Das sieht doch schon etwas freundlicher aus.

Sollte mich nicht wundern, wenn er jetzt etwas schneller ist als zuvor. Gleich nocheinmal.

Scripten mit Combofix

Lade eine neue ComboFixversion auf deinen Desktop.

• Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:

Code: Alles auswählenAufklappen

ATTFilter

KILLALL::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3299BB84-4129-4332-95B7-5364539EC67A}"=-
"{B21E8119-BF96-4D56-BC0B-6E47958FCF67}"=-
         

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

• Nun die Datei cfscript.txt mit der rechten Maustaste auf das Sysmbol von Combofix ziehen!

• Danach das Combofix nochmal ausführen, das System neu starten und das Log von Combofix posten

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

ComboFix 09-04-27.02 - trulli 27.04.2009 22:30.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2045.1246 [GMT 2:00]
ausgeführt von:: c:\users\trulli\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\trulli\Desktop\cfscript.txt
.

((((((((((((((((((((((( Dateien erstellt von 2009-05-27 bis 2009-4-27 ))))))))))))))))))))))))))))))
.

2009-04-27 13:06 . 2009-04-27 13:38 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-27 13:06 . 2009-04-27 13:06 -------- d-----w c:\programdata\Avira
2009-04-27 13:06 . 2009-04-27 13:06 -------- d-----w c:\program files\Avira
2009-04-27 12:59 . 2009-04-27 12:59 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-27 12:59 . 2009-04-27 12:59 -------- d-----w c:\program files\Java
2009-04-27 12:41 . 2009-04-27 12:52 -------- d-----w C:\SMCLpav
2009-04-27 12:39 . 2009-04-27 12:39 -------- d-----w c:\programdata\NortonInstaller
2009-04-17 18:54 . 2009-04-17 18:54 -------- d-----w c:\programdata\WindowsSearch
2009-04-15 16:35 . 2009-04-15 16:35 -------- d-----w c:\users\trulli\AppData\Roaming\Yahoo!
2009-04-15 16:35 . 2009-04-15 17:11 -------- d-----w c:\program files\Yahoo!
2009-04-15 09:08 . 2009-04-15 09:08 -------- d-----w c:\users\trulli\AppData\Roaming\Malwarebytes
2009-04-15 09:08 . 2009-04-15 09:08 -------- d-----w c:\programdata\Malwarebytes
2009-04-15 08:57 . 2009-04-15 08:57 -------- d-----w c:\program files\Trend Micro
2009-04-14 23:24 . 2009-04-14 23:24 -------- d-----w c:\program files\Enigma Software Group
2009-04-14 20:24 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-14 20:24 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-14 20:24 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-14 15:05 . 2009-04-14 15:05 -------- d-----w c:\programdata\Backup
2009-04-14 09:07 . 2009-04-14 09:07 51656 ----a-w c:\windows\system32\drivers\PktIcpt.sys
2009-04-14 08:59 . 2009-04-14 08:59 -------- d-----w c:\users\trulli\AppData\Local\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 20:18 . 2007-05-08 09:33 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-04-27 20:18 . 2006-12-01 08:44 -------- d-----w c:\program files\Roxio
2009-04-27 12:44 . 2007-10-03 20:32 -------- d-----w c:\program files\Google
2009-04-27 12:44 . 2006-11-30 14:02 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-27 12:40 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-27 12:40 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-27 12:40 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-27 12:29 . 2006-12-01 08:24 -------- d-----w c:\program files\Common Files\Adobe
2009-04-15 17:07 . 2008-05-31 13:32 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-15 16:19 . 2008-03-14 12:11 -------- d-----w c:\program files\myTouch
2009-04-15 08:02 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-14 08:41 . 2008-12-22 09:37 -------- d-----w c:\program files\Exact Audio Copy
2009-03-21 09:53 . 2009-03-21 09:36 -------- d-----w c:\program files\ICQ6.5
2009-03-21 09:37 . 2007-12-08 00:13 -------- d-----w c:\program files\ICQ6
2009-03-17 03:38 . 2009-04-14 20:23 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-14 20:23 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 20:23 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-04-14 13:44 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-14 13:44 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-14 13:44 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-14 13:44 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-14 13:44 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-14 13:44 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-14 13:44 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-14 13:44 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-14 13:44 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-14 13:44 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-14 13:44 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-14 13:44 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-14 13:44 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-14 13:44 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-14 13:44 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-14 13:44 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-14 13:44 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-14 13:44 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-14 20:23 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-14 20:23 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-14 20:23 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-14 20:23 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-14 20:23 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-14 20:23 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-14 20:23 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-14 20:23 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 03:04 . 2009-04-14 20:23 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-14 20:23 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-13 08:49 . 2009-04-14 20:23 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-14 20:23 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 09:51 2033152 ----a-w c:\windows\system32\win32k.sys
2008-09-27 19:31 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-09-22 18:51 . 2007-09-22 18:51 2020539 ----a-w c:\program files\cdbxp_setup_4.0.013.220.exe
.

