| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.FakeAV!gen24Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.03.2010, 17:39
| #1 |
| |  Trojan.FakeAV!gen24 hallo zusammen, habe seid einigen Tagen durch mein Norton Antivirus2010 folgene Angriffmeldung: Trojan.FakeAV!gen24 c:\windows\system32\sshanas21.dll c:\users\***\appdata\local\temp\mxl.exe Laut Norton wurde die Dateien immer gelöscht, aber die Meldungen wiederholen sich öfter und auch in immer mehr werdenden Dateien unter anderen in Registrieungseinträgen, Prozessen und Browser-Cache. Habe mir die von euch empfohlenen Programm runter geladen und sie durchgeführt. Ich hoffe ihr könnt mir helfen und mir sagen ob der Virus wirklich entfernt wurde oder ob ich noch was machen muss. Habe von meinem System keine CD erstellt. Vielen Dank für eure Hilfe !!! Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3858 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 12.03.2010 14:34:15 mbam-log-2010-03-12 (14-34-15).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 114473 Laufzeit: 14 minute(s), 52 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ________________________________________________________ Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3858 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 12.03.2010 17:21:34 mbam-log-2010-03-12 (17-21-34).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 332268 Laufzeit: 2 hour(s), 45 minute(s), 58 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ___________________________________________________________ Bei CCleaner wurden alle Probleme etc behoben und ist alles ok. ___________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:34:56, on 12.03.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\sony\ISB Utility\ISBMgr.exe C:\Program Files\sony\Marketing Tools\MarketingTools.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\conime.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\system32\wuauclt.exe C:\Users\****\Downloads\HiJackThis.exe C:\Program Files\sony\Network Utility\LANUtil.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goggle.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1ca9dd52042a43e) (gupdate1ca9dd52042a43e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13878 bytes |
|
13.03.2010, 15:24
| #3 |
| | Trojan.FakeAV!gen24 Logfile of random's system information tool 1.06 (written by random/random)
__________________Run by Violetta at 2010-03-13 15:13:12 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 95 GB (32%) free of 294 GB Total RAM: 3068 MB (56% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:16:02, on 13.03.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\sony\ISB Utility\ISBMgr.exe C:\Program Files\sony\Marketing Tools\MarketingTools.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\mobsync.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\system32\conime.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\system32\wuauclt.exe C:\Users\Violetta\Downloads\RSIT.exe C:\Program Files\trend micro\Violetta.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goggle.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1ca9dd52042a43e) (gupdate1ca9dd52042a43e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 14255 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL [2009-08-22 107896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-25 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-12-21 349640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-11 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-25 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}] SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-12-21 349640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-12-21 349640] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-25 259696] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-09-16 6266880] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-19 1348904] "Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-12-22 38840] ""= [] "Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-12-21 640440] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-11 30192] "ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2008-04-03 317280] "MarketingTools"=C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [2008-12-28 24576] "MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-07-04 2072576] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] "Skytel"=C:\Windows\Skytel.exe [2008-09-16 1826816] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-11-05 13556256] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-11-05 92704] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-28 39408] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon] C:\Windows\system32\VESWinlogon.dll [2008-11-05 98304] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d0e9b38-6ef6-11de-a29d-001dba06fcb5}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20b9a606-70ad-11de-b4a6-001dba06fcb5}] shell\AutoRun\command - G:\Menu.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22aa13dd-a51c-11de-825f-001dba06fcb5}] shell\AutoRun\command - G:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d564df6-9631-11de-84e4-001dba06fcb5}] shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d564e00-9631-11de-84e4-001dba06fcb5}] shell\AutoRun\command - H:\setup_vmc_lite.exe /checkApplicationPresence [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a92dcb83-6d4f-11de-b542-001dba06fcb5}] shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a92dcb8e-6d4f-11de-b542-001dba06fcb5}] shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a92dcb90-6d4f-11de-b542-001dba06fcb5}] shell\AutoRun\command - H:\setup_vmc_lite.exe /checkApplicationPresence [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0cb12a8-b376-11de-bb6a-00214fbd7bb7}] shell\AutoRun\command - I:\LaunchU3.exe -a ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-03-13 15:13:12 ----D---- C:\rsit 2010-03-13 15:13:12 ----D---- C:\Program Files\trend micro 2010-03-12 15:48:14 ----D---- C:\Program Files\CCleaner 2010-03-12 14:14:36 ----D---- C:\Users\Violetta\AppData\Roaming\Malwarebytes 2010-03-12 14:14:26 ----D---- C:\ProgramData\Malwarebytes 2010-03-12 14:14:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-07 17:19:43 ----D---- C:\Users\Violetta\AppData\Roaming\Skype 2010-03-07 17:19:17 ----D---- C:\Program Files\Common Files\Skype 2010-03-07 17:19:16 ----RD---- C:\Program Files\Skype 2010-03-06 21:50:48 ----D---- C:\Program Files\Wide Angle Software 2010-03-06 20:45:03 ----D---- C:\Program Files\WindSolutions 2010-03-06 20:44:58 ----D---- C:\Users\Violetta\AppData\Roaming\WindSolutions 2010-03-06 20:44:58 ----D---- C:\ProgramData\WindSolutions 2010-03-06 20:15:49 ----D---- C:\ProgramData\WindowsSearch 2010-03-06 20:12:30 ----D---- C:\Program Files\iPod 2010-03-06 20:12:25 ----D---- C:\Program Files\iTunes 2010-02-23 21:29:08 ----D---- C:\Program Files\QuickTime 2010-02-22 17:40:35 ----RA---- C:\Windows\system32\AdobePDFUI.dll ======List of files/folders modified in the last 1 months====== 2010-03-13 15:16:01 ----D---- C:\Windows\Prefetch 2010-03-13 15:14:38 ----D---- C:\Windows\Temp 2010-03-13 15:13:12 ----RD---- C:\Program Files 2010-03-13 15:06:47 ----D---- C:\Windows 2010-03-12 18:55:12 ----SHD---- C:\System Volume Information 2010-03-12 17:24:57 ----D---- C:\Windows\Debug 2010-03-12 14:17:00 ----D---- C:\Windows\System32 2010-03-12 14:14:29 ----D---- C:\Windows\system32\drivers 2010-03-12 14:14:26 ----HD---- C:\ProgramData 2010-03-11 18:45:50 ----D---- C:\Program Files\EA GAMES 2010-03-11 14:25:36 ----D---- C:\Windows\system32\catroot 2010-03-11 14:25:31 ----D---- C:\Windows\winsxs 2010-03-11 14:24:44 ----D---- C:\Windows\system32\catroot2 2010-03-09 14:26:41 ----SHD---- C:\Windows\Installer 2010-03-08 21:29:35 ----D---- C:\Program Files\Safari 2010-03-08 00:01:26 ----D---- C:\Users\Violetta\AppData\Roaming\skypePM 2010-03-07 17:19:34 ----D---- C:\Windows\system32\Tasks 2010-03-07 17:19:17 ----D---- C:\Program Files\Common Files 2010-03-07 17:19:15 ----D---- C:\ProgramData\Skype 2010-03-06 22:30:52 ----D---- C:\Windows\Tasks 2010-03-06 20:12:29 ----D---- C:\Program Files\Common Files\Apple 2010-03-06 19:53:37 ----D---- C:\Windows\inf 2010-03-06 19:53:37 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-03-01 19:21:14 ----D---- C:\ProgramData\Roxio 2010-02-22 17:38:15 ----D---- C:\Program Files\Mozilla Firefox ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NAV\1008000.029\BHDrvx86.sys [2009-08-22 259632] R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NAV\1008000.029\ccHPx86.sys [2010-02-04 482432] R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2008-08-22 10216] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-26 371248] R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100310.001\IDSvix86.sys [2009-10-28 343088] R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NAV\1008000.029\SRTSP.SYS [2009-08-22 308272] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NAV\1008000.029\SRTSPX.SYS [2009-08-22 43696] R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-08-22 25648] R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NAV\1008000.029\SYMTDI.SYS [2009-08-22 217136] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-17 271360] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-17 18048] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-07-04 12672] R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2008-10-23 68608] R2 risdptsk;risdptsk; C:\Windows\system32\DRIVERS\risdptsk.sys [2008-10-23 46592] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-07-04 8704] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-07-04 985600] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-07-04 209408] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-09-16 2152088] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\NAVENG.SYS [2010-02-03 84912] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\NAVEX15.SYS [2010-02-03 1324720] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-11-05 7585920] R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2008-08-22 9344] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-09-11 124976] R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NAV\1008000.029\SYMFW.SYS [2009-08-22 89904] R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS [2009-08-22 48688] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-19 201264] R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-07-04 661504] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-06-07 299008] S3 a2mxcvl0;a2mxcvl0; C:\Windows\system32\drivers\a2mxcvl0.sys [] S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-11-05 919552] S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528] S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904] S3 BTHUSB;USB-Treiber für Bluetooth-Sender; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696] S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2008-11-05 84008] S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2008-11-05 109096] S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-11-05 29736] S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-11-05 18344] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101632] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992] S3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NAV\1000000.07D\SYMDNS.SYS [] S3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NAV\1000000.07D\SYMREDRV.SYS [] S3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2008-10-02 50576] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-06-07 131000] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-10-14 555560] R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-05-21 874768] R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520] R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208] R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640] R2 NSUService;NSUService; C:\Program Files\sony\Network Utility\NSUService.exe [2008-12-04 303104] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-11-05 196608] R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-05-21 473360] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 uCamMonitor;CamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] R2 VAIO Event Service;VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [2008-11-05 203624] R2 VAIO Power Management;VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-10-17 415584] R2 VCFw;VAIO Content Folder Watcher; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-09-11 446464] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-10-01 369952] R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336] R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2008-09-08 192512] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-07-04 