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85448474-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854486EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85449DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8544EB8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85452DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85454B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85459B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8546193C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85463B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85465054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85466054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8546A49C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8546E93C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8546F61C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85470054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854706EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854736EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854746EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8547493C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85475B64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85479DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8547A47C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8547DDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85480DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85481914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85482054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85482B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85484054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85485B94-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85486054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85489054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8548949C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85489B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8548BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8548D054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8548EB8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8548FD14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85490054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8549049C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85492054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85497BB4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85498054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85498DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8549993C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8549ADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8549F49C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854A5054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854A549C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854AC4DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854ACDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854AFDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854B2DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854B4DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854B66C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854B9B8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854BB6BC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854BE49C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854C0054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854C0DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854C16EC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854C18EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854C4B8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854C6054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854C86EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854CF9BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854D06EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854D0954-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854D56EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854D6C0C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854D849C-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854D8B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854E26FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854E3B8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854E4914-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854E7054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854E7A1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854E9054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854ECB8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854ECDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854ED054-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854EE94C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854EFB8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854EFDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F0704-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F27A4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F3DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F4B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F591C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F5DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F6B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {854F795C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85506B94-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85509914-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8550ADDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8550C974-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8550EB64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85515DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8551693C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85517B64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85519A24-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8551AB8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8553093C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85534DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8553C5F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8553D6FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85547B5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85547B8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8554A93C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8554B6DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8554EB64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8554F694-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85551DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8555293C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85553B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85558B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85559DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85561054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85561DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85567DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85568B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85569054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855706EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85575054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8557764C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8557BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8557F6C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8557F7D4-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855806EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558093C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558093C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855829EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85583B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85583DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85584DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855858EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85585DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855876EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558990C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85589B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558ADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558C5AC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558C6EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558C97C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558D93C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558DB8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558E92C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558EDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8558FDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85590B8C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855936F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85596054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855964BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8559693C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8559793C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85599914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85599DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8559BB8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8559CDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8559D054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8559FB8C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855A0DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855A293C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855A449C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855A96CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855AA93C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855ACDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855ACDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855AD054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855AD914-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855AF054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B06EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B0B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B2054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B398C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B3B94-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B5054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B5B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B66EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B6B8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B76EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855B9B8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855BAB64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855BADDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855BEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855BF944-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855C0AA4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855C1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855C249C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855C270C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855C649C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855C66C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CA6DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CA6EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CA93C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CB49C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CD6EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CF93C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855CFB5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855D1B94-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855D65E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855D6914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855D7DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855DC6BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855DC914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855DDBAC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855DDDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855DEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E793C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855E8DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855EADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855EF054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F0DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F1B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F38EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F3DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F66C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855F993C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855FB95C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855FC054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {855FEA6C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85602DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856069C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85609DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8560BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85614884-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85615DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8561668C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85621DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85625B8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8562A704-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856366EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8563A054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8563E6EC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85646054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85647054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85649B8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8565669C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85662DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856696C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85669914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8566B054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85671BBC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85695BAC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8569E054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856A8DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {856C649C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8570693C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8575F6EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8580449C-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8581A054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85830DDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {858566EC-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8593F054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8595A054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8595C944-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8596F054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8597893C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8597AB8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8597F054-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85981B64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85993B64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {859A06EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85A2B054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85A336EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85A39B8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85A76054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85ABB914-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85AD3B94-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85B3DDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85B58054-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85B596EC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85B65B8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85B7BB8C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85B8EDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85B94054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85BABDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85CB4B8C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85CBD054-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8601BB64-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8650C95C-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8651B054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8654AB9C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86556DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8659F054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865A1894-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865B195C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865B693C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865C293C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865C7914-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-0100-0D24-347CA8A3377C}
FW: Norton Internet Security 2006 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\Chico\Anwendungsdaten\PriceGong\Data\z.xml
c:\dokumente und einstellungen\Chico\WINDOWS
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-26 bis 2011-04-26  ))))))))))))))))))))))))))))))
.
.
