Hallo,

ich hatte vor einigen Tagen das Problem, dass sich bei meine IE laufend Fenster geoeffnet hatten, ohne dass ich es wollte. Habe Norton mal drueber laufen lassen und einige Viren und Trojaner entfernt.

Nun ging es einige Tage lang gut, bis sich nun nicht mehr alle Internetseiten oeffnen lassen. So funktioneren z.B. hotmail oder die google suche nicht, am wireless liegt es aber nicht weil es ueber andere PCs funktioniert.

Ich habe mal HijackThis drueberlaufen lassen, hier ist der Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:21 p.m., on 2/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\pdf24\PDFBackend.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navw32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files\pdf24\PDFBackend.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Lilly\AppData\Local\Temp\jkkIATjI.dll,c
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [BMe1ce44a5] Rundll32.exe "C:\Users\Lilly\AppData\Local\Temp\skbucfwt.dll",s
O4 - HKCU\..\Run: [e2fd7739] rundll32.exe "C:\Users\Lilly\AppData\Local\Temp\vcdcbgqe.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java ??? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ×??ˉ LiveUpdate μ÷?è3ìDò (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Da ich keine Ahnung von PCs habe waere es nett, wenn mal jemand drueberschauen koennte oder eine Loesung fuer mein Problem hat.

Danke, milky-way

[QUOTE=markusg;336073]Hallo,
ich bin Markus und wir werden in der nächsten Zeit Zusammenarbeiten.
Bitte mache keinerlei alleingänge bei der Reinigung und warte auf meine Anweisungen!
Das Auswerten der Logfiles kann immer eine Weile dauern also hab Geduld!

Schritt 1:
Teile mir dein genaues Problem mit. Wenn dein Antivirenprogramm Funde gemacht hat, schreibe mir was und wo gefunden wird poste eventuellforhandene logs.

Schritt 2:

kannst du alles auf deinem Rechner sehen? Überprüfe deine Einstellungen.

Im Windows-Explorer:
>Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und >Extras >Ordneroptionen
>den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren.

Schritt 3:

1. Lade das filelist.zip auf deinen Desktop herunter.
2. entpacke
   die Zip-Datei auf deinen Desktop (kostenlose Zip-Tools)
   
3. starte deinen Rechner neu auf
4. öffne die nun auf deinem Destop vorhandene filelist.bat mit einem Doppelklick auf die Datei
5. dein Editor
   (Textverarbeitungsprogramm) wird sich öffnen
6. markiere von diesem Inhalt aus jedem Verzeichnis jeweils die letzten 30 Tage, wähle kopieren, füge diese
   Dateien deinem nächsten Beitrag an

• Ein dickes Dankeschön an unseren Moderator Karl83 für die filelist.bat
  (Anleitung)

Dies sind die
Verzeichnisse von denen wir jeweils die letzten 30 Tage sehen wollen:
Verzeichnis von C:\
Verzeichnis von C:\%WinDir%\%System%
Verzeichnis von C:\%WinDir%
Verzeichnis von C:\%WinDir%\Prefetch (Windows XP)
Verzeichnis von C:\%WinDir%\tasks
Verzeichnis von C:\%WinDir%\Temp
Verzeichnis von C:\DOCUME~1\Name\LOCALS~1\Temp

Hinweis:
%WinDir%, %System% sind Variable (?). Normalerweise ist dies C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), oder C:\Windows\System32
(Windows XP).

Schritt 4:
Laden und Instalieren von Hijackthis:
Besuche die Seite:
http://www.zdnet.de/downloads/prg/n/m/deGNNM-wc.htmlInstaller." Speichere diese Version auf Deinem PC.
Liste mit 1 Einträgen
• Doppelklicke auf "HJTInstall.exe" und folge den Anweisungen zum Installieren von HijackThis.
Listen Ende
Tu noch nichts weiter mit dem Programm wir benötigen es noch!

Schritt 5:

Bitte lade Deckard's System Scanner (DSS) herunter und speichere es auf
dem Desktop.
NB: Du musst mit Administrator-Rechten angemeldet sein.

1. Schließe ALLE Anwendungen und Fenster.
2. Doppel-klicke
   auf dss.exe um es auszuführen und folge den Prompts.
3. Wenn der Scan vollendet ist, werden sich zwei Textdateien öffnen -
   
   main.txt <- dieses wird maximiert dargestellt und
   extra.txt <- dieses wird als minmierte Datei dargestellt
   
4. Kopiere (STRG+A und STRG+C) und füge STRG+V) den Inhalt von main.txt und den Inhalt von extra.txt in deine nächste Antwort ein.