386560] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576] R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2008-09-08 279848] S2 gupdate1ca9dd52042a43e;Google Update Service (gupdate1ca9dd52042a43e); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-25 133104] S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-18 651720] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-11 30192] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-25 182768] S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2008-05-20 53248] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2008-05-20 53248] S3 SOHCImp;VAIO Media plus Content Importer; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [2008-10-21 103712] S3 SOHDms;VAIO Media plus Digital Media Server; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [2008-10-21 353568] S3 SOHDs;VAIO Media plus Device Searcher; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [2008-10-21 62752] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2008-05-20 77824] S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [2008-09-08 73728] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-09-19 83232] -----------------EOF----------------- |
|
13.03.2010, 15:24
| #4 |
| | Trojan.FakeAV!gen24 info.txt logfile of random's system information tool 1.06 2010-03-13 15:16:06 ======Uninstall list====== -->"C:\Program Files\InstallShield Installation Information\{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}\setup.exe" -runfromtemp -l0x0007 -removeonly -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0007 -removeonly -->C:\Program Files\InstallShield Installation Information\{3D173DC5-4AE5-4B3F-9819-3977DD11B1D0}\setup.exe -runfromtemp -l0x0007 -removeonly -->C:\Program Files\InstallShield Installation Information\{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}\setup.exe -runfromtemp -l0x0007 -removeonly -->C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x0007 -removeonly -->C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe -runfromtemp -l0x0007 -removeonly Adobe Acrobat 9 Standard - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-BA7E-000000000004} Adobe Acrobat 9 Standard - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-BA7E-000000000004} Adobe Acrobat 9.3.1 - CPSID_50570-->msiexec /I {AC76BA86-1033-F400-BA7E-000000000004} Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250} Anno 1701-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2433A63-5F5D-40E5-B529-9123C2B3E734}\setup.exe" -l0x7 -removeonly Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArcSoft Magic-i Visual Effects 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BB90344-0647-468E-925A-7F69F7983421}\Setup.exe" -l0x7 ArcSoft PhotoStudio 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x7 -uninst ArcSoft WebCam Companion 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9973498D-EA29-4A68-BE0B-C88D6E03E928}\Setup.exe" -l0x7 Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}\setup.exe" -l0x7 -removeonly Big Fish Games Spiel-Suite-->"C:\Program Files\Big Fish Games Spiel-Suite\Uninstall.exe" Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Caesar IV-->C:\Program Files\InstallShield Installation Information\{B7666229-351B-47D9-AA6F-DF777CF04BBF}\Setup.exe -runfromtemp -l0x0007 -removeonly CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Click to Disc Editor-->C:\Program Files\InstallShield Installation Information\{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}\setup.exe -runfromtemp -l0x0407 Click to Disc-->C:\Program Files\InstallShield Installation Information\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}\setup.exe -runfromtemp -l0x0007 -removeonly Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE} Die Sims 2: Family Fun - Accessoires-->C:\Program Files\EA GAMES\Die Sims 2 Family Fun - Accessoires\EAUninstall.exe Die Sims 2: Nightlife-->C:\Program Files\EA GAMES\Die Sims 2 Nightlife\EAUninstall.exe Die Sims 2: Open For Business-->C:\Program Files\EA GAMES\Die Sims 2 Open For Business\EAUninstall.exe Die Sims 2: Wilde Campus-Jahre-->C:\Program Files\EA GAMES\Die Sims 2 Wilde Campus-Jahre\EAUninstall.exe Die Sims 2-->C:\Program Files\EA GAMES\Die Sims 2\EAUninstall.exe Die Sims™ 2 Haustiere-->C:\Program Files\EA GAMES\Die Sims 2 Haustiere\EAUninstall.exe Die Sims™ 2 IKEA® Home-Accessoires-->C:\Program Files\EA GAMES\Die Sims 2 IKEA® Home-Accessoires\EAUninstall.exe Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires-->C:\Program Files\EA GAMES\Die Sims 2 Küchen- und Bad-Einrichtungs-Accessoires\EAUninstall.exe Die Sims™ 2 Party-Accessoires-->C:\Program Files\EA GAMES\Die Sims 2 Party-Accessoires\EAUninstall.exe Die Sims™ 2 Vier Jahreszeiten-->C:\Program Files\EA GAMES\Die Sims 2 Vier Jahreszeiten\EAUninstall.exe DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN dm Fotowelt-->"C:\Program Files\dm\dm Fotowelt\uninstall.exe" Dolby Control Center-->MsiExec.exe /I{D035FBF6-FDEF-487D-89CA-6F9DD07B783F} Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe" Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_104D1700\UIU32m.EXE -U -ISnSZIRXz.inf HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly Intel PROSet Wireless-->Intel PROSet Wireless Intel(R) PROSet/Wireless WiFi-Software-->MsiExec.exe /I{72EEB695-388B-4835-8EA6-0C04545B06B9} iPhone-Konfigurationsprogramm-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1} iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9} Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Me&My VAIO-->"C:\Program Files\InstallShield Installation Information\{76D7CCD6-8369-405C-B494-5F34FAE67249}\setup.exe" -runfromtemp -l0x0007 -removeonly Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Works-->MsiExec.exe /I{62F7DA7E-CCCB-439C-A760-00C3926E761F} Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Music Transfer-->C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe -runfromtemp -l0x0007 -removeonly MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723} Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A" neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\2454B0AB\16.8.0.41\InstStub.exe /X Nur Deinstallierung der CopyTrans Suite möglich.