2011-04-26 13:52 . 2011-04-26 13:53        --------        d-----w-        c:\programme\CCleaner
2011-04-26 10:46 . 2011-04-26 10:46        --------        d-----w-        c:\dokumente und einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\Help
2011-04-25 21:55 . 2011-04-25 21:55        --------        d-----w-        c:\windows\Internet Logs
2011-04-25 21:41 . 2011-04-25 21:41        --------        d-----w-        C:\_OTL
2011-04-24 16:53 . 2011-04-24 16:53        --------        d-----w-        c:\dokumente und einstellungen\Chico\Anwendungsdaten\Malwarebytes
2011-04-24 16:53 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-24 16:53 . 2011-04-24 16:53        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-04-24 16:53 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-24 16:53 . 2011-04-24 16:53        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2011-04-24 14:06 . 2011-04-24 14:06        --------        d-----w-        c:\dokumente und einstellungen\Chico\Anwendungsdaten\CheckPoint
2011-04-24 14:05 . 2011-04-24 14:05        --------        d-----w-        c:\programme\CheckPoint
2011-04-24 14:05 . 2010-06-28 11:00        46592        ----a-w-        c:\windows\system32\vsutil_loc0407.dll
2011-04-12 15:53 . 2011-04-12 15:53        --------        d-----w-        c:\windows\system32\XPSViewer
2011-04-12 15:52 . 2011-04-12 15:52        --------        d-----w-        c:\programme\MSBuild
2011-04-12 15:52 . 2011-04-12 15:52        --------        d-----w-        c:\programme\Reference Assemblies
2011-04-12 15:52 . 2008-07-06 12:06        89088        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-04-12 15:51 . 2008-07-06 12:06        89088        -c----w-        c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-04-12 15:51 . 2008-07-06 12:06        575488        -c----w-        c:\windows\system32\dllcache\xpsshhdr.dll
2011-04-12 15:51 . 2008-07-06 12:06        575488        ------w-        c:\windows\system32\xpsshhdr.dll
2011-04-12 15:51 . 2008-07-06 12:06        117760        ------w-        c:\windows\system32\prntvpt.dll
2011-04-12 15:51 . 2008-07-06 10:50        597504        -c----w-        c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-04-12 15:51 . 2008-07-06 10:50        597504        ------w-        c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-04-12 15:51 . 2008-07-06 12:06        1676288        -c----w-        c:\windows\system32\dllcache\xpssvcs.dll
2011-04-12 15:51 . 2008-07-06 12:06        1676288        ------w-        c:\windows\system32\xpssvcs.dll
2011-04-11 13:03 . 2011-04-11 13:03        --------        d-----w-        c:\dokumente und einstellungen\Chico\Anwendungsdaten\Greenshot
2011-04-11 13:03 . 2011-04-11 13:03        --------        d-----w-        c:\programme\Greenshot
2011-04-11 12:54 . 2011-04-11 12:54        --------        d-----w-        c:\dokumente und einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
2011-04-11 12:54 . 2011-04-11 12:54        --------        d-----w-        c:\programme\Conduit
2011-04-11 12:54 . 2011-04-25 22:19        --------        d-----w-        c:\dokumente und einstellungen\Chico\Lokale Einstellungen\Anwendungsdaten\Winload
2011-04-11 12:54 . 2011-04-11 12:57        --------        d-----w-        c:\programme\Winload
2011-04-01 18:21 . 2011-04-13 17:36        --------        d-----w-        c:\programme\EA SPORTS
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 14:50 . 2009-11-05 19:19        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-07 05:33 . 2006-03-16 14:03        692736        ----a-w-        c:\windows\system32\inetcomm.dll
2011-03-04 06:44 . 2006-03-16 05:47        434176        ----a-w-        c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-16 05:47        1858048        ----a-w-        c:\windows\system32\win32k.sys
2011-02-17 18:56 . 2006-03-16 05:47        832512        ----a-w-        c:\windows\system32\wininet.dll
2011-02-17 18:56 . 2006-03-16 05:47        1830912        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-02-17 18:56 . 2006-03-16 05:47        78336        ----a-w-        c:\windows\system32\ieencode.dll
2011-02-17 18:56 . 2006-03-16 05:46        17408        ----a-w-        c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2006-03-16 05:47        455936        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-03-16 05:47        357888        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25        5632        ----a-w-        c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2006-03-16 05:47        389120        ----a-w-        c:\windows\system32\html.iec
2011-02-15 12:56 . 2006-03-16 05:46        290432        ----a-w-        c:\windows\system32\atmfd.dll
2011-02-08 13:33 . 2006-03-16 05:47        978944        ----a-w-        c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-03-16 05:47        974848        ----a-w-        c:\windows\system32\mfc42u.dll
2011-02-04 16:48 . 2006-03-16 05:47        456192        ----a-w-        c:\windows\system32\encdec.dll
2011-02-04 16:48 . 2006-03-16 05:47        291840        ----a-w-        c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2006-03-16 14:00        2067456        ----a-w-        c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2006-03-16 14:00        677888        ----a-w-        c:\windows\system32\mstsc.exe
2008-08-29 18:17 . 2008-08-29 18:17        25842760        ----a-w-        c:\programme\wmp11-windowsxp-x86-DE-DE.exe
2008-08-28 18:31 . 2008-08-28 18:31        9960408        ----a-w-        c:\programme\Videoload_Manager_Setup_1.0.1514.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\programme\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54        175912        ----a-w-        c:\programme\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45        2355224        ----a-w-        c:\programme\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54        175912        ----a-w-        c:\programme\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22        1172792        ----a-w-        c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\programme\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\programme\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\programme\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-04 68856]
"Greenshot"="c:\programme\Greenshot\Greenshot.exe" [2010-07-12 548864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-06 7557120]
"Apoint"="c:\programme\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"VAIOCameraUtility"="c:\programme\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"SonyPowerCfg"="c:\programme\Sony\VAIO Power Management\SPMgr.exe" [2005-12-13 217088]
"ISBMgr.exe"="c:\programme\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\programme\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"ccApp"="c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-02-22 52840]
"URLLSTCK.exe"="c:\programme\Norton Internet Security\UrlLstCk.exe" [2007-02-01 23168]
"Acrobat Assistant 7.0"="c:\programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-03 169472]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SweetIM"="c:\programme\SweetIM\Messenger\SweetIM.exe" [2008-10-08 111928]
"VAIO Update 4"="c:\programme\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-11-11 417792]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42        73728        ----a-w-        c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\update.exe"=