Hallo Markus,

Danke fuer deine Hilfe. Tut mir leid,dass das jetzt wahrscheinlich alles ein wenig kompliziert wird, weil ich einfach nicht viel Ahnung von so was habe.

Schritt 1: Zurzeit ist mein Problem, dass ich bestimmte Internetseiten nicht oeffnen kann (zB google suchen, hotmail, gmx). Am Internet kann es nicht liegen, da ich auf anderen PCs genau die gleichen Seiten oeffnen kann, es geht also nur auf meinem Laptop nicht.

Vor einer Woche hatte ich das Problem, dass laufen IE Fenster sich ungefordert oeffneten, es waren teilweise bis an die 80. Mein Norton fand:
mhm, Norton laesst sich jetzt merkwuerdigerweise nicht mehr oeffnen. Aber soweit ich mich erinnern kann war es:

Trojan.Vundo
das zweite war irgendwas in richtug "grey..."?

Schritt 2: habe ich erledigt, alles wird angezeigt

Schritt 3: ging irgendwie nicht, habe es nach dem Neustart geoeffnet und folgendes wurde angezeigt: not supported windows version

Schritt 4: Link ging nicht


es tut mir echt leid, dass ich mich so doof anstelle. danke fuer deine hilfe
milky-way

Schritt 5:
main.txt:

-- Last 5 Restore Point(s) --
7: 2008-04-30 10:39:05 UTC - RP206 - Removed LiveUpdate (Symantec Corporation)
6: 2008-04-28 04:53:46 UTC - RP205 - 计划的检查点
5: 2008-04-26 17:03:03 UTC - RP204 - 计划的检查点
4: 2008-04-25 18:30:28 UTC - RP203 - 计划的检查点
3: 2008-04-24 16:00:05 UTC - RP202 - 计划的检查点


-- First Restore Point --
1: 2008-04-22 09:54:14 UTC - RP200 - 计划的检查点


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Lilly.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:43 p.m., on 3/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\pdf24\PDFBackend.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Windows\system32\conime.exe
C:\Users\Lilly\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lilly.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files\pdf24\PDFBackend.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Lilly\AppData\Local\Temp\jkkIATjI.dll,c
O4 - HKCU\..\Run: [e2fd7739] rundll32.exe "C:\Users\Lilly\AppData\Local\Temp\scdjrypc.dll",b
O4 - HKCU\..\Run: [BMe1ce44a5] Rundll32.exe "C:\Users\Lilly\AppData\Local\Temp\spapxkmk.dll",s
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java ??? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ×??ˉ LiveUpdate μ÷?è3ìDò (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11040 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080502-195237-268 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
backup-20080502-195237-293 O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
backup-20080502-195237-468 O13 - Gopher Prefix:

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 IGALIVE - \??\c:\program files\igalive\igalive.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 PACSPTISVR - c:\program files\common files\sony shared\avlib\pacsptisvr.exe <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-28 20:00:13 508 --a------ C:\Windows\Tasks\Norton Internet Security - 运行全面系统扫描 - Lilly.job


-- Files created between 2008-04-03 and 2008-05-03 -----------------------------

2008-11-12 12:00:00 94208 --a------ C:\Windows\system32\MSSTKPRP.DLL <Not Verified; Microsoft Corporation; msprop32>
2008-11-12 12:00:00 7168 --a------ C:\Windows\system32\MSPRPCHS.DLL <Not Verified; Microsoft Corporation; msprop32>
2008-05-02 19:18:53 0 d-------- C:\Program Files\Trend Micro
2008-04-30 08:58:17 0 dr------- C:\Windows\system32\wxptdi.sys
2008-04-30 08:58:17 0 dr------- C:\Windows\system32\fat32.sys
2008-04-30 08:58:17 0 dr------- C:\Windows\system32\drivers\usb32k.sys
2008-04-30 08:58:17 0 dr------- C:\Windows\system32\drivers\puid.sys
2008-04-30 08:58:17 0 dr------- C:\Windows\system32\drivers\pop.sys
2008-04-30 08:58:17 0 dr------- C:\Windows\system32\drivers\phy.sys
2008-04-30 08:58:17 0 dr------- C:\Windows\system32\drivers\pcihdd.sys
2008-04-30 08:58:17 0 dr------- C:\Windows\system32\drivers\pcidisk.sys
2008-04-30 08:58:17 0 dr------- C:\Windows\system32\drivers\pcibus.sys
2008-04-30 08:58:17 0 dr------- C:\Windows\system32\drivers\msaclue.sys
2008-04-30 08:58:17 0 dr------- C:\Windows\system32\drivers\ati32srv.sys
2008-04-30 08:58:17 0 dr------- C:\Windows\system32\dnsq.dll
2008-04-28 10:18:28 0 d-------- C:\Program Files\V41
2008-04-28 10:17:48 327168 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield? unInstaller>
2008-04-18 17:55:36 0 d-------- C:\Program Files\iPod
2008-04-18 17:55:07 0 d-------- C:\Program Files\iTunes
2008-04-18 15:40:15 0 d-------- C:\Program Files\Apple Software Update
2008-04-14 20:35:36 0 d-------- C:\Program Files\pdf24
2008-04-14 19:35:47 106496 -----n--- C:\Windows\system32\fppr232.dll <Not Verified; FinePrint Software, LLC; FinePrint pdfFactory>
2008-04-14 19:35:47 274432 -----n--- C:\Windows\system32\fppmon2.dll <Not Verified; FinePrint Software, LLC; FinePrint pdfFactory>
2008-04-14 19:35:47 40960 -----n--- C:\Windows\system32\fppent2a.dll