-->C:\Program Files\WindSolutions\CopyTrans Suite\CopyTransControlCenter.exe uninstall NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI OpenMG Secure Module 5.1.00-->C:\Program Files\InstallShield Installation Information\{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}\IS_Setup.exe -l0x0409 /z"UNINSTALL" Picasa 3-->"C:\Program Files\Picasa2\Uninstall.exe" PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709 Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83} Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD} Roxio Central Core-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB} Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693} Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4} Roxio Easy Media Creator 10 LJ-->C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817} Roxio Easy Media Creator Home-->MsiExec.exe /I{FE51662F-D8F6-43B5-99D9-D4894AF00F83} Safari-->MsiExec.exe /I{46A5D1D1-8956-497C-92FB-59C44EFA6214} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Setting Utility Series-->"C:\Program Files\InstallShield Installation Information\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}\setup.exe" -runfromtemp -l0x0007 -removeonly SimCity 3000-->C:\Windows\IsUn0407.exe -f"C:\Program Files\Maxis\SimCity 3000\Uninst.isu" Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Software Info for Me&My VAIO-->"C:\Program Files\InstallShield Installation Information\{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}\setup.exe" -runfromtemp -l0x0007 -removeonly SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}\setup.exe" -l0x7 -removeonly SonicStage Mastering Studio Plugins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}\setup.exe" -l0x7 -removeonly SonicStage Mastering Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6332AFF1-9D9A-429C-AA03-F82749FA4F49}\setup.exe" -l0x7 -removeonly Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0007 uninstall -removeonly Sony Video Shared Library-->C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe -runfromtemp -l0x0007 -removeonly Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall TouchCopy 09-->MsiExec.exe /I{4188B7F0-5020-4FC8-9003-1270C081746E} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF} Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96} Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1} VAIO Content Folder Setting-->"C:\Program Files\InstallShield Installation Information\{23825B69-36DF-4DAD-9CFD-118D11D80F16}\setup.exe" -runfromtemp -l0x0007 -removeonly VAIO Content Folder Watcher-->C:\Program Files\InstallShield Installation Information\{327B75F0-92AF-420A-988F-FA596A218E0B}\setup.exe -runfromtemp -l0x0007 UNINSTALL -removeonly VAIO Content Metadata Intelligent Analyzing Manager-->C:\Program Files\InstallShield Installation Information\{ECB5774A-A39B-4419-A7D3-92F49C0FCAB3}\setup.exe -runfromtemp -l0x0007 -removeonly VAIO Content Metadata Manager Setting-->C:\Program Files\InstallShield Installation Information\{EADE97A7-E7AA-43FD-A042-92A68E0187A6}\setup.exe -runfromtemp -l0x0007 -removeonly VAIO Content Metadata XML Interface Library-->C:\Program Files\InstallShield Installation Information\{E3453B1B-C91B-4C48-B046-8DF635DD46F2}\setup.exe -runfromtemp -l0x0007 -removeonly VAIO Control Center-->"C:\Program Files\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -runfromtemp -l0x0007 -removeonly VAIO Data Restore Tool-->C:\Program Files\InstallShield Installation Information\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\setup.exe -runfromtemp -l0x0007 -removeonly VAIO DVD Menu Data Basic-->C:\Program Files\InstallShield Installation Information\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}\setup.exe -runfromtemp -l0x0007 -removeonly VAIO Energie Verwaltung-->"C:\Program Files\InstallShield Installation Information\{5F5867F0-2D23-4338-A206-01A76C823924}\setup.exe" -runfromtemp -l0x0007 -removeonly VAIO Entertainment Platform-->"C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe" -runfromtemp -l0x0007 -removeonly VAIO Event Service-->"C:\Program Files\InstallShield Installation Information\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}\setup.exe" -runfromtemp -l0x0007 -removeonly VAIO Launcher-->"C:\Program Files\InstallShield Installation Information\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}\setup.exe" -runfromtemp -l0x0007 -removeonly VAIO Marketing Tools-->C:\Program Files\Sony\Marketing Tools\Uninstaller.exe /bootstrap VAIO Media plus Opening Movie-->"C:\Program Files\InstallShield Installation Information\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}\setup.exe" -runfromtemp -l0x0007 -removeonly VAIO Media plus-->"C:\Program Files\InstallShield Installation Information\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}\setup.exe" -runfromtemp -l0x0007 -removeonly VAIO Movie Story Template Data-->C:\Program Files\InstallShield Installation Information\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}\setup.exe -runfromtemp -l0x0007 -removeonly VAIO Movie Story-->C:\Program Files\InstallShield Installation Information\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}\setup.exe -runfromtemp -l0x0007 -removeonly VAIO MusicBox Sample Music-->"C:\Program Files\InstallShield Installation Information\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}\setup.exe" -runfromtemp -l0x0007 -removeonly VAIO MusicBox-->"C:\Program Files\InstallShield Installation Information\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}\setup.exe" -runfromtemp -l0x0007 -removeonly VAIO Original Function Setting-->"C:\Program Files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe" -runfromtemp -l0x0007 -removeonly VAIO Smart Network-->"C:\Program Files\InstallShield Installation Information\{3B659FAD-E772-44A3-B7E7-560FF084669F}\setup.exe" -runfromtemp -l0x0007 -removeonly VAIO Update 4-->"C:\Program Files\InstallShield Installation Information\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}\setup.exe" -runfromtemp -l0x0007 -removeonly VAIO Wallpaper Contents-->"C:\Program Files\InstallShield Installation Information\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}\setup.exe" -runfromtemp -l0x0007 -removeonly VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Vodafone Mobile Connect Lite-->MsiExec.exe /X{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860} WIDCOMM Bluetooth Software 6.2.0.5800-->MsiExec.exe /X{E464702F-5433-46EC-8F65-159276C0A54F} Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} Windows Live Fotogalerie-->MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF} Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41} Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB} Windows