"c:\\Programme\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Programme\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programme\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Programme\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\Programme\\Malwarebytes' Anti-Malware\\mbam.dll"=
"c:\\Programme\\Malwarebytes' Anti-Malware\\mbamservice.exe"=
"c:\\Programme\\Malwarebytes' Anti-Malware\\mbamext.dll"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Malwarebytes\\Malwarebytes' Anti-Malware\\rules.ref"=
"c:\\WINDOWS\\system32\\drivers\\mbam.sys"=
"c:\\WINDOWS\\system32\\drivers\\mbamswissarmy.sys"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [04.01.2008 22:09 81408]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [05.11.2009 21:19 135336]
R2 ContentMgrService;Content Management Service;c:\programme\Videoload Manager\ContentManager.exe [12.03.2008 18:26 508928]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [16.08.2008 19:27 61440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [01.12.2006 15:29 102712]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [16.03.2006 07:48 226304]
S3 DMSKSSRh;DMSKSSRh;\??\c:\dokume~1\Chico\LOKALE~1\Temp\DMSKSSRh.sys --> c:\dokume~1\Chico\LOKALE~1\Temp\DMSKSSRh.sys [?]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [16.08.2008 19:27 17280]
S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 22:37 4640000]
S3 PTV337;Mini DigitalTV USB;c:\windows\system32\drivers\PTV337.SYS [30.10.2006 13:26 184064]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [16.03.2006 07:48 29184]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv        REG_MULTI_SZ          Tapisrv
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: &Google-Suche - c:\programme\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Ins Deutsche übersetzen - c:\programme\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Im Cache gespeicherte Seite - c:\programme\Google\GoogleToolbar1.dll/cmcache.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Verweisseiten - c:\programme\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Ähnliche Seiten - c:\programme\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Übertragen mit Image Converter 2 Plus - c:\programme\Sony\Image Converter 2\menu.htm
Trusted Zone: bk-giulini.com\owa
Trusted Zone: bk-giulini.com\www.owa
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
FF - ProfilePath - c:\dokumente und einstellungen\Chico\Anwendungsdaten\Mozilla\Firefox\Profiles\pm4zzg9q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Mein Gutscheincode Finder: finder@meingutscheincode.de - %profile%\extensions\finder@meingutscheincode.de
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ISUSPM Startup - c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe
Notify-WgaLogon - (no file)
AddRemove-conduitEngine - c:\programme\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-Zuma Deluxe_is1 - c:\programme\Zuma Deluxe\ReflexiveArcade\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-26 16:10
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1618721415-3483923378-2945908914-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1618721415-3483923378-2945908914-1008\Software\SecuROM\License information*]
"datasecu"=hex:31,48,b7,53,6d,10,39,af,af,21,e1,9a,a4,b5,13,3e,a7,a4,61,14,b3,
  b1,1f,33,da,cc,ef,69,8e,07,eb,b5,25,64,05,f1,80,8c,d3,67,ae,e4,90,c1,ec,2b,\
"rkeysecu"=hex:85,7d,1f,0a,83,58,4b,8a,36,e7,ec,05,ed,87,f2,79
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\VESWinlogon.dll
.
Zeit der Fertigstellung: 2011-04-26  16:13:29
ComboFix-quarantined-files.txt  2011-04-26 14:13
.
Vor Suchlauf: 7.391.621.120 Bytes frei
Nach Suchlauf: 7.430.877.184 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E6A1CE1F8284F519F51EB748514E428D

cosinus 26.04.2011 17:30
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

john_woo 26.04.2011 19:30
hier der GMER-log:
Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-26 20:06:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e HTS541010G9SA00 rev.MBZOC65D
Running: m58jm2f3.exe; Driver: C:\DOKUME~1\Chico\LOKALE~1\Temp\ufddqaow.sys


---- System - GMER 1.0.15 ----

SSDT            86DC6748                                        ZwAlertResumeThread
SSDT            87080690                                        ZwAlertThread
SSDT            86E64218                                        ZwAllocateVirtualMemory
SSDT            86EA81E0                                        ZwConnectPort
SSDT            F7BA41CE                                        ZwCreateKey
SSDT            86DF87C8                                        ZwCreateMutant
SSDT            F7BA41C4                                        ZwCreateThread
SSDT            F7BA41D3                                        ZwDeleteKey
SSDT            F7BA41DD                                        ZwDeleteValueKey
SSDT            86DD3868                                        ZwFreeVirtualMemory
SSDT            86E3C228                                        ZwImpersonateAnonymousToken
SSDT            86C24180                                        ZwImpersonateThread
SSDT            F7BA41E2                                        ZwLoadKey
SSDT            86E041A8                                        ZwMapViewOfSection
SSDT            87084DF0                                        ZwOpenEvent
SSDT            F7BA41B0                                        ZwOpenProcess
SSDT            86E78520                                        ZwOpenProcessToken
SSDT            F7BA41B5                                        ZwOpenThread
SSDT            86E11CB8                                        ZwOpenThreadToken
SSDT            F7BA41EC                                        ZwReplaceKey
SSDT            F7BA41E7                                        ZwRestoreKey
SSDT            86FAA1D0                                        ZwResumeThread
SSDT            86E72208                                        ZwSetContextThread
SSDT            863F5840                                        ZwSetInformationProcess
SSDT            86E1AE78                                        ZwSetInformationThread
SSDT            F7BA41D8                                        ZwSetValueKey
SSDT            87087208                                        ZwSuspendProcess
SSDT            8707E280                                        ZwSuspendThread
SSDT            86EF30C8                                        ZwTerminateProcess
SSDT            8707F4A0                                        ZwTerminateThread
SSDT            86DDF430                                        ZwUnmapViewOfSection
SSDT            86FE9B70                                        ZwWriteVirtualMemory

Code            \??\C:\DOKUME~1\Chico\LOKALE~1\Temp\catchme.sys  pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys        section is writeable [0xF61A0360, 0x21E0FD, 0xE8000020]
.text          C:\WINDOWS\system32\drivers\SSHDRV86.sys        section is writeable [0xF3AEE000, 0x26354, 0xE8000020]
.pklstb        C:\WINDOWS\system32\drivers\SSHDRV86.sys        entry point in ".pklstb" section [0xF3B23000]
.relo2          C:\WINDOWS\system32\drivers\SSHDRV86.sys        unknown last section [0xF3B3A000, 0x8E, 0x42000040]
.text          C:\WINDOWS\system32\DRIVERS\atksgt.sys          section is writeable [0xB95D3300, 0x3B6D8, 0xE8000020]
.text          C:\WINDOWS\system32\DRIVERS\ithsgt.sys          section is writeable [0xB9542300, 0x21770, 0xE8000020]
.text          C:\WINDOWS\system32\DRIVERS\lirsgt.sys          section is writeable [0xF3498300, 0x1BEE, 0xE8000020]
?              C:\WINDOWS\system32\Drivers\PROCEXP113.SYS      Das System kann die angegebene Datei nicht finden. !