-- Find3M Report ---------------------------------------------------------------

2008-05-03 23:21:00 0 d-------- C:\Users\Lilly\AppData\Roaming\Skype
2008-05-03 23:19:18 41799 --a------ C:\Users\Lilly\AppData\Roaming\nvModes.001
2008-05-03 21:59:49 192206 --a------ C:\Windows\system32\prfh0804.dat
2008-05-03 21:59:49 75078 --a------ C:\Windows\system32\prfc0804.dat
2008-04-30 14:39:15 41799 --a------ C:\Users\Lilly\AppData\Roaming\nvModes.dat
2008-04-18 17:52:56 0 d-------- C:\Program Files\QuickTime
2008-04-13 10:17:56 0 d-------- C:\Program Files\Windows Mail
2008-04-08 01:28:38 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-07 20:00:24 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-01 19:55:47 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-10 20:29:49 0 d-------- C:\Users\Lilly\AppData\Roaming\HP
2008-03-07 22:22:23 0 d-------- C:\Program Files\EvilLyrics
2008-02-05 12:59:27 40960 --a------ C:\Windows\NCLAUNCH.EXe <Not Verified; Northern Codeworks; Northern Codeworks NCLaunch>
2008-02-05 12:59:26 45056 --a------ C:\Windows\NCUNINST.EXe <Not Verified; Northern Codeworks; Uninstall>
2008-02-04 19:30:44 0 -rahs---- C:\MSDOS.SYS
2008-02-04 19:30:44 0 -rahs---- C:\IO.SYS


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
12/10/2007 08:08 a.m. 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
05/02/2008 11:31 a.m. 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [18/12/2007 11:51 a.m.]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [16/11/2007 08:20 a.m.]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [16/11/2007 08:19 a.m.]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [16/11/2007 08:19 a.m.]
"RtHDVCpl"="RtHDVCpl.exe" [25/08/2007 08:06 a.m. C:\Windows\RtHDVCpl.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [10/06/2007 08:12 a.m.]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [19/09/2007 11:09 a.m.]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [14/02/2008 11:01 a.m.]
"Microsoft Pinyin IME Migration"="C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.exe" [26/10/2006 02:53 p.m.]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [02/04/2007 10:35 a.m.]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 03:10 p.m.]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 a.m.]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 p.m.]
"PDFPrint"="C:\Program Files\pdf24\PDFBackend.exe" [31/01/2008 08:17 a.m.]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 11:37 p.m.]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 a.m.]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe" [12/12/2007 03:57 p.m.]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34 a.m.]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [24/10/2007 05:18 a.m.]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [29/01/2007 04:03 p.m.]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 08:34 p.m.]
"cmds"="C:\Users\Lilly\AppData\Local\Temp\jkkIATjI.dll,c" []
"e2fd7739"="C:\Users\Lilly\AppData\Local\Temp\scdjrypc.dll,b" []
"BMe1ce44a5"="C:\Users\Lilly\AppData\Local\Temp\spapxkmk.dll,s" []
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [13/05/2007 10:57 p.m.]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 14/08/2007 08:05 p.m. 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
rundll32.exe C:\Users\Lilly\AppData\Local\Temp\jkkIATjI.dll,c

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc70b131-d234-11dc-a1fe-001a80b494e1}]
AutoRun\command- G:\setupSNK.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 xxx.j41m.com