Live Movie Maker-->MsiExec.exe /X{3EFEF049-23D4-4B46-8903-4592FEA51018} Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC} Windows Live Toolbar-->MsiExec.exe /X{70B7A167-0B88-445D-A3EA-97C73AA88CAC} Windows Live Writer-->MsiExec.exe /X{E0A4805D-280A-4DD7-9E74-3A5F85E302A1} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} WinDVD for VAIO-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp WinRAR Archivierer-->C:\Program Files\WinRAR\uninstall.exe ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: Violetta-PC Event Code: 7036 Message: Dienst "FLEXnet Licensing Service" befindet sich jetzt im Status "Beendet". Record Number: 86794 Source Name: Service Control Manager Time Written: 20091008143809.000000-000 Event Type: Informationen User: Computer Name: Violetta-PC Event Code: 7036 Message: Dienst "FLEXnet Licensing Service" befindet sich jetzt im Status "Ausgeführt". Record Number: 86793 Source Name: Service Control Manager Time Written: 20091008143709.000000-000 Event Type: Informationen User: Computer Name: Violetta-PC Event Code: 7036 Message: Dienst "FLEXnet Licensing Service" befindet sich jetzt im Status "Beendet". Record Number: 86792 Source Name: Service Control Manager Time Written: 20091008143221.000000-000 Event Type: Informationen User: Computer Name: Violetta-PC Event Code: 7036 Message: Dienst "FLEXnet Licensing Service" befindet sich jetzt im Status "Ausgeführt". Record Number: 86791 Source Name: Service Control Manager Time Written: 20091008142421.000000-000 Event Type: Informationen User: Computer Name: Violetta-PC Event Code: 7036 Message: Dienst "FLEXnet Licensing Service" befindet sich jetzt im Status "Beendet". Record Number: 86790 Source Name: Service Control Manager Time Written: 20091008142401.000000-000 Event Type: Informationen User: =====Application event log===== Computer Name: WIN-QH9R31N0WOA Event Code: 9009 Message: Der Desktopfenster-Manager wurde mit dem Code (0xc00002fe) abgebrochen. Record Number: 918 Source Name: Desktop Window Manager Time Written: 20081228041945.000000-000 Event Type: Informationen User: Computer Name: WIN-QH9R31N0WOA Event Code: 8225 Message: Der VSS-Dienst wird aufgrund eines Ereignisses vom Dienststeuerungs-Manager heruntergefahren. Record Number: 917 Source Name: VSS Time Written: 20081228041945.000000-000 Event Type: Informationen User: Computer Name: WIN-QH9R31N0WOA Event Code: 901 Message: Der Softwarelizenzierungsdienst wird beendet. Record Number: 916 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20081228041945.000000-000 Event Type: Informationen User: Computer Name: WIN-QH9R31N0WOA Event Code: 103 Message: Windows (2336) Windows: Das Datenbankmodul hat die Instanz (0) beendet. Record Number: 915 Source Name: ESENT Time Written: 20081228041941.000000-000 Event Type: Informationen User: Computer Name: WIN-QH9R31N0WOA Event Code: 1013 Message: Der Windows-Suchdienst wurde normal beendet. Record Number: 914 Source Name: Microsoft-Windows-Search Time Written: 20081228041940.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: WIN-QH9R31N0WOA Event Code: 4648 Message: Anmeldeversuch mit expliziten Anmeldeinformationen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: WIN-QH9R31N0WOA$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Konto, dessen Anmeldeinformationen verwendet wurden: Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Zielserver: Zielservername: localhost Weitere Informationen: localhost Prozessinformationen: Prozess-ID: 0x27c Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Netzwerkadresse: - Port: - Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird. Record Number: 1682 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081228041942.607367-000 Event Type: Überwachung erfolgreich User: Computer Name: WIN-QH9R31N0WOA Event Code: 4672 Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Berechtigungen: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 1681 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081228041942.342167-000 Event Type: Überwachung erfolgreich User: Computer Name: WIN-QH9R31N0WOA Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: WIN-QH9R31N0WOA$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmeldetyp: 5 Neue Anmeldung: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x27c Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Arbeitsstationsname: Quellnetzwerkadresse: - Quellport: - Detaillierte Authentifizierungsinformationen: Anmeldeprozess: Advapi Authentifizierungspaket: Negotiate Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 1680 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081228041942.342167-000 Event Type: Überwachung erfolgreich User: Computer Name: WIN-QH9R31N0WOA Event Code: 4648 Message: Anmeldeversuch mit expliziten Anmeldeinformationen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: WIN-QH9R31N0WOA$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Konto, dessen Anmeldeinformationen verwendet wurden: Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Zielserver: Zielservername: localhost Weitere Informationen: localhost Prozessinformationen: Prozess-ID: 0x27c Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Netzwerkadresse: - Port: - Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird. Record Number: 1679 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081228041942.342167-000 Event Type: Überwachung erfolgreich User: Computer Name: WIN-QH9R31N0WOA Event Code: 1102 Message: Das Überwachungsprotokoll wurde gelöscht. Subjekt: Sicherheits- ID: S-1-5-21-189318510-1014528275-1355978565-500 Kontoname: Administrator Domänenname: WIN-QH9R31N0WOA Logon-ID: 0x37bd0 Record Number: 1678 Source Name: Microsoft-Windows-Eventlog Time Written: 20081228041932.560967-000 Event Type: Überwachung erfolgreich User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "configsetroot"=%SystemRoot%\ConfigSetRoot "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\ "EMC_AUTOPLAY"=C:\Program Files\Common Files\Roxio Shared\ "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- |
|
13.03.2010, 16:19
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan.FakeAV!gen24 Lade dir Lop S&D herunter. Windows2000/XP: Führe Lop S&D.exe per Doppelklick aus. Windows Vista und 7: Rechtsklick auf Lop S&D.exe => Ausführen als Admin!! Wähle die Sprache deiner Wahl und anschließend die Option 1. Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen).