?              C:\DOKUME~1\Chico\LOKALE~1\Temp\catchme.sys      Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                          SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                        SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                        SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\ti21sony \Device\000000a2                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort0              sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3      sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1              sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort2              sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e      sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice  \Driver\Tcpip \Device\Udp                        SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                      SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\ti21sony \Device\TIFMxx21DE-0            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice  \FileSystem\Fastfat \Fat                        SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                        fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
OSAM-log:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:20:05 on 26.04.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"PhysX.cpl" - ? - C:\WINDOWS\system32\PhysX.cpl
"stac97.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\stac97.cpl
"VCCenter.cpl" - "Sony Corporation" - C:\WINDOWS\system32\VCCenter.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~2\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.4.9.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth Audio Device (WDM) from TOSHIBA" (TosRfSnd) - "TOSHIBA Corporation" - C:\WINDOWS\System32\drivers\TosRfSnd.sys
"Bluetooth Personal Area Network from TOSHIBA" (tosrfnds) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\tosrfnds.sys
"Bluetooth Port Driver from Toshiba" (tosporte) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tosporte.sys
"Bluetooth RFBNEP from TOSHIBA" (Tosrfbnp) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfbnp.sys
"Bluetooth RFBUS from TOSHIBA" (Tosrfbd) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfbd.sys
"Bluetooth RFCOMM from TOSHIBA" (Tosrfcom) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfcom.sys
"Bluetooth RFHID from TOSHIBA" (Tosrfhid) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys
"Bluetooth USB Controller" (Tosrfusb) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfusb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Chico\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DMSKSSRh" (DMSKSSRh) - ? - C:\DOKUME~1\Chico\LOKALE~1\Temp\DMSKSSRh.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"ithsgt" (ithsgt) - ? - C:\WINDOWS\System32\DRIVERS\ithsgt.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lilsgt" (lilsgt) - ? - C:\WINDOWS\System32\DRIVERS\lilsgt.sys  (File found, but it contains no detailed information)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"mbr" (mbr) - ? - C:\cofi\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys
"Mini DigitalTV USB" (PTV337) - ? - C:\WINDOWS\System32\DRIVERS\PTV337.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Sony Image Conversion Filter Driver" (SonyImgF) - "Sony Corporation" - C:\WINDOWS\System32\DRIVERS\SonyImgF.sys
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
"SSHDRV86" (SSHDRV86) - ? - C:\WINDOWS\system32\drivers\SSHDRV86.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"SYMDNS" (SYMDNS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMDNS.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
"SYMFW" (SYMFW) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMFW.SYS
"SYMIDS" (SYMIDS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMIDS.SYS
"SYMIDSCO" (SYMIDSCO) - "Symantec Corporation" - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20110312.001\symidsco.sys
"symlcbrd" (symlcbrd) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\symlcbrd.sys
"SYMNDIS" (SYMNDIS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
"SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
"SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMTDI.SYS
"TOSHIBA Bluetooth HID port driver" (toshidpt) - "TOSHIBA Corporation." - C:\WINDOWS\System32\drivers\Toshidpt.sys
"ufddqaow" (ufddqaow) - ? - C:\DOKUME~1\Chico\LOKALE~1\Temp\ufddqaow.sys  (Hidden registry entry, rootkit activity | File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\VISSHE.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\Lib\XEB\XEBShell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{C6643EC0-49AC-4c15-A455-04104DB900A9} "Image Converter context menu" - " " - C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\VISSHE.DLL
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONFILTER.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMPanel.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Norton Internet Security 2006" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
<binary data> "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / hxxp://as01.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Programme\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} "Norton Internet Security 2006" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - ? - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll  (File not found)
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} "CNisExtBho Class" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{19C8E43B-07B3-49CB-BFFC-6777B593E6F8} "Download Manager Browser Helper Object" - "Protect Software GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Chico\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Greenshot" - ? - C:\Programme\Greenshot\Greenshot.exe
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 7.0" - "Adobe Systems Inc." - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"ccApp" - "Symantec Corporation" - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
"Google Desktop Search" - ? - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup  (File found, but it contains no detailed information)
"ISBMgr.exe" - "Sony Corporation" - C:\Programme\Sony\ISB Utility\ISBMgr.exe
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SonyPowerCfg" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMgr.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe
"Switcher.exe" - "Sony Corporation" - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
"URLLSTCK.exe" - "Symantec Corporation" - C:\Programme\Norton Internet Security\UrlLstCk.exe
"VAIO Update 4" - "Sony Corporation" - "C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe"  /Stationary
"VAIOCameraUtility" - "Sony Corporation" - "C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Active File Monitor V4" (AdobeActiveFileMonitor4.0) - ? - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"COM Host" (comHost) - "Symantec Corporation" - C:\Programme\Norton Internet Security\comHost.exe