39 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-03 23:26:08 ------------

extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft? Windows Vista? Home Basic (build 6000)
Architecture: X86; Language: Chinese

CPU 0: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1533.81 MiB / 790.46 MiB
Pagefile Memory (total/avail): 3303.7 MiB / 2215.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.36 MiB

C: is Fixed (NTFS) - 142.3 GiB total, 41.92 GiB free.
D: is Removable (No Media)
E: is Removable (No Media)
F: is CDROM (No Media)
H: is Removable (FAT)

\\.\PHYSICALDRIVE1 - MemoryStick0 Device

\\.\PHYSICALDRIVE2 - SD1 Device

\\.\PHYSICALDRIVE0 - FUJITSU MHY2160BH - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 6.75 GiB
\PARTITION1 (bootable) - Installable File System - 142.3 GiB - C:

\\.\PHYSICALDRIVE3 - Imation Nano USB Device - 980.53 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 981.98 MiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: Avira AntiVir PersonalEdition v 6.38.0.225
(Avira GmbH) Outdated
AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AS: Avira AntiVir PersonalEdition v 6.38.0.225
(Avira GmbH) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Outdated
AS: Norton Internet Security v15.0.0.60 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Kingsoft\\Powerword 2007 for VAIO\\xdict.exe"="C:\\Program Files\\Kingsoft\\Powerword 2007 for VAIO\\xdict.exe:*:Enabled:Kingsoft PowerWord"
"C:\\Program Files\\Kingsoft\\Powerword 2007 for VAIO\\update.exe"="C:\\Program Files\\Kingsoft\\Powerword 2007 for VAIO\\update.exe:*:Enabled:Kingsoft PowerWord Online Update"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Lilly\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LILLY-PC
ComSpec=C:\Windows\system32\cmd.exe
configsetroot=C:\Windows\ConfigSetRoot
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Lilly
LOCALAPPDATA=C:\Users\Lilly\AppData\Local
LOGONSERVER=\\LILLY-PC
ndldevlock=C7DB3BE5B760D852
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SNYERROR=C:\Windows\Temp\Snyerr.log
SNYRES=C:\Windows\System32\Snyres.oem
SNYSPLST=C:\Windows\System32\Snysplst.oem
SNY_LOGONUSER=Administrator
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Lilly\AppData\Local\Temp
TMP=C:\Users\Lilly\AppData\Local\Temp
USERDOMAIN=Lilly-PC
USERNAME=Lilly
USERPROFILE=C:\Users\Lilly
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Lilly