((((((((((((((((((((((((((((( SnapShot_2009-04-27_20.02.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-30 13:48 . 2009-04-27 20:37 66498 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-04-21 14:41 . 2009-04-27 20:37 22868 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-893307856-2463230274-1463802655-1003_UserData.bin
+ 2007-04-21 14:38 . 2009-04-27 20:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-04-21 14:38 . 2009-04-27 15:38 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-04-21 14:38 . 2009-04-27 20:26 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-21 14:38 . 2009-04-27 15:38 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-21 14:38 . 2009-04-27 15:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-04-21 14:38 . 2009-04-27 20:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-27 19:59 . 2009-04-27 19:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-27 20:35 . 2009-04-27 20:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-27 19:59 . 2009-04-27 19:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-27 20:35 . 2009-04-27 20:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-04-27 20:37 180474 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-14 14:25 . 2009-04-27 20:26 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-04-14 14:25 . 2009-04-27 13:32 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-09-11 118784]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2006-11-14 411768]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-11-25 2134016]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-5-8 1528880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 09:36 73728 ----a-w c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{802C9CBD-2FBF-4765-86E9-F622DD1CDDF1}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{2B673FE7-10BD-4C1E-B680-6A4EA84B4694}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{B5A8C109-D3A3-40B6-A9DE-3FDD952458A4}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{42B49CC9-C2B2-4FE2-AA42-AC2790764599}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{0A28C359-D69B-4EE5-9282-5EA70E64AF79}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{37BA6C12-8279-4757-9895-054BD443A7A2}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{61FF8E3A-1E5B-4317-A552-07C516BEAC5C}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{8CB46ADC-5B6F-4DB0-B2BB-FB4A5A84D87F}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{5E87D7A3-F4ED-48C2-A291-7370E1DDA378}"= UDP:c:\windows\System32\lxbccoms.exe:Lexmark Communications System
"{122FF1D0-49C2-42E1-992C-52B42A798D76}"= TCP:c:\windows\System32\lxbccoms.exe:Lexmark Communications System
"{60A44290-2CEF-49E3-ADCD-DF4F4EAE1C7F}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window
"{87F194ED-C6FC-426B-80F3-1FB9568B0733}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window

R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-27 108289]
S2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe [2007-03-16 537520]
S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-11-15 28933976]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-10-27 72704]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-10-27 43904]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-09-06 30976]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-11-06 227328]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners

2009-04-27 c:\windows\Tasks\User_Feed_Synchronization-{15A120CC-DE56-4CA8-A7F1-B6A324B7FAC3}.job
- c:\windows\system32\msfeedssync.exe [2009-04-14 11:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: RSS-Support-Site zu VAIO Information FLOW hinzufügen - c:\program files\Sony\VAIO Information FLOW\aiesc.html
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
DPF: {B85537E9-2D9C-400A-BC92-B04F4D9FF17D} - hxxp://htmlupload.silverwire.de/upload/JavaActiveX/ImageUploader4.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 22:36
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\System32\conime.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-04-27 22:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-04-27 20:42
ComboFix2.txt 2009-04-27 20:07
ComboFix3.txt 2009-04-19 21:49
ComboFix4.txt 2009-04-15 17:00

Vor Suchlauf: 24 Verzeichnis(se), 65.656.344.576 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 65.634.041.856 Bytes frei

210 --- E O F --- 2009-04-22 05:35

Da ist noch etwas aktiv. Weiter mit CureIt. Anschliessend wieder die Liste von undoreal abarbeiten.

Start => Ausführen => combofix /u => OK

ciao, andreas

Zitat:

Da ist noch etwas aktiv. Weiter mit CureIt.

Natürlich ist da noch was aktiv. Könnte jetzt bitte erstmal die c:\windows\System32\wininet.dll ausgewertet werden?

so also hab die ganze nacht mit cure it zu tun gehabt. beim scan wurde zweimal stressreducers.exe als poker punch (oder so ähnlich) gefunden. habe dann auftrag zum löschen gegeben. der erste konnte gelöscht werden. bei dem nächsten stand was von wegen zielpfad konnte nicht gefunden werden.
als ich dann das protokoll speichern wollte ist genau in dem moment ein blauer bildschirm mit einem countdown zum herunterfahren erschienen

also habe ich das ganze noch einmal gemacht. diesmal wurden keine viren gefunden und konnte leider wieder kein protokoll speichern, da das feld hellgrau war.

jetzt virustotal für undoreal:

Datei wininet.dll empfangen 2009.04.28 10:32:24 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt


Ergebnis: 0/40 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 1.
Geschätzte Startzeit ist zwischen 38 und 54 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Drucken der Ergebnisse Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.
SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist. Email:


Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.04.28 -
AhnLab-V3 5.0.0.2 2009.04.28 -
AntiVir 7.9.0.156 2009.04.28 -
Antiy-AVL 2.0.3.1 2009.04.28 -
Authentium 5.1.2.4 2009.04.27 -
Avast 4.8.1335.0 2009.04.27 -
AVG 8.5.0.287 2009.04.27 -
BitDefender 7.2 2009.04.28 -
CAT-QuickHeal 10.00 2009.04.28 -
ClamAV 0.94.1 2009.04.27 -
Comodo 1138 2009.04.27 -
DrWeb 4.44.0.09170 2009.04.28 -
eSafe 7.0.17.0 2009.04.27 -
eTrust-Vet 31.6.6478 2009.04.27 -
F-Prot 4.4.4.56 2009.04.27 -
F-Secure 8.0.14470.0 2009.04.28 -
Fortinet 3.117.0.0 2009.04.28 -
GData 19 2009.04.28 -
Ikarus T3.1.1.49.0 2009.04.28 -
K7AntiVirus 7.10.717 2009.04.27 -
Kaspersky 7.0.0.125 2009.04.28 -
McAfee 5598 2009.04.27 -
McAfee+Artemis 5598 2009.04.27 -
McAfee-GW-Edition 6.7.6 2009.04.28 -
Microsoft 1.4602 2009.04.28 -
NOD32 4038 2009.04.27 -
Norman 6.00.06 2009.04.27 -
nProtect 2009.1.8.0 2009.04.28 -
Panda 10.0.0.14 2009.04.27 -
PCTools 4.4.2.0 2009.04.27 -
Prevx1 3.0 2009.04.28 -
Rising 21.27.11.00 2009.04.28 -
Sophos 4.41.0 2009.04.28 -
Sunbelt 3.2.1858.2 2009.04.24 -
Symantec 1.4.4.12 2009.04.28 -
TheHacker 6.3.4.1.315 2009.04.28 -
TrendMicro 8.700.0.1004 2009.04.28 -
VBA32 3.12.10.3 2009.04.28 -
ViRobot 2009.4.28.1711 2009.04.28 -
VirusBuster 4.6.5.0 2009.04.27 -
weitere Informationen
File size: 914944 bytes
MD5...: 6ce32f7778061ccc5814d5e0f282d369
SHA1..: 9853eaaab2a0e543df0ec7a5f6c4019ae11a6d71
SHA256: 750701728ca521ac32163e571ba8d38d4954fb93cfc2964da0b9c4a975ebaa12
SHA512: fd2a279b9271f14e02fb3a132e60beea14860818dab368dbaab1f50ffc9770db
ec1d1052f23fe75e780034e55a9a0399716b77aa4ce541082612238ba915cab7
ssdeep: 24576:VsKc4niKTt9PfMHbx5ODCb3MtL9KHfviWf/xYpgfoQ6hzkMMIMMu6:+Kc6
dTti33+KHf9oQ4kMMIMMu6

PEiD..: -
TrID..: File type identification
InstallShield setup (46.1%)
Win32 Executable MS Visual C++ (generic) (40.4%)
Win32 Executable Generic (9.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x172c
timedatestamp.....: 0x49b3ad54 (Sun Mar 08 11:34:44 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xaf348 0xaf400 6.59 301bf510b8bc9feb69acfa431fb3c90a
.data 0xb1000 0x6838 0x3400 1.77 f9af0e4d19e1f613d7b9e9c476607590
.rsrc 0xb8000 0x261d0 0x26200 4.72 95e911a299b8c2182709b28e6bd8b7ec
.reloc 0xdf000 0x6790 0x6800 6.78 a825a5ba61f84f4e19b7a10be6b0921f