"Content Management Service" (ContentMgrService) - "ACE GmbH" - C:\Programme\Videoload Manager\ContentManager.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Image Converter video recording monitor for VAIO Entertainment" (Image Converter video recording monitor for VAIO Entertainment) - "Sony Corporation" - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll
"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
"MSSQL$VAIO_VEDB" (MSSQL$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
"MSSQLServerADHelper" (MSSQLServerADHelper) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
"Norton Protection Center Service" (NSCService) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
"SonicStage SCSI Service" (SSScsiSV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
"SPBBCSvc" (SPBBCSvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
"SQLAgent$VAIO_VEDB" (SQLAgent$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE
"Symantec Core LC" (Symantec Core LC) - ? - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
"Symantec Internet Security Password Validation" (ccISPwdSvc) - "Symantec Corporation" - C:\Programme\Norton Internet Security\ccPwdSvc.exe
"Symantec Network Drivers Service" (SNDSrvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
"Symantec Network Proxy" (ccProxy) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
"VAIO Cooporated Initialisation" (VCI) - "Sony Corporation" - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
"VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
"VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
"VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
"VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
"VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
"VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
"VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
"VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"VESWinlogon" - "Sony Corporation" - C:\WINDOWS\system32\VESWinlogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
MBRCheck-log:
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows XP Professional
Windows Information:                Service Pack 3 (build 2600)
Logical Drives Mask:                0x0000003c

Kernel Drivers (total 154):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E6000 \WINDOWS\system32\hal.dll
  0xF7A92000 \WINDOWS\system32\KDCOM.DLL
  0xF79A2000 \WINDOWS\system32\BOOTVID.dll
  0xF7462000 ACPI.sys
  0xF7A94000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF7451000 pci.sys
  0xF7592000 isapnp.sys
  0xF75A2000 ohci1394.sys
  0xF75B2000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF79A6000 compbatt.sys
  0xF79AA000 \WINDOWS\system32\DRIVERS\BATTC.SYS
  0xF7B5A000 pciide.sys
  0xF7812000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF7433000 pcmcia.sys
  0xF75C2000 MountMgr.sys
  0xF7414000 ftdisk.sys
  0xF79AE000 ACPIEC.sys
  0xF7B5B000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
  0xF781A000 PartMgr.sys
  0xF7822000 sfsync02.sys
  0xF75D2000 VolSnap.sys
  0xF73FC000 atapi.sys
  0xF73EB000 SI3132.sys
  0xF73D3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
  0xF75E2000 disk.sys
  0xF75F2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF73B3000 fltmgr.sys
  0xF73A1000 sr.sys
  0xF782A000 PxHelp20.sys
  0xF79B2000 SiWinAcc.sys
  0xF738A000 KSecDD.sys
  0xF7377000 WudfPf.sys
  0xF72EA000 Ntfs.sys
  0xF72BD000 NDIS.sys
  0xF7A96000 SiRemFil.sys
  0xF7832000 sfhlp02.sys
  0xF7602000 sfdrv01.sys
  0xF72A3000 Mup.sys
  0xF7632000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xF7A72000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0xF61A0000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xF618C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF6164000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF6007000 \SystemRoot\system32\DRIVERS\w39n51.sys
  0xF7932000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xF5FE3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF793A000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF5FA6000 \SystemRoot\system32\drivers\ti21sony.sys
  0xF5F7E000 \SystemRoot\system32\DRIVERS\e100b325.sys
  0xF7942000 \SystemRoot\System32\Drivers\SonyNC.sys
  0xF7642000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF794A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF5F64000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0xF7952000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF7652000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF795A000 \SystemRoot\system32\drivers\Afc.sys
  0xF7662000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF7672000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF5F41000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF7682000 \SystemRoot\System32\Drivers\tosrfcom.sys
  0xF7CA8000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF7692000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF7A8E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF5F2A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF76A2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF76B2000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF7962000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF5F19000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF76C2000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF796A000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF7972000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF5EE9000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xF76D2000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF7ABA000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF5E63000 \SystemRoot\system32\DRIVERS\update.sys
  0xF7267000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF76E2000 \SystemRoot\system32\DRIVERS\tosporte.sys
  0xF76F2000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF3D36000 \SystemRoot\system32\drivers\sthda.sys
  0xF3D12000 \SystemRoot\system32\drivers\portcls.sys
  0xF7702000 \SystemRoot\system32\drivers\drmk.sys
  0xF3CE0000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
  0xF3BEC000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
  0xF3B3B000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
  0xF7982000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF7712000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF7AC0000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF3AED000 \??\C:\WINDOWS\system32\drivers\SSHDRV86.sys
  0xF7A3E000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF7732000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF786A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF7AD4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7C78000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7AD6000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF7872000 \SystemRoot\System32\drivers\vga.sys
  0xF7AD8000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7ADA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF787A000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7882000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF7A4E000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xF3ABA000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xF3A61000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xF3A3B000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF3A02000 \SystemRoot\System32\Drivers\SYMTDI.SYS