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{046885A1-B4AE-4459-A0D1-8C93706698D6}\setup.exe" -runfromtemp -l0x0804 -removeonly
--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
--> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{786547F9-59BB-4FA3-B2D8-327FF1F14870}
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS3 Extended 优化版 --> "C:\Program Files\Adobe\Adobe Photoshop CS3\unins000.exe"
Adobe Reader 8.1.2 - Chinese Simplified --> MsiExec.exe /I{AC76BA86-7AD7-2052-7B44-A81200000003}
Alps Pointing-device for VAIO --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Avira AntiVir PersonalEdition Classic --> C:\Program Files\AntiVir PersonalEdition Classic\setup.exe /REMOVE
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Celestia 1.4.1 --> "C:\Program Files\Celestia\unins000.exe"
Click to Disc --> C:\Program Files\InstallShield Installation Information\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}\setup.exe -runfromtemp -l0x0804 -removeonly
Click to Disc Editor --> C:\Program Files\InstallShield Installation Information\{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}\setup.exe -runfromtemp -l0x0804
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eBay.de - Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
FunkyPlot V1.0.2 --> "C:\Program Files\FunkyPlot-1.0.2\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x7 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
Half-Life --> C:\Windows\IsUn0407.exe -fC:\SIERRA\Half-Life\Uninst.isu -c"C:\SIERRA\Half-Life\HLUNINST.DLL"
HDAUDIO SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\UIU32m.exe -U -ISnSZIRXz.inf
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Access MUI (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-0015-0804-0000-0000000FF1CE}
Microsoft Office Excel MUI (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-0016-0804-0000-0000000FF1CE}
Microsoft Office IME (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-0028-0804-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-001A-0804-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-0018-0804-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110804-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-001F-0804-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proofing (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-002C-0804-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-0019-0804-0000-0000000FF1CE}
Microsoft Office Shared MUI (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-006E-0804-0000-0000000FF1CE}
Microsoft Office Word MUI (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-001B-0804-0000-0000000FF1CE}
Microsoft VC80 Support DLLs --> MsiExec.exe /I{342F5437-C87D-4BB5-89B9-B23E16C6A395}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
N Schach 2.3 --> "C:\Program Files\N Schach\unins000.exe"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite --> C:\ProgramData\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_ger_web.exe
Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenMG Limited Patch 4.7-07-15-19-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-15-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
pdf24 --> "C:\Program Files\pdf24\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x804 -removeonly
Roxio Activation Module --> MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
Roxio Easy Media Creator Home --> MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
R鋞sel-Generator --> C:\Windows\unin0407.exe -f"C:\Program Files\pics\RaetselGenerator\DeIsL1.isu" -c"C:\Program Files\pics\RaetselGenerator\_ISREG32.DLL"
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Setting Utility Series --> "C:\Program Files\InstallShield Installation Information\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}\setup.exe" -runfromtemp -l0x0804 -removeonly
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SonicStage Mastering Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6332AFF1-9D9A-429C-AA03-F82749FA4F49}\setup.exe" -l0x804 -removeonly
SonicStage Mastering Studio Audio Filter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}\setup.exe" -l0x804 -removeonly
SonicStage Mastering Studio Audio Filter 自定义预设置 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}\setup.exe" -l0x804 -removeonly
SonicStage Mastering Studio Plugins --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}\setup.exe" -l0x804 -removeonly
Sony Video Shared Library --> C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe -runfromtemp -l0x0804 -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Update for Office 2007 (KB934528) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
V41 --> C:\Windows\IsUninst.exe -f"C:\Program Files\V41\Uninst.isu"
VAIO Content Folder Setting --> "C:\Program Files\InstallShield Installation Information\{23825B69-36DF-4DAD-9CFD-118D11D80F16}\setup.exe" -runfromtemp -l0x0804 -removeonly
VAIO Content Metadata Intelligent Analyzing Manager --> C:\Program Files\InstallShield Installation Information\{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}\setup.exe -runfromtemp -l0x0804 -removeonly
VAIO Content Metadata Manager Setting --> C:\Program Files\InstallShield Installation Information\{69351E9E-23ED-41D5-B146-EDBF83C63B66}\setup.exe -runfromtemp -l0x0804 -removeonly
VAIO Content Metadata XML Interface Library --> C:\Program Files\InstallShield Installation Information\{B5E2DF30-1061-4DB4-AF28-08996C8E5680}\setup.exe -runfromtemp -l0x0804 -removeonly
VAIO Control Center --> "C:\Program Files\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -runfromtemp -l0x0804 -removeonly
VAIO DVD Menu Data Basic --> C:\Program Files\InstallShield Installation Information\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}\setup.exe -runfromtemp -l0x0804 -removeonly
VAIO Entertainment Platform --> C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe -runfromtemp -l0x0804 -removeonly
VAIO Event Service --> "C:\Program Files\InstallShield Installation Information\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}\setup.exe" -runfromtemp -l0x0804 -removeonly
VAIO Launcher --> "C:\Program Files\InstallShield Installation Information\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}\setup.exe" -runfromtemp -l0x0804 -removeonly
VAIO Media 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x804 UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x804 UNINSTALL
VAIO Media Content Collection 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500162A0-4DD5-460A-BAFD-895AAE48C532}\setup.exe" -l0x804 UNINSTALL -removeonly
VAIO Media Integrated Server 6.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x804 UNINSTALL -removeonly
VAIO Media Redistribution 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x804 UNINSTALL -removeonly
VAIO Media Registration Tool 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x804 UNINSTALL -removeonly
VAIO Movie Story Template Data --> C:\Program Files\InstallShield Installation Information\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}\setup.exe -runfromtemp -l0x0804 -removeonly
VAIO MusicBox --> "C:\Program Files\InstallShield Installation Information\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}\setup.exe" -runfromtemp -l0x0804 -removeonly
VAIO Original Function Setting --> "C:\Program Files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe" -runfromtemp -l0x0804 -removeonly
VAIO Power Management --> "C:\Program Files\InstallShield Installation Information\{802889F8-6AF5-45A5-9764-CA5B999E50FC}\setup.exe" -runfromtemp -l0x0804 -removeonly
VAIO Smart Network --> "C:\Program Files\InstallShield Installation Information\{3B659FAD-E772-44A3-B7E7-560FF084669F}\setup.exe" -runfromtemp -l0x0804 -removeonly
VAIO Update 3 --> "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -runfromtemp -l0x0804 -removeonly
VAIO Wallpaper Contents --> "C:\Program Files\InstallShield Installation Information\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}\setup.exe" -runfromtemp -l0x0804 -removeonly
VAIO 数据恢复工具 --> C:\Program Files\InstallShield Installation Information\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\setup.exe -runfromtemp -l0x0804 -removeonly
VAIO 用户手册 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA171A69-F942-40DA-AE3A-EA91026A1CAE}\setup.exe" -l0x804 -removeonly
VAIO用户在线登录 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{961B89D8-D2AA-4A5F-935D-B43159AF6DA6}\setup.exe" -l0x804 -removeonly
Windows Live installer --> MsiExec.exe /I{EC46FBC0-D751-4F42-97AD-9880802BE14A}
Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Movie Maker 2.6 --> MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}
Windows 驱动程序包 - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccswpddriver.inf_a419b392\pccswpddriver.inf
Windows 驱动程序包 - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_48f6f624\pccs_bluetooth.inf
Windows 驱动程序包 - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_51d2d3e1\pccs_bluetooth.inf
Windows 驱动程序包 - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_e5643fdd\nokbtmdm.inf
WinDVD for VAIO --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0804
WinRAR 压缩文件管理器 --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type11540 / Error
Event Submitted/Written: 05/03/2008 11:19:06 PM
Event ID/Source: 7 / VzCdbSvc
Event Description:
加载插件模块失败。（GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}）（错误代码 = 0x80042019）