( 9 imports )
> msvcrt.dll: memset, _vsnwprintf, _lock, wcsncmp, bsearch, ___V@YAXPAX@Z, ___U@YAPAXI@Z, _onexit, _wtoi, _wcsicmp, isupper, strncmp, wcsstr, _purecall, _mbstok, iscntrl, ispunct, _strtoui64, __dllonexit, iswdigit, isalpha, atol, isalnum, _errno, isspace, strpbrk, isdigit, isxdigit, memchr, memcpy, mbtowc, __mb_cur_max, isleadbyte, _iob, _snprintf, _itoa, wctomb, ferror, __badioinfo, __pioinfo, _fileno, _lseeki64, _write, _isatty, _unlock, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, iswlower, iswascii, iswxdigit, wcstol, islower, __isascii, strtol, memmove, iswspace, wcsrchr, strrchr, atoi, realloc, free, malloc, wcstok, time, _wcsnicmp, _vsnprintf
> ntdll.dll: RtlUnwind, RtlConvertSidToUnicodeString, RtlMoveMemory
> SHLWAPI.dll: SHRegGetValueW, -, SHRegGetValueA, PathAddBackslashW, PathFindFileNameW, StrRChrW, PathRemoveBackslashA, PathRemoveFileSpecA, -, PathRemoveBlanksA, PathAddBackslashA, -, PathAppendA, -, PathUnExpandEnvStringsA, PathRenameExtensionA, SHDeleteKeyA, SHDeleteValueW, StrCmpNIW, StrCmpNIA, StrStrIA, -, StrChrW, StrChrA, -, -, UrlCombineW, UrlCanonicalizeW, -, PathCreateFromUrlW, UrlUnescapeA, UrlCombineA, UrlCanonicalizeA, StrToIntW, StrCmpW, StrCmpNA, StrRChrA, StrToIntA, StrStrIW, SHGetValueA, SHSetValueA, SHGetValueW, SHSetValueW, -, -, StrStrA, PathCombineW, StrChrNW, StrTrimW
> ADVAPI32.dll: RegDeleteValueW, RegQueryValueExW, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, RegOpenKeyA, RegEnumKeyA, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, TraceEvent, DuplicateTokenEx, CreateWellKnownSid, SetTokenInformation, CreateProcessAsUserA, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSidSubAuthorityCount, GetSidSubAuthority, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, RegDeleteValueA, OpenThreadToken, OpenProcessToken, GetTokenInformation, RegOpenKeyExW, RegDeleteKeyA, UnregisterTraceGuids, RegisterTraceGuidsA, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CryptAcquireContextW, CryptGetProvParam, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey, GetUserNameA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, QueryServiceStatus
> KERNEL32.dll: OpenFileMappingA, CreateFileMappingA, MapViewOfFileEx, FlushViewOfFile, SetEndOfFile, UnmapViewOfFile, OutputDebugStringA, DosDateTimeToFileTime, lstrcmpiW, GetEnvironmentVariableA, GetShortPathNameA, GetShortPathNameW, FindFirstFileA, RemoveDirectoryA, FindNextFileA, FindClose, GetDiskFreeSpaceExA, CopyFileA, SetFileTime, CreateDirectoryA, GetWindowsDirectoryA, GetPrivateProfileStringA, GetFileAttributesA, SetFileAttributesA, GetFileAttributesExA, FileTimeToDosDateTime, GetFileSizeEx, lstrcmpW, RaiseException, MoveFileExA, MoveFileExW, MoveFileW, MoveFileA, SetFilePointerEx, LocalFileTimeToFileTime, CreateSemaphoreA, ReleaseSemaphore, GetCurrentProcessId, GetFileTime, lstrcmpA, GetModuleHandleExA, ResumeThread, LoadLibraryW, ResetEvent, ExpandEnvironmentStringsA, GetSystemTimeAsFileTime, DeleteFileW, GetACP, InterlockedExchangeAdd, CreateThread, Sleep, OpenMutexA, GetSystemDirectoryA, FormatMessageA, SetErrorMode, IsDBCSLeadByteEx, SystemTimeToFileTime, GetTickCount, SizeofResource, TlsGetValue, TlsSetValue, TlsAlloc, GetDateFormatA, GetTimeFormatA, GlobalAlloc, InterlockedCompareExchange, GetCurrentThread, GetCurrentProcess, IsDBCSLeadByte, IsValidCodePage, GlobalFree, GetLongPathNameW, lstrlenW, GetLongPathNameA, DeleteFileA, FormatMessageW, GetModuleHandleA, GetSystemTime, GetModuleHandleW, WritePrivateProfileStringA, GetVersionExA, GetModuleFileNameA, WriteFile, SetFilePointer, CreateFileW, CreateFileA, GetFileSize, ReadFile, FileTimeToSystemTime, LocalReAlloc, InitializeCriticalSectionAndSpinCount, HeapFree, HeapAlloc, GetProcessHeap, GetTimeFormatW, GetDateFormatW, GetUserDefaultLCID, GetComputerNameA, GlobalUnlock, GlobalLock, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, LoadResource, FindResourceExW, LoadLibraryExW, MapViewOfFile, CreateFileMappingW, GetLocaleInfoW, GetVersionExW, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, FindResourceW, SearchPathW, CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, SetFileAttributesW, CompareFileTime, WritePrivateProfileStringW, GetFileAttributesW, CreateMutexW, DuplicateHandle, OpenMutexW, OpenEventW, LockResource, FreeLibraryAndExitThread, TlsFree, GetProcAddress, LoadLibraryA, FreeLibrary, InterlockedExchange, CloseHandle, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, CompareStringW, WaitForSingleObject, WideCharToMultiByte, MultiByteToWideChar, CreateEventA, CreateMutexA, CompareStringA, ReleaseMutex, GetCurrentThreadId, LocalFree, LocalAlloc, DeleteCriticalSection, SetEvent, InterlockedIncrement, lstrcmpiA, lstrlenA, InterlockedDecrement, GetModuleFileNameW
> USER32.dll: FindWindowW, PostMessageW, RegisterWindowMessageW, ReleaseDC, GetDC, SendDlgItemMessageW, LoadImageW, GetSystemMetrics, IntersectRect, EqualRect, GetWindowRect, GetWindow, SetForegroundWindow, DestroyIcon, SetDlgItemTextW, SetWindowPos, IsWindow, PostMessageA, CharNextExA, EnumWindows, GetAncestor, IsWindowVisible, EnumChildWindows, GetWindowThreadProcessId, IsCharAlphaNumericA, CharLowerW, CharUpperA, CharToOemA, GetWindowInfo, LoadStringW, DialogBoxParamW, GetDesktopWindow, SendDlgItemMessageA, LoadIconA, LoadImageA, LoadStringA, CharLowerA, DestroyWindow, KillTimer, EnableWindow, SetWindowTextW, GetDlgItem, SetFocus, EndDialog, CheckDlgButton, SendMessageW, SendMessageA, IsDlgButtonChecked, DefWindowProcA, SetWindowLongA, GetWindowLongA, RegisterClassW, CreateWindowExW, SetTimer, GetWindowTextW, MessageBoxW, CharNextA