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.03.2010, 17:15
| #6 |
| | Trojan.FakeAV!gen24 --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft® Windows Vista™ Home Premium ( v6.0.6002 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz ) BIOS : Default System BIOS USER : Violetta ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:287 Go (Free:92 Go) D:\ (USB) E:\ (USB) F:\ (CD or DVD) G:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 13.03.2010|17:08 ) [ UAC => 1 ] --------------------\\ Ordner Verzeichnis unter Local [10.07.2009|19:45] C:\Users\Violetta\AppData\Local\{D53238E8-3427-491E-A57E-097FA966AAC1} [07.03.2010|21:21] C:\Users\Violetta\AppData\Local\84756-11986-27475-00TC1-94865 [31.07.2009|12:42] C:\Users\Violetta\AppData\Local\Adobe [09.07.2009|21:07] C:\Users\Violetta\AppData\Local\Ahead [25.06.2009|19:39] C:\Users\Violetta\AppData\Local\Anwendungsdaten [13.07.2009|16:48] C:\Users\Violetta\AppData\Local\Apple [06.03.2010|21:36] C:\Users\Violetta\AppData\Local\Apple Computer [09.07.2009|19:48] C:\Users\Violetta\AppData\Local\ApplicationHistory [03.07.2009|12:58] C:\Users\Violetta\AppData\Local\ArcSoft [18.11.2008|17:10] C:\Users\Violetta\AppData\Local\Broadcom [28.01.2010|15:15] C:\Users\Violetta\AppData\Local\Buhl [28.01.2010|15:08] C:\Users\Violetta\AppData\Local\Buhl Data Service [18.11.2008|16:41] C:\Users\Violetta\AppData\Local\d3d9caps.dat [08.03.2010|23:43] C:\Users\Violetta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [28.06.2009|20:18] C:\Users\Violetta\AppData\Local\desktop.ini [09.07.2009|19:47] C:\Users\Violetta\AppData\Local\fusioncache.dat [26.06.2009|14:15] C:\Users\Violetta\AppData\Local\GDIPFONTCACHEV1.DAT [25.01.2010|16:45] C:\Users\Violetta\AppData\Local\Google [12.03.2010|19:46] C:\Users\Violetta\AppData\Local\IconCache.db [25.01.2010|08:58] C:\Users\Violetta\AppData\Local\Microsoft [15.11.2009|22:58] C:\Users\Violetta\AppData\Local\Microsoft Games [03.09.2009|13:42] C:\Users\Violetta\AppData\Local\Microsoft Help [25.06.2009|21:24] C:\Users\Violetta\AppData\Local\Mozilla [10.03.2010|18:30] C:\Users\Violetta\AppData\Local\PokerStars [06.01.2010|17:10] C:\Users\Violetta\AppData\Local\PokerStars.NET [25.06.2009|19:41] C:\Users\Violetta\AppData\Local\Sony_Corporation [13.03.2010|17:07] C:\Users\Violetta\AppData\Local\Temp [25.06.2009|19:39] C:\Users\Violetta\AppData\Local\Temporary Internet Files [25.06.2009|19:39] C:\Users\Violetta\AppData\Local\Verlauf [12.07.2009|15:54] C:\Users\Violetta\AppData\Local\VirtualStore [06.03.2010|21:52] C:\Users\Violetta\AppData\Local\Wide Angle Software [7|Datei(en),] C:\Users\Violetta\AppData\Local\Bytes [27|Verzeichnis(se),] C:\Users\Violetta\AppData\Local\Bytes frei --------------------\\ Geplante Aufgaben unter C:\Windows\Tasks [13.03.2010 16:10][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [13.03.2010 15:07][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [13.03.2010 15:07][--ah-----] C:\Windows\tasks\SA.DAT [12.03.2010 19:46][--a------] C:\Windows\tasks\SCHEDLGU.TXT --------------------\\ Ordner Verzeichnis unter C:\ProgramData [11.09.2009|19:27] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD} [13.07.2009|16:51] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [25.10.2009|12:31] C:\ProgramData\Adobe [09.07.2009|18:55] C:\ProgramData\Ahead [25.06.2009|19:35] C:\ProgramData\Anwendungsdaten [13.07.2009|16:45] C:\ProgramData\Apple [13.07.2009|16:50] C:\ProgramData\Apple Computer [02.11.2006|14:02] C:\ProgramData\Application Data [28.06.2009|20:17] C:\ProgramData\ArcSoft [28.01.2010|15:15] C:\ProgramData\Buhl Data Service GmbH [19.09.2009|14:02] C:\ProgramData\DAEMON Tools Lite [02.11.2006|14:02] C:\ProgramData\Desktop [23.05.2008|16:48] C:\ProgramData\DeviceInstaller.xml [23.06.2008|12:02] C:\ProgramData\DeviceManager.xml.rc4 [02.11.2006|14:02] C:\ProgramData\Documents [25.06.2009|19:35] C:\ProgramData\Dokumente [25.06.2009|20:34] C:\ProgramData\ezsidmv.dat [25.06.2009|19:35] C:\ProgramData\Favoriten [02.11.2006|14:02] C:\ProgramData\Favorites [29.06.2009|16:44] C:\ProgramData\FLEXnet [28.12.2008|04:44] C:\ProgramData\Google [27.06.2009|18:35] C:\ProgramData\hps [25.06.2009|22:13] C:\ProgramData\ICQ [10.07.2009|19:46] C:\ProgramData\InstallShield [23.10.2009|18:59] C:\ProgramData\Intel [12.03.2010|14:14] C:\ProgramData\Malwarebytes [25.06.2009|20:04] C:\ProgramData\McAfee [25.11.2009|17:18] C:\ProgramData\Microsoft [28.12.2009|18:28] C:\ProgramData\Microsoft Help [19.07.2009|19:40] C:\ProgramData\Nero [25.06.2009|20:22] C:\ProgramData\Norton [28.12.2009|13:34] C:\ProgramData\NortonInstaller [03.07.2009|08:26] C:\ProgramData\NOS [23.10.2009|18:25] C:\ProgramData\NVIDIA [13.03.2010|15:09] C:\ProgramData\nvModes.001 [11.03.2010|22:06] C:\ProgramData\nvModes.dat [28.12.2008|05:15] C:\ProgramData\Roaming [01.03.2010|19:21] C:\ProgramData\Roxio [28.12.2008|04:49] C:\ProgramData\SiteAdvisor [07.03.2010|17:19] C:\ProgramData\Skype [28.12.2008|05:02] C:\ProgramData\Sonic [13.07.2009|16:02] C:\ProgramData\Sony Corporation [02.11.2006|14:02] C:\ProgramData\Start Menu [25.06.2009|19:35] C:\ProgramData\Startmenü [26.06.2009|16:42] C:\ProgramData\Symantec [02.11.2006|14:02] C:\ProgramData\Templates [09.07.2009|19:43] C:\ProgramData\T-Online [28.12.2008|05:02] C:\ProgramData\Uninstall [10.07.2009|19:46] C:\ProgramData\Vodafone [25.06.2009|19:35] C:\ProgramData\Vorlagen [06.03.2010|20:15] C:\ProgramData\WindowsSearch [06.03.2010|21:02] C:\ProgramData\WindSolutions [5|Datei(en),] C:\ProgramData\Bytes [50|Verzeichnis(se),] C:\ProgramData\Bytes frei --------------------\\ Ordner Verzeichnis unter C:\Program Files [25.10.2009|12:59] C:\Program Files\Adobe [12.07.2009|16:08] C:\Program Files\Ahead [17.07.2009|13:34] C:\Program Files\Anno 1701 [13.07.2009|16:48] C:\Program Files\Apple Software Update [25.09.2009|22:39] C:\Program Files\ArcSoft [28.12.2008|04:37] C:\Program Files\Big Fish Games Spiel-Suite [13.07.2009|16:49] C:\Program Files\Bonjour [12.03.2010|15:48] C:\Program Files\CCleaner [23.10.2009|18:59] C:\Program Files\Cisco [07.03.2010|17:19] C:\Program Files\Common Files [18.11.2008|17:01] C:\Program Files\CONEXANT [19.09.2009|14:02] C:\Program Files\DAEMON Tools Lite [19.09.2009|14:02] C:\Program Files\DAEMON Tools Toolbar [25.01.2010|16:43] C:\Program Files\DivX [27.06.2009|18:03] C:\Program Files\dm [18.11.2008|16:55] C:\Program Files\Dolby [11.03.2010|18:45] C:\Program Files\EA GAMES [25.10.2009|13:17] C:\Program Files\Foxit Software [25.06.2009|19:35] C:\Program Files\Gemeinsame Dateien [C:\Program Files\Common Files] [25.01.2010|16:45] C:\Program Files\Google [18.01.2010|16:51] C:\Program Files\ICQ6.5 [18.01.2010|22:35] C:\Program Files\ICQ6Toolbar [25.01.2010|17:18] C:\Program Files\InstallShield Installation Information [28.12.2008|05:15] C:\Program Files\Intel [25.01.2010|15:39] C:\Program Files\Internet Explorer [28.12.2008|05:14] C:\Program Files\InterVideo [11.09.2009|19:31] C:\Program Files\iPhone-Konfigurationsprogramm [06.03.2010|20:12] C:\Program Files\iPod [06.03.2010|20:14] C:\Program Files\iTunes [22.11.2009|13:37] C:\Program Files\Java [12.03.2010|14:14] C:\Program Files\Malwarebytes' Anti-Malware [17.07.2009|14:11] C:\Program Files\Maxis [25.11.2009|17:19] C:\Program Files\Microsoft [02.11.2006|13:37] C:\Program Files\Microsoft Games [28.12.2008|04:53] C:\Program Files\Microsoft Office [28.12.2008|04:55] C:\Program Files\Microsoft Office Suite Activation Assistant [25.01.2010|15:39] C:\Program Files\Microsoft Silverlight [25.11.2009|17:16] C:\Program Files\Microsoft SQL Server Compact Edition [25.11.2009|17:18] C:\Program Files\Microsoft Sync Framework [25.06.2009|22:48] C:\Program Files\Microsoft Works [28.12.2008|04:52] C:\Program Files\Microsoft.NET [23.10.2009|18:26] C:\Program Files\Movie Maker [22.02.2010|17:38] C:\Program Files\Mozilla Firefox [02.11.2006|13:37] C:\Program Files\MSBuild [25.06.2009|20:53] C:\Program Files\MSXML 4.0 [19.07.2009|19:51] C:\Program Files\Nero [25.06.2009|20:22] C:\Program Files\Norton AntiVirus [25.06.2009|20:19] C:\Program Files\NortonInstaller [03.07.2009|08:26] C:\Program Files\NOS [10.11.2009|15:34] C:\Program Files\Picasa2 [06.01.2010|19:51] C:\Program Files\PokerStars [06.01.2010|17:18] C:\Program Files\PokerStars.NET [23.02.2010|21:29] C:\Program Files\QuickTime [18.11.2008|16:54] C:\Program Files\Realtek [02.11.2006|13:37] C:\Program Files\Reference Assemblies [28.12.2008|05:02] C:\Program Files\Roxio [08.03.2010|21:29] C:\Program Files\Safari [22.07.2009|19:50] C:\Program Files\Sierra [07.03.2010|17:19] C:\Program Files\Skype [28.12.2008|05:16] C:\Program Files\sony [11.09.2009|09:50] C:\Program Files\Symantec [18.11.2008|17:02] C:\Program Files\Synaptics [13.03.2010|15:16] C:\Program Files\trend micro [02.11.2006|14:01] C:\Program Files\Uninstall Information [10.07.2009|19:46] C:\Program Files\Vodafone [18.11.2008|16:58] C:\Program Files\WIDCOMM [09.03.2010|14:26] C:\Program Files\Wide Angle Software [23.10.2009|18:26] C:\Program Files\Windows Calendar [23.10.2009|18:26] C:\Program Files\Windows Collaboration [23.10.2009|18:26] C:\Program Files\Windows Defender [23.10.2009|18:26] C:\Program Files\Windows Journal [25.11.2009|17:18] C:\Program Files\Windows Live [25.06.2009|21:44] C:\Program Files\Windows Live SkyDrive [18.01.2010|17:11] C:\Program Files\Windows Mail [30.10.2009|15:45] C:\Program Files\Windows Media Player [25.06.2009|19:35] C:\Program Files\Windows NT [23.10.2009|18:26] C:\Program Files\Windows Photo Gallery [22.11.2009|16:52] C:\Program Files\Windows Portable Devices [23.10.2009|18:26] C:\Program Files\Windows Sidebar [06.03.2010|20:45] C:\Program Files\WindSolutions [16.09.2009|11:42] C:\Program Files\WinRAR [28.01.2010|15:09] C:\Program Files\WISO [0|Datei(en),] C:\Program Files\Bytes [85|Verzeichnis(se),] C:\Program Files\Bytes frei --------------------\\ Ordner Verzeichnis unter C:\Program Files\Common Files [23.10.2009|17:59] C:\Program Files\Common Files\Adobe [12.07.2009|16:07] C:\Program Files\Common Files\Ahead [06.03.2010|20:12] C:\Program Files\Common Files\Apple [28.12.2008|05:11] C:\Program Files\Common Files\ArcSoft [28.12.2008|04:53] C:\Program Files\Common Files\DESIGNER [25.01.2010|16:43] C:\Program Files\Common Files\DivX Shared [10.07.2009|19:46] C:\Program Files\Common Files\InstallShield [23.10.2009|18:59] C:\Program Files\Common Files\Intel [28.12.2008|05:14] C:\Program Files\Common Files\InterVideo [18.11.2008|18:04] C:\Program Files\Common Files\Java [18.11.2008|18:03] C:\Program Files\Common Files\Macrovision Shared [25.10.2009|13:33] C:\Program Files\Common Files\Marmiko Shared [25.06.2009|22:42] C:\Program Files\Common Files\microsoft shared [19.07.2009|20:12] C:\Program Files\Common Files\Nero [28.12.2008|05:02] C:\Program Files\Common Files\PX Storage Engine [28.12.2008|05:02] C:\Program Files\Common Files\Roxio Shared [02.11.2006|12:18] C:\Program Files\Common Files\Services [07.03.2010|17:19] C:\Program Files\Common Files\Skype [28.12.2008|05:02] C:\Program Files\Common Files\Sonic Shared [28.12.2008|05:07] C:\Program Files\Common Files\Sony Shared [02.11.2006|12:18] C:\Program Files\Common Files\SpeechEngines [25.06.2009|21:59] C:\Program Files\Common Files\Symantec Shared [23.10.2009|18:26] C:\Program Files\Common Files\System [25.06.2009|21:40] C:\Program Files\Common Files\Windows Live [0|Datei(en),] C:\Program Files\Common Files\Bytes [26|Verzeichnis(se),] C:\Program Files\Common Files\Bytes frei --------------------\\ Process ( 92 Processes ) ... OK ! --------------------\\ Ueberpruefung mit S_Lop Kein Lop Ordner gefunden ! --------------------\\ Suche nach Lop Dateien - Ordnern Kein Lop Ordner gefunden ! --------------------\\ Suche innerhalb der Registry ..... OK ! --------------------\\ Ueberpruefung der Hosts Datei Hosts Datei SAUBER --------------------\\ Suche nach verborgenen Dateien mit Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-13 17:08:27 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Suche nach anderen Infektionen --------------------\\ Cracks & Keygens .. C:\Users\Violetta\Desktop\Daten Vio\Eigene Musik\_Sonstige Alben\Halloween_Sound_Effects-Halloween_Sound_Effects\90-halloween_sound_effects-ice_cracking.mp3 C:\Users\Violetta\Desktop\Daten Vio\Eigene Musik\_TOP100\TOP100_Single_Charts_23_02_2009\028-snow_patrol_-_crack_the_shutters-ministry.mp3 C:\Users\Violetta\Desktop\Daten Vio\Eigene Musik\_Vio\Charts 01.03.09\028-snow_patrol_-_crack_the_shutters-ministry.mp3 C:\Users\Violetta\Desktop\usb\Charts 01.03.09\028-snow_patrol_-_crack_the_shutters-ministry.mp3 C:\Users\Violetta\Desktop\usb\Neuer Ordner\028-snow_patrol_-_crack_the_shutters-ministry.mp3 C:\Users\Violetta\Music\iTunes\iTunes Music\Music\Snow Patrol\German Top100 Single Charts\Crack The Shutters.mp3 C:\Users\Violetta\Music\iTunes\iTunes Music\Music\Snow Patrol\German Top100 Single Charts\Crack The Shutters.mp3.files C:\Users\Violetta\Music\iTunes\iTunes Music\Music\Snow Patrol\German Top100 Single Charts\Crack The Shutters.mp3.smfmf.tmp C:\Users\Violetta\Music\iTunes\iTunes Music\Music\Snow Patrol\German Top100 Single Charts\Crack The Shutters.mp3.files\Crack The Shutters.mp3.smfmf [F:12][D:4]-> C:\Users\Violetta\AppData\Local\Temp [F:4][D:1]-> C:\Users\Violetta\AppData\Roaming\MICROS~1\Windows\Cookies [F:10][D:4]-> C:\Users\Violetta\AppData\Local\MICROS~2\Windows\TEMPOR~1\content.IE5 [F:3][D:3]-> C:\$Recycle.Bin 1 - "C:\Lop SD\LopR_1.txt" - 13.03.2010|17:10 - Option : [1] --------------------\\ Scan beendet um 17:10:26 [ UAC => 1 ] |
|
13.03.2010, 18:28
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.FakeAV!gen24 Ok. Mach bitte ein Log mit CF, dann sollten wir eigentlich fast durch sein: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojan.FakeAV!gen24 |
| adobe, antivirus, bho, defender, desktop, firefox, google, gupdate, hijack, hijackthis, hängen, intrusion prevention, local\temp, monitor, mozilla, pdf-datei, photoshop, plug-in, programm, prozesse, registry, rundll, server, software, symantec, system, temp, trojan.fakeav, vista, vodafone, windows |
Linear-Darstellung