Event Record #/Type11539 / Success
Event Submitted/Written: 05/03/2008 11:19:06 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type11534 / Success
Event Submitted/Written: 05/03/2008 11:19:03 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type11529 / Success
Event Submitted/Written: 05/03/2008 11:18:26 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
软件授权服务已经启动。

Event Record #/Type11486 / Error
Event Submitted/Written: 05/03/2008 10:42:26 PM
Event ID/Source: 7 / VzCdbSvc
Event Description:
加载插件模块失败。（GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}）（错误代码 = 0x80042019）



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type25739 / Error
Event Submitted/Written: 05/03/2008 11:19:43 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type25651 / Warning
Event Submitted/Written: 05/03/2008 10:46:53 PM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
后台打印程序无法重新打开已有打印机连接，这是因为它无法从注册表项 S-1-5-18\Printers\Connections 读取配置信息。后台打印机程序无法打开注册表项。当注册表项损坏或丢失时，或最近注册表不可用时，会发生这种情况。

Event Record #/Type25650 / Warning
Event Submitted/Written: 05/03/2008 10:46:53 PM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
后台打印程序无法重新打开已有打印机连接，这是因为它无法从注册表项 S-1-5-18\Printers\Connections 读取配置信息。后台打印机程序无法打开注册表项。当注册表项损坏或丢失时，或最近注册表不可用时，会发生这种情况。

Event Record #/Type25596 / Error
Event Submitted/Written: 05/03/2008 10:42:30 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type25536 / Warning
Event Submitted/Written: 05/03/2008 10:39:53 PM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:




-- End of Deckard's System Scanner: finished at 2008-05-03 23:26:08 ------------

sorry übersehen das du vista hast. dein system ist ncoh ziemlich verseucht. mache weiter mit combofix:
http://virus-protect.org/artikel/tools/combofix.html
bitte genauestens an anleitung halten und das log posten. ich sehe mir dann alles an. Bitte verzichte auf onlinegeschäfte aller art und surfe nur auf den seiten, die ich dir sage. an sonsten am besten netzwerkkabel ziehen oder wlan aus.

ComboFix 08-05-01.3 - Lilly 2008-05-04 0:38:52.1 - NTFSx86

執行位置: C:\Users\Lilly\Desktop\ComboFix.exe
* 已建立新的還原點
.

(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\msaclue.sys
C:\Windows\system32\drivers\pop.sys
C:\Windows\system32\fat32.sys

.
(((((((((((((((((((((((((((( 2008-04-03 - 2008-05-03 之間建立的檔案 )))))))))))))))))))))))))))))))))
.