  0xF39B5000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
  0xF7742000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF398D000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xF396B000 \SystemRoot\System32\drivers\afd.sys
  0xF7752000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF788A000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xF3909000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
  0xF7A62000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xF38DE000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF386E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF7762000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF376C000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
  0xF374F000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
  0xF7BA3000 \SystemRoot\system32\DRIVERS\DMICall.sys
  0xF3729000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xF7AE0000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xF77D2000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xF36E9000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF7AF4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF651E000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF78CA000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7C03000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBF3DA000 \SystemRoot\System32\ATMFD.DLL
  0xBA4D3000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xF3570000 \SystemRoot\system32\DRIVERS\AegisP.sys
  0xBA4A7000 \SystemRoot\system32\DRIVERS\s24trans.sys
  0xBA483000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB9706000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xB95D3000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xB956A000 \SystemRoot\System32\Drivers\HTTP.sys
  0xB9542000 \SystemRoot\system32\DRIVERS\ithsgt.sys
  0xB962E000 \SystemRoot\system32\DRIVERS\lilsgt.sys
  0xF3498000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xB9626000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xB93FA000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB9686000 \SystemRoot\system32\DRIVERS\secdrv.sys
  0xF3488000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
  0xB90C5000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB934A000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB86FA000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
  0xF7B1A000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
  0xF78C2000 \??\C:\DOKUME~1\Chico\LOKALE~1\Temp\catchme.sys
  0xB5183000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xB473B000 \??\C:\DOKUME~1\Chico\LOKALE~1\Temp\ufddqaow.sys
  0xB3EE3000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 58):
      0 System Idle Process
      4 System
    832 C:\WINDOWS\system32\smss.exe
    896 csrss.exe
    920 C:\WINDOWS\system32\winlogon.exe
    964 C:\WINDOWS\system32\services.exe
    976 C:\WINDOWS\system32\lsass.exe
    1160 C:\WINDOWS\system32\svchost.exe
    1228 svchost.exe
    1268 C:\WINDOWS\system32\svchost.exe
    1308 C:\WINDOWS\system32\svchost.exe
    1360 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    1392 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    1528 svchost.exe
    1584 svchost.exe
    1856 C:\Programme\Gemeinsame Dateien\Symantec Shared\CCSETMGR.EXE
    1940 C:\Programme\Gemeinsame Dateien\Symantec Shared\CCEVTMGR.EXE
    196 C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPROXY.EXE
    244 C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
    296 C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
    660 C:\WINDOWS\system32\spoolsv.exe
    712 C:\Programme\Avira\AntiVir Desktop\sched.exe
    740 svchost.exe
    880 C:\Programme\Avira\AntiVir Desktop\avguard.exe
    1100 C:\Programme\Videoload Manager\ContentManager.exe
    1188 C:\WINDOWS\ehome\ehSched.exe
    1436 C:\Programme\Java\jre6\bin\jqs.exe
    1544 C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    1704 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    1752 C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
    1768 C:\WINDOWS\system32\nvsvc32.exe
    1788 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    1884 svchost.exe
    1912 C:\WINDOWS\system32\svchost.exe
    2032 C:\Programme\Sony\VAIO Event Service\VESMgr.exe
    2128 C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    2220 mcrdsvc.exe
    2496 C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    2564 C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    2968 alg.exe
    3608 C:\Programme\Apoint\Apoint.exe
    3632 C:\WINDOWS\ehome\ehtray.exe
    3640 C:\WINDOWS\system32\svchost.exe
    3648 C:\WINDOWS\system32\ico.exe
    3812 C:\Programme\Sony\VAIO Power Management\SPMgr.exe
    3856 C:\Programme\Sony\ISB Utility\ISBMgr.exe
    3908 C:\Programme\Gemeinsame Dateien\Symantec Shared\CCAPP.EXE
    3944 C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
    136 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    200 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    580 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
    1184 C:\WINDOWS\system32\ctfmon.exe
    1816 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1848 C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
    2908 C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
    3696 C:\WINDOWS\explorer.exe
    2640 C:\Programme\Mozilla Firefox\firefox.exe
    432 C:\Dokumente und Einstellungen\Chico\Desktop\Virus-Bekämpfung\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`bf1f2000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`63719c00  (NTFS)

PhysicalDrive0 Model Number: HTS541010G9SA00, Rev: MBZOC65D

      Size  Device Name          MBR Status
  --------------------------------------------
    93 GB  \\.\PhysicalDrive0  Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

cosinus 26.04.2011 19:37
Zitat:
"DMSKSSRh" (DMSKSSRh) - ? - C:\DOKUME~1\Chico\LOKALE~1\Temp\DMSKSSRh.sys (File not found)
Bitte mit OSAM deaktivieren und löschen

john_woo 26.04.2011 20:09
hier der log nach dem 1. reboot:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:55:26 on 26.04.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - ? - C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"PhysX.cpl" - ? - C:\WINDOWS\system32\PhysX.cpl
"stac97.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\stac97.cpl
"VCCenter.cpl" - "Sony Corporation" - C:\WINDOWS\system32\VCCenter.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~2\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.4.9.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth Audio Device (WDM) from TOSHIBA" (TosRfSnd) - "TOSHIBA Corporation" - C:\WINDOWS\System32\drivers\TosRfSnd.sys
"Bluetooth Personal Area Network from TOSHIBA" (tosrfnds) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\tosrfnds.sys
"Bluetooth Port Driver from Toshiba" (tosporte) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tosporte.sys
"Bluetooth RFBNEP from TOSHIBA" (Tosrfbnp) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfbnp.sys
"Bluetooth RFBUS from TOSHIBA" (Tosrfbd) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfbd.sys