> Normaliz.dll: IdnToAscii, IdnToUnicode
> urlmon.dll: -, -, -, -, -, -
> iertutil.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 231 exports )
CommitUrlCacheEntryA, CommitUrlCacheEntryW, CreateMD5SSOHash, CreateUrlCacheContainerA, CreateUrlCacheContainerW, CreateUrlCacheEntryA, CreateUrlCacheEntryW, CreateUrlCacheGroup, DeleteIE3Cache, DeleteUrlCacheContainerA, DeleteUrlCacheContainerW, DeleteUrlCacheEntry, DeleteUrlCacheEntryA, DeleteUrlCacheEntryW, DeleteUrlCacheGroup, DeleteWpadCacheForNetworks, DetectAutoProxyUrl, DispatchAPICall, DllInstall, FindCloseUrlCache, FindFirstUrlCacheContainerA, FindFirstUrlCacheContainerW, FindFirstUrlCacheEntryA, FindFirstUrlCacheEntryExA, FindFirstUrlCacheEntryExW, FindFirstUrlCacheEntryW, FindFirstUrlCacheGroup, FindNextUrlCacheContainerA, FindNextUrlCacheContainerW, FindNextUrlCacheEntryA, FindNextUrlCacheEntryExA, FindNextUrlCacheEntryExW, FindNextUrlCacheEntryW, FindNextUrlCacheGroup, ForceNexusLookup, ForceNexusLookupExW, FreeUrlCacheSpaceA, FreeUrlCacheSpaceW, FtpCommandA, FtpCommandW, FtpCreateDirectoryA, FtpCreateDirectoryW, FtpDeleteFileA, FtpDeleteFileW, FtpFindFirstFileA, FtpFindFirstFileW, FtpGetCurrentDirectoryA, FtpGetCurrentDirectoryW, FtpGetFileA, FtpGetFileEx, FtpGetFileSize, FtpGetFileW, FtpOpenFileA, FtpOpenFileW, FtpPutFileA, FtpPutFileEx, FtpPutFileW, FtpRemoveDirectoryA, FtpRemoveDirectoryW, FtpRenameFileA, FtpRenameFileW, FtpSetCurrentDirectoryA, FtpSetCurrentDirectoryW, GetUrlCacheConfigInfoA, GetUrlCacheConfigInfoW, GetUrlCacheEntryInfoA, GetUrlCacheEntryInfoExA, GetUrlCacheEntryInfoExW, GetUrlCacheEntryInfoW, GetUrlCacheGroupAttributeA, GetUrlCacheGroupAttributeW, GetUrlCacheHeaderData, GopherCreateLocatorA, GopherCreateLocatorW, GopherFindFirstFileA, GopherFindFirstFileW, GopherGetAttributeA, GopherGetAttributeW, GopherGetLocatorTypeA, GopherGetLocatorTypeW, GopherOpenFileA, GopherOpenFileW, HttpAddRequestHeadersA, HttpAddRequestHeadersW, HttpCheckDavCompliance, HttpEndRequestA, HttpEndRequestW, HttpOpenRequestA, HttpOpenRequestW, HttpQueryInfoA, HttpQueryInfoW, HttpSendRequestA, HttpSendRequestExA, HttpSendRequestExW, HttpSendRequestW, IncrementUrlCacheHeaderData, InternetAlgIdToStringA, InternetAlgIdToStringW, InternetAttemptConnect, InternetAutodial, InternetAutodialCallback, InternetAutodialHangup, InternetCanonicalizeUrlA, InternetCanonicalizeUrlW, InternetCheckConnectionA, InternetCheckConnectionW, InternetClearAllPerSiteCookieDecisions, InternetCloseHandle, InternetCombineUrlA, InternetCombineUrlW, InternetConfirmZoneCrossing, InternetConfirmZoneCrossingA, InternetConfirmZoneCrossingW, InternetConnectA, InternetConnectW, InternetCrackUrlA, InternetCrackUrlW, InternetCreateUrlA, InternetCreateUrlW, InternetDial, InternetDialA, InternetDialW, InternetEnumPerSiteCookieDecisionA, InternetEnumPerSiteCookieDecisionW, InternetErrorDlg, InternetFindNextFileA, InternetFindNextFileW, InternetFortezzaCommand, InternetGetCertByURL, InternetGetCertByURLA, InternetGetConnectedState, InternetGetConnectedStateEx, InternetGetConnectedStateExA, InternetGetConnectedStateExW, InternetGetCookieA, InternetGetCookieExA, InternetGetCookieExW, InternetGetCookieW, InternetGetLastResponseInfoA, InternetGetLastResponseInfoW, InternetGetPerSiteCookieDecisionA, InternetGetPerSiteCookieDecisionW, InternetGetSecurityInfoByURL, InternetGetSecurityInfoByURLA, InternetGetSecurityInfoByURLW, InternetGoOnline, InternetGoOnlineA, InternetGoOnlineW, InternetHangUp, InternetInitializeAutoProxyDll, InternetLockRequestFile, InternetOpenA, InternetOpenUrlA, InternetOpenUrlW, InternetOpenW, InternetQueryDataAvailable, InternetQueryFortezzaStatus, InternetQueryOptionA, InternetQueryOptionW, InternetReadFile, InternetReadFileExA, InternetReadFileExW, InternetSecurityProtocolToStringA, InternetSecurityProtocolToStringW, InternetSetCookieA, InternetSetCookieExA, InternetSetCookieExW, InternetSetCookieW, InternetSetDialState, InternetSetDialStateA, InternetSetDialStateW, InternetSetFilePointer, InternetSetOptionA, InternetSetOptionExA, InternetSetOptionExW, InternetSetOptionW, InternetSetPerSiteCookieDecisionA, InternetSetPerSiteCookieDecisionW, InternetSetStatusCallback, InternetSetStatusCallbackA, InternetSetStatusCallbackW, InternetShowSecurityInfoByURL, InternetShowSecurityInfoByURLA, InternetShowSecurityInfoByURLW, InternetTimeFromSystemTime, InternetTimeFromSystemTimeA, InternetTimeFromSystemTimeW, InternetTimeToSystemTime, InternetTimeToSystemTimeA, InternetTimeToSystemTimeW, InternetUnlockRequestFile, InternetWriteFile, InternetWriteFileExA, InternetWriteFileExW, IsHostInProxyBypassList, IsUrlCacheEntryExpiredA, IsUrlCacheEntryExpiredW, LoadUrlCacheContent, ParseX509EncodedCertificateForListBoxEntry, PrivacyGetZonePreferenceW, PrivacySetZonePreferenceW, ReadUrlCacheEntryStream, ReadUrlCacheEntryStreamEx, RegisterUrlCacheNotification, ResumeSuspendedDownload, RetrieveUrlCacheEntryFileA, RetrieveUrlCacheEntryFileW, RetrieveUrlCacheEntryStreamA, RetrieveUrlCacheEntryStreamW, RunOnceUrlCache, SetUrlCacheConfigInfoA, SetUrlCacheConfigInfoW, SetUrlCacheEntryGroup, SetUrlCacheEntryGroupA, SetUrlCacheEntryGroupW, SetUrlCacheEntryInfoA, SetUrlCacheEntryInfoW, SetUrlCacheGroupAttributeA, SetUrlCacheGroupAttributeW, SetUrlCacheHeaderData, ShowCertificate, ShowClientAuthCerts, ShowSecurityInfo, ShowX509EncodedCertificate, UnlockUrlCacheEntryFile, UnlockUrlCacheEntryFileA, UnlockUrlCacheEntryFileW, UnlockUrlCacheEntryStream, UpdateUrlCacheContentPath, UrlZonesDetach, _GetFileExtensionFromUrl