在指定的時間內無新增的檔案

.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 04:00 94,208 ----a-w C:\Windows\System32\MSSTKPRP.DLL
2008-11-12 04:00 7,168 ----a-w C:\Windows\System32\MSPRPCHS.DLL
2008-11-12 04:00 36,864 ----a-w C:\Windows\System32\MFC42CHS.DLL
2008-05-03 16:38 6,736 ----a-w C:\Windows\system32\drivers\PROCEXP90.SYS
2008-05-03 16:30 --------- d-----w C:\ProgramData\Symantec
2008-05-03 16:19 --------- d-----w C:\Users\Lilly\AppData\Roaming\Skype
2008-05-02 11:18 --------- d-----w C:\Program Files\Trend Micro
2008-04-30 06:39 41,799 ----a-w C:\Users\Lilly\AppData\Roaming\nvModes.dat
2008-04-28 02:18 --------- d-----w C:\Program Files\V41
2008-04-18 09:55 --------- d-----w C:\Program Files\iTunes
2008-04-18 09:55 --------- d-----w C:\Program Files\iPod
2008-04-18 09:52 --------- d-----w C:\Program Files\QuickTime
2008-04-18 07:40 --------- d-----w C:\Program Files\Apple Software Update
2008-04-14 12:38 --------- d-----w C:\Program Files\pdf24
2008-04-13 02:17 --------- d-----w C:\Program Files\Windows Mail
2008-04-13 02:12 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-07 17:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-07 12:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-01 11:55 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-12 19:03 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-12 19:03 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-10 12:29 --------- d-----w C:\Users\Lilly\AppData\Roaming\HP
2008-03-07 14:22 --------- d-----w C:\Program Files\EvilLyrics
2008-03-06 13:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 13:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 13:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-16 19:14 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-02-16 19:14 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-02-16 19:14 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-02-16 19:14 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-02-16 19:14 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-02-16 19:14 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-02-16 19:14 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-02-16 19:14 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-02-16 19:14 2,923,520 ----a-w C:\Windows\explorer.exe
2008-02-16 19:14 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-16 19:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-16 19:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-16 19:08 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-16 19:08 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-16 19:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-16 19:06 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-16 19:06 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-16 19:06 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-16 19:06 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-16 19:06 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-16 19:06 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-16 19:06 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-02-16 19:06 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-16 19:04 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-02-05 05:47 88,576 ----a-w C:\Windows\System32\infocardapi.dll
2008-02-05 05:47 779,800 ----a-w C:\Windows\System32\PresentationNative_v0300.dll
2008-02-05 05:47 579,584 ----a-w C:\Windows\System32\icardagt.exe
2008-02-05 05:47 350,744 ----a-w C:\Windows\System32\PresentationHost.exe
2008-02-05 05:47 33,304 ----a-w C:\Windows\System32\PresentationHostProxy.dll
2008-02-05 05:47 11,776 ----a-w C:\Windows\System32\icardres.dll
2008-02-05 05:47 106,520 ----a-w C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2008-02-05 05:41 96,760 ----a-w C:\Windows\System32\dfshim.dll
2008-02-05 05:41 41,984 ----a-w C:\Windows\System32\netfxperf.dll
2008-02-05 05:40 84,480 ----a-w C:\Windows\System32\mscories.dll
2008-02-05 05:40 282,112 ----a-w C:\Windows\System32\mscoree.dll
2008-02-05 05:40 158,720 ----a-w C:\Windows\System32\mscorier.dll
2008-02-05 04:59 45,056 ----a-w C:\Windows\NCUNINST.EXe
2008-02-05 04:59 40,960 ----a-w C:\Windows\NCLAUNCH.EXe
2008-02-05 02:17 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-02-05 02:17 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-02-05 02:17 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-02-05 02:17 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-02-05 02:17 33,624 ----a-w C:\Windows\System32\wups.dll
2008-02-05 02:17 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-02-05 02:17 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-05 02:17 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-02-05 02:17 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-12-18 05:02 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-10-12 08:08 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-05 11:31 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-10-12 08:08 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe" [2007-12-12 15:57 253952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-24 05:18 443968]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-29 16:03 25488424]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 20:34 201728]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 22:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-18 11:51 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-16 08:20 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-16 08:19 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-16 08:19 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-25 08:06 4669440 C:\Windows\RtHDVCpl.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 08:12 118784]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 11:09 311296]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"Microsoft Pinyin IME Migration"="C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.exe" [2006-10-26 14:53 32560]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35 327720]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PDFPrint"="C:\Program Files\pdf24\PDFBackend.exe" [2008-01-31 08:17 134144]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-08-14 20:05 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\Lilly\AppData\Local\Temp\jkkIATjI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C0AE1B1F-9CE7-461A-9973-00BDE6FDEBB1}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5F843F2D-4047-41E1-BCA6-B538815A9EE9}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{1542235B-401D-4FBF-AFF8-6411EF6E26B1}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"TCP Query User{4DE7926F-5513-4E80-86E3-07536CDAE5F5}C:\\program files\\musicbrainz picard\\picard.exe"= UDP:C:\program files\musicbrainz picard\picard.exe:The next generation MusicBrainz tagger
"UDP Query User{DCDD25DE-DEAA-45D8-B266-7C7CAD18D720}C:\\program files\\musicbrainz picard\\picard.exe"= TCP:C:\program files\musicbrainz picard\picard.exe:The next generation MusicBrainz tagger
"TCP Query User{681018FE-1395-4DC3-9C3C-2862E6E247CB}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{D355DF61-21F5-49CA-84C8-07CFF284B262}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{91B69E91-D552-47D2-A696-3B7401FAB4F5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD0530B3-85B0-49F0-B782-C46EA566D085}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3809505B-75B5-4899-BD6B-518361C6F2B9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2407172D-0A93-401C-8EC3-DCBAFB3A2CCB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B159FE6C-8B01-4D73-8EBE-ACF502429B4F}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:ebay.de - Skype
"UDP Query User{30B4C981-6F69-4AAE-87BB-EAD3BF03B3DD}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:ebay.de - Skype
"{1D0FBD52-02C8-49E4-9B8D-77EA98FD07ED}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DF026753-763C-453B-A69C-E9B0F6E6EEBC}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Kingsoft\\Powerword 2007 for VAIO\\xdict.exe"= C:\Program Files\Kingsoft\Powerword 2007 for VAIO\xdict.exe:*:Enabled:Kingsoft PowerWord
"C:\\Program Files\\Kingsoft\\Powerword 2007 for VAIO\\update.exe"= C:\Program Files\Kingsoft\Powerword 2007 for VAIO\update.exe:*:Enabled:Kingsoft PowerWord Online Update