"Bluetooth RFCOMM from TOSHIBA" (Tosrfcom) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfcom.sys
"Bluetooth RFHID from TOSHIBA" (Tosrfhid) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys
"Bluetooth USB Controller" (Tosrfusb) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfusb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Chico\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"ithsgt" (ithsgt) - ? - C:\WINDOWS\System32\DRIVERS\ithsgt.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lilsgt" (lilsgt) - ? - C:\WINDOWS\System32\DRIVERS\lilsgt.sys  (File found, but it contains no detailed information)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys
"Mini DigitalTV USB" (PTV337) - ? - C:\WINDOWS\System32\DRIVERS\PTV337.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Sony Image Conversion Filter Driver" (SonyImgF) - "Sony Corporation" - C:\WINDOWS\System32\DRIVERS\SonyImgF.sys
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
"SSHDRV86" (SSHDRV86) - ? - C:\WINDOWS\system32\drivers\SSHDRV86.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"SYMDNS" (SYMDNS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMDNS.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
"SYMFW" (SYMFW) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMFW.SYS
"SYMIDS" (SYMIDS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMIDS.SYS
"SYMIDSCO" (SYMIDSCO) - "Symantec Corporation" - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20110312.001\symidsco.sys
"symlcbrd" (symlcbrd) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\symlcbrd.sys
"SYMNDIS" (SYMNDIS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
"SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
"SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMTDI.SYS
"TOSHIBA Bluetooth HID port driver" (toshidpt) - "TOSHIBA Corporation." - C:\WINDOWS\System32\drivers\Toshidpt.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys
(Disabled) "DMSKSSRh" (DMSKSSRh) - ? - C:\DOKUME~1\Chico\LOKALE~1\Temp\DMSKSSRh.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\VISSHE.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\Lib\XEB\XEBShell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{C6643EC0-49AC-4c15-A455-04104DB900A9} "Image Converter context menu" - " " - C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\VISSHE.DLL
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONFILTER.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMPanel.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Norton Internet Security 2006" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
<binary data> "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / hxxp://as01.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Programme\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} "Norton Internet Security 2006" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - ? - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll  (File not found)
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} "CNisExtBho Class" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{19C8E43B-07B3-49CB-BFFC-6777B593E6F8} "Download Manager Browser Helper Object" - "Protect Software GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Chico\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Greenshot" - ? - C:\Programme\Greenshot\Greenshot.exe
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 7.0" - "Adobe Systems Inc." - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"ccApp" - "Symantec Corporation" - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
"Google Desktop Search" - ? - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup  (File found, but it contains no detailed information)
"ISBMgr.exe" - "Sony Corporation" - C:\Programme\Sony\ISB Utility\ISBMgr.exe
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SonyPowerCfg" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMgr.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe
"Switcher.exe" - "Sony Corporation" - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
"URLLSTCK.exe" - "Symantec Corporation" - C:\Programme\Norton Internet Security\UrlLstCk.exe
"VAIO Update 4" - "Sony Corporation" - "C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe"  /Stationary
"VAIOCameraUtility" - "Sony Corporation" - "C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Active File Monitor V4" (AdobeActiveFileMonitor4.0) - ? - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"COM Host" (comHost) - "Symantec Corporation" - C:\Programme\Norton Internet Security\comHost.exe
"Content Management Service" (ContentMgrService) - "ACE GmbH" - C:\Programme\Videoload Manager\ContentManager.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Image Converter video recording monitor for VAIO Entertainment" (Image Converter video recording monitor for VAIO Entertainment) - "Sony Corporation" - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll
"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
"MSSQL$VAIO_VEDB" (MSSQL$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
"MSSQLServerADHelper" (MSSQLServerADHelper) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
"Norton Protection Center Service" (NSCService) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
"SonicStage SCSI Service" (SSScsiSV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
"SPBBCSvc" (SPBBCSvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
"SQLAgent$VAIO_VEDB" (SQLAgent$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE
"Symantec Core LC" (Symantec Core LC) - ? - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
"Symantec Internet Security Password Validation" (ccISPwdSvc) - "Symantec Corporation" - C:\Programme\Norton Internet Security\ccPwdSvc.exe
"Symantec Network Drivers Service" (SNDSrvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
"Symantec Network Proxy" (ccProxy) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
"VAIO Cooporated Initialisation" (VCI) - "Sony Corporation" - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
"VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
"VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
"VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
"VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
"VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
"VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
"VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
"VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"VESWinlogon" - "Sony Corporation" - C:\WINDOWS\system32\VESWinlogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
hier nach dem 2. reboot:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:07:31 on 26.04.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - ? - C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"PhysX.cpl" - ? - C:\WINDOWS\system32\PhysX.cpl
"stac97.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\stac97.cpl
"VCCenter.cpl" - "Sony Corporation" - C:\WINDOWS\system32\VCCenter.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~2\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.4.9.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth Audio Device (WDM) from TOSHIBA" (TosRfSnd) - "TOSHIBA Corporation" - C:\WINDOWS\System32\drivers\TosRfSnd.sys