PDFiD.: -
RDS...: NSRL Reference Data Set
-

Die dll selber scheint sauber zu sein.

Ich würde dir übrigens empfehlen den Rechner neuaufzusetzen um die Integrität deines Systems nicht auf's Spiel zu setzen.
Auch wenn wir hier tausend Analyse-Progs laufen lassen kann ohne Prüfsumme niemand sagen dein Rechner wäre sauber.
Wir können hinterher nur vermuten er sei es. Von wissen kann da keine Rede sein.

Deine Entscheidung.

Wenn's weitergehen soll würde ich vorschlagen, dass wir mit dem eigentlichen Plan fortfahren und du ein Smitdfraudfix log postest.

was heißt denn neu aufsetzen? was müsste ich denn da machen und wäre er dann 100% pro sauber?

meine eigentliches problem mit dem hacked by... im inetexplorer ist ja immerhin schon mal weg.
was speziell vermutet ihr denn noch auf meinem pc und was kann das anrichten?

Da ist etwas aktiv, dass einen bestimmten Wert in der Registry, der auf einen Schädling hindeutet, immer wieder setzt.

1.) Systemdetails mit RSIT prüfen

• Lade Random's System Information Tool (RSIT) von random/random herunter,
• speichere es auf Deinem Desktop.
• Starte mit Doppelklick die RSIT.exe.
• Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
• Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
• Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
• Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

2.) ZHPDiag von Nicolas Coolman

1. Klicke auf Téléchargement de ZHPDiag
2. Klicke auf der Seite auf FTP Zebulon.fr N°1.
3. Entpacke die geladene Datei auf den Desktop und starte ZHPDiag.exe mit Doppelklick.
4. Klicke auf All
5. Klicke auf General Analysis
6. Klicke auf Paste Clipboard
7. Wechsel zum Forum, klicke auf Antworten, klicke in den großen weißen Kasten
8. Drücke [Strg]v, [Strg]a
9. Klicke auf #

ciao, andreas

Warum nicht Smitfraudfix laufen lassen John?

Habe ich nichts gegen, das ist zusätzlich.

ciao, andreas

ok ill erstmal smitfr... machen, aber eiß grad ni as ich falsch mache. ich tippe die zahl 1 und drücke enter und schlißen sich aber alle fenster von dem programm? ist das normal?

Für Smitfraudfix ist undoreal zuständig. Poste bitte die Logs von RSIT und ZHPDiag.

