| theanswer | 09.06.2009 17:32 |
TR/Spy.Agent - LogFile
Hallo :)
ich hab mir vor ein paar Tagen einen Trojaner (TR/Spy.Agent) eingefangen, jetzt hab ich hier mal die Log-Datei vom ComboFix. Ich hoff ich hab bis hierhin alles richtig gemacht. Kenne mich leider nicht so gut mit PC´s aus. Wenn etwas wichtiges fehlt, bitte Bescheid sagen :) .
Danke im Voraus :)
P.S.
Das was ich für wichtig gehalten habe in dem Log-File, habe ich fett markiert. Code:
ComboFix 09-06-08.05 - *** 09.06.2009 17:53.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1290 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Seekapp
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlxf.dll
c:\program files\Seekapp
c:\windows\system32\3261934.dll
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_RelevantKnowledge
((((((((((((((((((((((( Dateien erstellt von 2009-05-09 bis 2009-06-09 ))))))))))))))))))))))))))))))
.
2009-06-09 16:00 . 2009-06-09 16:00 -------- d-sh--w- \$RECYCLE.BIN
2009-06-09 15:57 . 2009-06-09 15:57 -------- d-----w- C:\temp
2009-06-09 15:57 . 2009-06-09 15:57 -------- d-----w- \temp
2009-06-09 15:51 . 2009-06-09 16:00 -------- d-s---w- \ComboFix
2009-06-09 15:51 . 2009-06-09 15:51 -------- d-----w- \Qoobox
2009-06-06 19:06 . 2009-06-06 19:07 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-06 19:06 . 2009-06-06 19:06 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-06 19:03 . 2009-06-06 19:03 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-06 18:49 . 2009-06-06 18:49 -------- d-----w- c:\users\Artur\AppData\Local\PunkBuster
2009-06-06 09:14 . 2009-06-06 09:14 -------- d-----w- c:\program files\EA GAMES
2009-06-06 09:14 . 2005-02-26 05:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 15:59 . 2009-03-05 15:15 2145837056 --sha-w- \hiberfil.sys
2009-06-09 15:59 . 2009-03-05 15:15 2459639808 --sha-w- \pagefile.sys
2009-06-09 15:58 . 2008-04-22 17:08 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-09 15:22 . 2009-03-05 16:57 73259 ----a-w- c:\users\***\AppData\Roaming\nvModes.dat
2009-06-08 18:57 . 2009-03-29 16:39 -------- d-----w- c:\users\***\AppData\Roaming\teamspeak2
2009-06-08 12:23 . 2008-01-21 07:15 618442 ----a-w- c:\windows\system32\perfh007.dat
2009-06-08 12:23 . 2008-01-21 07:15 122842 ----a-w- c:\windows\system32\perfc007.dat
2009-06-06 12:27 . 2009-03-26 14:40 -------- d-----w- c:\program files\WarRock
2009-05-28 07:22 . 2009-03-05 17:04 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-15 19:53 . 2008-04-23 10:46 -------- d-----w- c:\programdata\FLEXnet
2009-05-13 17:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-06 16:30 . 2009-03-05 16:57 98392 ----a-w- c:\users\Artur\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-06 15:59 . 2009-05-06 15:59 -------- d-----w- c:\program files\VirtualDJ
2009-05-02 14:18 . 2009-05-02 14:18 -------- d-----w- c:\program files\gamigo
2009-05-01 18:50 . 2009-03-05 17:14 -------- d-----w- c:\users\Artur\AppData\Roaming\ICQ
2009-04-30 09:29 . 2009-03-20 20:23 -------- d-----w- c:\program files\Ubisoft
2009-04-30 09:29 . 2008-04-22 17:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-25 19:16 . 2009-04-25 19:16 305664 ----a-w- c:\users\Artur\AppData\Roaming\Thinstall\Program Data\4000005400002i\Acrobat.exe
2009-04-25 19:15 . 2009-04-25 19:15 305664 ----a-w- c:\users\Artur\AppData\Roaming\Thinstall\Program Data\1000000600002i\verclsid.exe
2009-04-25 18:35 . 2009-04-25 18:35 -------- d-----w- c:\users\Artur\AppData\Roaming\Thinstall
2009-04-13 19:45 . 2008-04-23 10:47 -------- d-----w- c:\programdata\Sony Corporation
2009-04-11 22:25 . 2009-04-11 22:24 -------- d-----w- c:\users\***\AppData\Roaming\Download Manager
2009-04-11 20:02 . 2008-04-23 10:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-06 17:04 . 2009-04-06 17:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-20 19:30 . 2009-03-20 19:30 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-03-17 03:38 . 2009-04-15 09:58 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 09:58 24064 ----a-w- c:\windows\system32\amxread.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-12 39408]
"D*EMON Tools Lite"="c:\program files\D*EMON Tools Lite\d*emon.exe" [2008-12-29 687560]
"*dobeUpdater"="c:\program files\Common Files\*dobe\Updater5\*dobeUpdater.exe" [2009-03-07 2356088]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-29 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-29 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-29 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-11-21 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-06 148888]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-05 29744]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2009-03-05 36864]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-23 4718592]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-01-23 1826816]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-4-23 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 18:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F5642049-255E-415A-8624-166FB8A68BD6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CDD9833F-A111-43A8-998C-7D2BE0F75658}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{494AA352-364D-4A87-BEEA-8D54AFC1B608}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{0B4D7B12-BBF6-4D5A-B95E-6D37AE3D0DE3}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{EF4976F6-4D0D-4CB6-95B3-2BF433A2B76E}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{E6E13F53-BFB4-48CC-974B-ED9801D15A07}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"{BEA79E6A-758C-4638-8147-ADCD539E371B}"= UDP:c:\windows\Temp\~os4079.tmp\ossproxy.exe:ossproxy.exe