"Bluetooth Personal Area Network from TOSHIBA" (tosrfnds) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\tosrfnds.sys
"Bluetooth Port Driver from Toshiba" (tosporte) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tosporte.sys
"Bluetooth RFBNEP from TOSHIBA" (Tosrfbnp) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfbnp.sys
"Bluetooth RFBUS from TOSHIBA" (Tosrfbd) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfbd.sys
"Bluetooth RFCOMM from TOSHIBA" (Tosrfcom) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfcom.sys
"Bluetooth RFHID from TOSHIBA" (Tosrfhid) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys
"Bluetooth USB Controller" (Tosrfusb) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfusb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Chico\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"ithsgt" (ithsgt) - ? - C:\WINDOWS\System32\DRIVERS\ithsgt.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lilsgt" (lilsgt) - ? - C:\WINDOWS\System32\DRIVERS\lilsgt.sys  (File found, but it contains no detailed information)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys
"Mini DigitalTV USB" (PTV337) - ? - C:\WINDOWS\System32\DRIVERS\PTV337.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Sony Image Conversion Filter Driver" (SonyImgF) - "Sony Corporation" - C:\WINDOWS\System32\DRIVERS\SonyImgF.sys
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
"SSHDRV86" (SSHDRV86) - ? - C:\WINDOWS\system32\drivers\SSHDRV86.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"SYMDNS" (SYMDNS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMDNS.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
"SYMFW" (SYMFW) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMFW.SYS
"SYMIDS" (SYMIDS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMIDS.SYS
"SYMIDSCO" (SYMIDSCO) - "Symantec Corporation" - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20110312.001\symidsco.sys
"symlcbrd" (symlcbrd) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\symlcbrd.sys
"SYMNDIS" (SYMNDIS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
"SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
"SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMTDI.SYS
"TOSHIBA Bluetooth HID port driver" (toshidpt) - "TOSHIBA Corporation." - C:\WINDOWS\System32\drivers\Toshidpt.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\VISSHE.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\Lib\XEB\XEBShell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{C6643EC0-49AC-4c15-A455-04104DB900A9} "Image Converter context menu" - " " - C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\VISSHE.DLL
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONFILTER.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMPanel.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Norton Internet Security 2006" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
<binary data> "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / hxxp://as01.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Programme\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "ICQ Toolbar" - ? - C:\PROGRA~1\ICQTOO~1\4118\toolbaru.dll  (File not found)
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} "Norton Internet Security 2006" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - ? - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll  (File not found)
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} "CNisExtBho Class" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{19C8E43B-07B3-49CB-BFFC-6777B593E6F8} "Download Manager Browser Helper Object" - "Protect Software GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWinl.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Chico\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 7.0" - "Adobe Systems Inc." - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"ccApp" - "Symantec Corporation" - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
"Google Desktop Search" - ? - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup  (File found, but it contains no detailed information)
"ISBMgr.exe" - "Sony Corporation" - C:\Programme\Sony\ISB Utility\ISBMgr.exe
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SonyPowerCfg" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMgr.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe
"Switcher.exe" - "Sony Corporation" - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
"URLLSTCK.exe" - "Symantec Corporation" - C:\Programme\Norton Internet Security\UrlLstCk.exe
"VAIO Update 4" - "Sony Corporation" - "C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe"  /Stationary
"VAIOCameraUtility" - "Sony Corporation" - "C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Active File Monitor V4" (AdobeActiveFileMonitor4.0) - ? - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"COM Host" (comHost) - "Symantec Corporation" - C:\Programme\Norton Internet Security\comHost.exe
"Content Management Service" (ContentMgrService) - "ACE GmbH" - C:\Programme\Videoload Manager\ContentManager.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Image Converter video recording monitor for VAIO Entertainment" (Image Converter video recording monitor for VAIO Entertainment) - "Sony Corporation" - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll
"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
"MSSQL$VAIO_VEDB" (MSSQL$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
"MSSQLServerADHelper" (MSSQLServerADHelper) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
"Norton Protection Center Service" (NSCService) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
"SonicStage SCSI Service" (SSScsiSV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
"SPBBCSvc" (SPBBCSvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
"SQLAgent$VAIO_VEDB" (SQLAgent$VAIO_VEDB) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE
"Symantec Core LC" (Symantec Core LC) - ? - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
"Symantec Internet Security Password Validation" (ccISPwdSvc) - "Symantec Corporation" - C:\Programme\Norton Internet Security\ccPwdSvc.exe
"Symantec Network Drivers Service" (SNDSrvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
"Symantec Network Proxy" (ccProxy) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
"VAIO Cooporated Initialisation" (VCI) - "Sony Corporation" - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
"VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
"VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
"VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
"VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
"VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
"VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
"VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
"VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"VESWinlogon" - "Sony Corporation" - C:\WINDOWS\system32\VESWinlogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 27.04.2011 09:39
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:54 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131