ciao, andreas

Logfile of random's system information tool 1.06 (written by random/random)
Run by trulli at 2009-04-29 22:19:10
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 62 GB (59%) free of 105 GB
Total RAM: 2045 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:43, on 29.04.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\trulli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WOCXU4NG\RSIT[1].exe
C:\Program Files\trend micro\trulli.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {B85537E9-2D9C-400A-BC92-B04F4D9FF17D} (Silverwire Image Uploader Control) - http://htmlupload.silverwire.de/upload/JavaActiveX/ImageUploader4.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70596BE2-9BCD-49CA-921F-006CE99E55C8}: NameServer = 213.191.74.18 62.109.123.196
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8861 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{15A120CC-DE56-4CA8-A7F1-B6A324B7FAC3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-27 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2006-09-11 118784]
"VAIOCameraUtility"=C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe [2006-11-14 411768]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2006-11-11 43128]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-12-07 7766016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-12-07 81920]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2006-11-24 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-04-29 22:19:10 ----D---- C:\rsit
2009-04-28 10:43:39 ----D---- C:\ComboFix
2009-04-27 23:01:42 ----A---- C:\Windows\ntbtlog.txt
2009-04-27 22:42:05 ----A---- C:\ComboFix.txt
2009-04-27 22:33:51 ----D---- C:\Windows\temp
2009-04-27 22:18:42 ----SHD---- C:\Config.Msi
2009-04-27 15:06:58 ----D---- C:\ProgramData\Avira
2009-04-27 15:06:58 ----D---- C:\Program Files\Avira
2009-04-27 14:59:31 ----A---- C:\Windows\system32\javaws.exe
2009-04-27 14:59:31 ----A---- C:\Windows\system32\javaw.exe
2009-04-27 14:59:31 ----A---- C:\Windows\system32\java.exe
2009-04-27 14:59:31 ----A---- C:\Windows\system32\deploytk.dll
2009-04-27 14:59:22 ----D---- C:\Program Files\Java
2009-04-27 14:41:29 ----D---- C:\SMCLpav
2009-04-27 14:39:19 ----D---- C:\ProgramData\NortonInstaller
2009-04-17 20:54:00 ----D---- C:\ProgramData\WindowsSearch
2009-04-15 18:49:41 ----D---- C:\Windows\ERDNT
2009-04-15 18:35:19 ----D---- C:\Users\trulli\AppData\Roaming\Yahoo!
2009-04-15 18:35:16 ----D---- C:\Program Files\Yahoo!
2009-04-15 11:08:30 ----D---- C:\Users\trulli\AppData\Roaming\Malwarebytes
2009-04-15 11:08:13 ----D---- C:\ProgramData\Malwarebytes
2009-04-15 10:57:18 ----D---- C:\Program Files\Trend Micro
2009-04-15 01:24:02 ----D---- C:\Program Files\Enigma Software Group
2009-04-14 22:24:14 ----A---- C:\Windows\system32\winhttp.dll
2009-04-14 22:24:08 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-14 22:24:08 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-14 22:23:49 ----A---- C:\Windows\system32\rpcss.dll
2009-04-14 22:23:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-14 22:23:47 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-14 22:23:44 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-14 22:23:43 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-14 22:23:43 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-14 22:23:43 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-14 22:23:42 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-14 22:23:41 ----A---- C:\Windows\system32\iashost.exe
2009-04-14 22:23:41 ----A---- C:\Windows\system32\iasads.dll
2009-04-14 22:23:31 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-14 22:23:30 ----A---- C:\Windows\system32\kernel32.dll
2009-04-14 22:23:29 ----A---- C:\Windows\system32\secur32.dll
2009-04-14 22:23:27 ----A---- C:\Windows\system32\apilogen.dll
2009-04-14 22:23:27 ----A---- C:\Windows\system32\amxread.dll
2009-04-14 17:05:51 ----D---- C:\ProgramData\Backup
2009-04-14 15:44:55 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-14 15:44:54 ----A---- C:\Windows\system32\mshtmler.dll
2009-04-14 15:44:54 ----A---- C:\Windows\system32\ieui.dll
2009-04-14 15:44:54 ----A---- C:\Windows\system32\icardie.dll
2009-04-14 15:44:54 ----A---- C:\Windows\system32\admparse.dll
2009-04-14 15:44:53 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-14 15:44:52 ----A---- C:\Windows\system32\msls31.dll
2009-04-14 15:44:51 ----A---- C:\Windows\system32\corpol.dll
2009-04-14 15:44:50 ----A---- C:\Windows\system32\imgutil.dll
2009-04-14 15:44:50 ----A---- C:\Windows\system32\iernonce.dll
2009-04-14 15:44:50 ----A---- C:\Windows\system32\ieakeng.dll
2009-04-14 15:44:49 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-14 15:44:49 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-14 15:44:48 ----A---- C:\Windows\system32\iepeers.dll
2009-04-14 15:44:47 ----A---- C:\Windows\system32\occache.dll
2009-04-14 15:44:47 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-04-14 15:44:47 ----A---- C:\Windows\system32\licmgr10.dll
2009-04-14 15:44:47 ----A---- C:\Windows\system32\inseng.dll
2009-04-14 15:44:46 ----A---- C:\Windows\system32\msrating.dll
2009-04-14 15:44:46 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-14 15:44:45 ----A---- C:\Windows\system32\webcheck.dll
2009-04-14 15:44:45 ----A---- C:\Windows\system32\iesetup.dll
2009-04-14 15:44:45 ----A---- C:\Windows\system32\ieakui.dll
2009-04-14 15:44:44 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-04-14 15:44:44 ----A---- C:\Windows\system32\wextract.exe
2009-04-14 15:44:44 ----A---- C:\Windows\system32\mstime.dll
2009-04-14 15:44:44 ----A---- C:\Windows\system32\msfeedssync.exe
2009-04-14 15:44:43 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-14 15:44:43 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-14 15:44:43 ----A---- C:\Windows\system32\advpack.dll
2009-04-14 15:44:40 ----A---- C:\Windows\system32\ieapfltr.dll
2009-04-14 15:44:39 ----A---- C:\Windows\system32\vbscript.dll
2009-04-14 15:44:39 ----A---- C:\Windows\system32\jscript.dll
2009-04-14 15:44:38 ----A---- C:\Windows\system32\url.dll
2009-04-14 15:44:38 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-14 15:44:36 ----A---- C:\Windows\system32\mshta.exe
2009-04-14 15:44:35 ----A---- C:\Windows\system32\iexpress.exe
2009-04-14 15:44:35 ----A---- C:\Windows\system32\iesysprep.dll
2009-04-14 15:44:34 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-04-14 15:44:34 ----A---- C:\Windows\system32\SetDepNx.exe
2009-04-14 15:44:34 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-04-14 15:44:34 ----A---- C:\Windows\system32\PDMSetup.exe
2009-04-14 15:44:34 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-14 15:44:33 ----A---- C:\Windows\system32\iertutil.dll
2009-04-14 15:44:33 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-14 15:44:31 ----A---- C:\Windows\system32\wininet.dll
2009-04-14 15:44:30 ----A---- C:\Windows\system32\urlmon.dll
2009-04-14 15:44:25 ----A---- C:\Windows\system32\ieframe.dll
2009-04-14 15:44:23 ----A---- C:\Windows\system32\mshtml.dll
2009-03-21 11:36:11 ----D---- C:\Program Files\ICQ6.5
2009-03-11 11:52:03 ----A---- C:\Windows\system32\schannel.dll
2009-03-11 11:51:55 ----A---- C:\Windows\system32\wmp.dll
2009-03-11 11:51:54 ----A---- C:\Windows\system32\spwmp.dll
2009-03-11 11:51:54 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-11 11:51:53 ----A---- C:\Windows\system32\wmploc.DLL
2009-02-17 17:33:27 ----A---- C:\Windows\system32\EncDec.dll
2009-02-17 17:33:25 ----A---- C:\Windows\system32\psisdecd.dll