"{507C1998-2A9D-4860-9323-AC1E67EF1D29}"= UDP:c:\windows\Temp\~os312E.tmp\ossproxy.exe:ossproxy.exe
"{48EEFBE6-0131-412D-A7E4-495A8A43508E}"= UDP:c:\program files\Ubisoft\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game
"{3058E844-FEBF-43A7-BF56-47294389036C}"= TCP:c:\program files\Ubisoft\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game
"{F9888C89-056F-45F8-B3DC-C6E7AA20C12C}"= UDP:c:\program files\Ubisoft\Lost Via Domus\gu.exe:Lost Via Domus Updater
"{EA40FA04-D327-4182-8EA7-3037693891FC}"= TCP:c:\program files\Ubisoft\Lost Via Domus\gu.exe:Lost Via Domus Updater
"{4B669988-717B-4AE4-9362-733A8D6B62A6}"= UDP:c:\program files\Ubisoft\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool
"{02E08583-9A7C-452B-9181-BCD1282BE011}"= TCP:c:\program files\Ubisoft\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool
"{7FA8B87E-D7BB-4CA0-86C0-E620EEAC21B1}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{EF71E480-85DC-49DF-989A-7FE3C9F31734}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{AE168D39-0F13-414D-AE51-270DB8F2F0E3}"= UDP:c:\windows\Temp\~os75EB.tmp\ossproxy.exe:ossproxy.exe
"{6F1FAF96-31F0-41BD-8037-3E12B2384ED3}"= UDP:c:\program files\gamigo\levelr\LevelR\LevelR.bin:LEVEL-
"{B180E47E-EB96-476F-ACD4-41C5E56BB7FE}"= TCP:c:\program files\gamigo\levelr\LevelR\LevelR.bin:LEVEL-
"{F64D2B79-EC29-42C0-B9C6-388F38BF3E67}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BCA158B9-7E94-477A-B250-AA3F0AE39BDF}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{1DCA26BA-A5E0-4B4F-8055-F0DCF2613056}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{2D88D33E-8BAC-449F-AD7A-F97AF907E3C7}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"{794BE29C-E505-48DF-9075-5C4AA926B089}"= UDP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{00ADF17F-299E-4D4C-8599-E6C77FF8F28F}"= TCP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"TCP Query User{F52F0CF1-8CBB-4077-9AE3-D1D470BF4EC7}c:\\users\\***\\desktop\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\users\***\desktop\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"UDP Query User{337F0950-452A-4D7D-AC23-ED28DAFFDADC}c:\\users\\***\\desktop\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\users\***\desktop\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"TCP Query User{8E99FE2E-C2EC-4B2A-B17D-81DFC8FF58B6}c:\\users\\***\\desktop\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\users\***\desktop\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"UDP Query User{47AC7082-6628-4F81-91E9-B68D912B725B}c:\\users\\***\\desktop\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\users\***\desktop\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"TCP Query User{D035D191-0EA2-4F17-8BBF-232F5FB979C9}c:\\program files\\relevantknowledge\\rlvknlg.exe"= UDP:c:\program files\relevantknowledge\rlvknlg.exe:rlvknlg.exe
"UDP Query User{A1073FF2-7392-417A-9CBF-E2E78667CED7}c:\\program files\\relevantknowledge\\rlvknlg.exe"= TCP:c:\program files\relevantknowledge\rlvknlg.exe:rlvknlg.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17.04.2007 21:09 11032]
R2 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [22.04.2008 19:56 98304]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [05.03.2009 17:32 104960]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [05.03.2009 17:32 17408]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [14.02.2008 03:20 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [14.02.2008 03:20 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [17.12.2007 03:57 9344]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [17.08.2007 10:20 812544]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [22.04.2008 20:19 28464]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [05.03.2009 17:42 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [05.03.2009 17:42 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [05.03.2009 17:42 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [05.03.2009 17:39 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [05.03.2009 17:40 87328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
SafeBoot-procexp90.Sys
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.go*gle.de/webhp?rlz=1W1SNYW&ie=UTF-8&oe=UTF-8
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\users\***\AppData\Roaming\M*zilla\Firefox\Profiles\k42egduw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.g*ogle.de/ig?hl=de&source=iglk
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 18:00
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(4356)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\stacsv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-06-09 18:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-06-09 16:05
Vor Suchlauf: 18 Verzeichnis(se), 137.194.199.040 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 138.939.934.720 Bytes frei
244 --- E O F --- 2009-06-05 10:28
| 