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080429.001\IDSvix86.sys [2008-02-14 00:18]
R2 IGALIVE;IGALIVE;C:\Program Files\IGALIVE\IGALIVE.sys [2007-07-10 11:16]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 NSUService;NSUService;"C:\Program Files\Sony\Network Utility\NSUService.exe" [2007-12-12 12:07]
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 20:09]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-25 08:03]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-15 08:28]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 09:58]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-12 08:13]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 08:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-10-25 08:03]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 16:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 15:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-09-28 21:11]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-09-20 18:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc70b131-d234-11dc-a1fe-001a80b494e1}]
\shell\AutoRun\command - G:\setupSNK.exe

*Newly Created Service* - COMHOST
.
排程工作資料夾的內容
"2008-04-28 12:00:13 C:\Windows\Tasks\Norton Internet Security - 运行全面系统扫描 - Lilly.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 00:45:31
Windows 6.0.6000 NTFS

掃描隱藏的程序 ...

掃描隱藏的進程 ...

掃描隱藏的檔案 ...


folder error: C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
folder error: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\conime.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
完成時間: 2008-05-04 0:50:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-03 16:49:34

系统无法在消息文件中为 Application 找到消息号为 0x2379 的消息文本。
系统无法在消息文件中为 Application 找到消息号为 0x2379 的消息文本。

254 --- E O F --- 2008-04-13 02:12:30

* Lade Malwarebytes' Anti-Malware auf deinen Desktop herunter.
Malwarebytes.org - 10k -
* Mache einen Doppel-Klick auf die mbam-setup.exe und folge den Hinweisen, um das Programm zu installieren.
* Vergewissere dich nun, dass folgende Optionen angehakt sind:

o Malwarebytes' Anti-Malware updaten
o Malwarebytes' Anti-Malware starten

* Klicke nun auf Fertigstellen.
* Wenn ein Update gefunden wird, wird es heruntergeladen und die neueste Version installieren.
* Wenn das Programm fertig geladen ist, wähle kompletScan durchführen, klicke auf Scan.
* Wenn der Scan beendet ist, klicke auf OK, dann auf Ergebnisse anzeigen.
* Vergewissere dich, dass neben allen Malware-Einträgen ein Häkchen sitzt.
* Klicke dann auf 'Ausgewähltes entfernen' und auf OK.

log zeigen.
edit:
bitte wieder alle programme abschalten auch antivir

der scan bricht ab mit der nachricht:

run-time error '6': overflow

es steht ausserdem noch da:

leere Verzeichnis Variable in der Datenbank entdeckt. Bitte geben Sie diese Fehlermeldung an uns weiter.

der zweite virus der von norton gefunden wurde war backdoor.graybird

danke nochmal fuer deine hilfe

bitte versuche das programm erneut zu laden und dann zu scannen oder einen scan im abgesicherten modus.

habe es nochmal neu geladen und zweimal versucht zu scannen, auch einmal im abgesicherten modus. jedes mal die gleiche fehlermeldung wie schon zuvor