======List of files/folders modified in the last 3 months======

2009-04-29 22:16:38 ----D---- C:\Windows\system32\catroot
2009-04-29 22:16:29 ----D---- C:\Windows\winsxs
2009-04-29 22:10:29 ----D---- C:\Windows\tracing
2009-04-28 10:50:55 ----SHD---- C:\System Volume Information
2009-04-28 10:44:04 ----D---- C:\Windows
2009-04-28 10:43:59 ----D---- C:\Windows\system32\de-DE
2009-04-28 10:43:59 ----D---- C:\Windows\System32
2009-04-28 10:43:38 ----D---- C:\Windows\system32\drivers
2009-04-28 04:57:10 ----D---- C:\Windows\Minidump
2009-04-27 22:37:17 ----A---- C:\Windows\system.ini
2009-04-27 22:33:04 ----D---- C:\Windows\AppPatch
2009-04-27 22:33:03 ----D---- C:\Program Files\Common Files
2009-04-27 22:18:54 ----SHD---- C:\Windows\Installer
2009-04-27 22:18:49 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-04-27 22:18:46 ----D---- C:\Windows\inf
2009-04-27 22:18:46 ----D---- C:\Program Files\Roxio
2009-04-27 21:58:40 ----SHD---- C:\Boot
2009-04-27 21:58:40 ----D---- C:\Windows\system32\config
2009-04-27 21:55:23 ----HD---- C:\ProgramData
2009-04-27 21:55:22 ----RD---- C:\Program Files
2009-04-27 17:06:58 ----D---- C:\Windows\system32\catroot2
2009-04-27 14:50:39 ----D---- C:\Windows\Prefetch
2009-04-27 14:44:16 ----D---- C:\Windows\system32\Samsung_USB_Drivers
2009-04-27 14:44:15 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-27 14:44:15 ----D---- C:\Program Files\Google
2009-04-27 14:35:11 ----D---- C:\Windows\Tasks
2009-04-27 14:30:21 ----D---- C:\Windows\system32\Macromed
2009-04-27 14:29:55 ----D---- C:\Program Files\Common Files\Adobe
2009-04-27 14:29:55 ----D---- C:\Program Files\Adobe
2009-04-27 14:29:54 ----D---- C:\ProgramData\Adobe
2009-04-19 12:59:33 ----D---- C:\Windows\system32\Tasks
2009-04-15 19:07:58 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-15 18:56:06 ----D---- C:\Documentation
2009-04-15 18:42:51 ----D---- C:\Windows\Debug
2009-04-15 18:19:46 ----D---- C:\Program Files\myTouch
2009-04-15 10:02:29 ----D---- C:\Program Files\Windows Mail
2009-04-15 10:02:28 ----D---- C:\Windows\system32\wbem
2009-04-15 10:02:26 ----D---- C:\Windows\system32\manifeststore
2009-04-14 17:21:42 ----A---- C:\Windows\win.ini
2009-04-14 17:18:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-14 16:54:33 ----SD---- C:\Users\trulli\AppData\Roaming\Microsoft
2009-04-14 16:37:25 ----D---- C:\Windows\rescache
2009-04-14 16:11:19 ----D---- C:\Program Files\Internet Explorer
2009-04-14 16:11:11 ----D---- C:\Windows\system32\migration
2009-04-14 16:11:11 ----D---- C:\Windows\PolicyDefinitions
2009-04-14 16:11:10 ----D---- C:\Windows\system32\en-US
2009-04-14 15:28:13 ----SD---- C:\ProgramData\Microsoft
2009-04-14 13:03:42 ----D---- C:\ProgramData\Google
2009-04-14 11:21:45 ----SD---- C:\Windows\Downloaded Program Files
2009-04-14 11:21:45 ----RD---- C:\Windows\Offline Web Pages
2009-04-14 11:21:42 ----D---- C:\Windows\system32\spool
2009-04-14 11:21:42 ----D---- C:\Windows\system32\Msdtc
2009-04-14 11:21:35 ----D---- C:\Windows\registration
2009-04-14 10:41:38 ----D---- C:\Program Files\Exact Audio Copy
2009-04-06 16:57:24 ----A---- C:\Windows\system32\mrt.exe
2009-03-21 11:37:49 ----D---- C:\Program Files\ICQ6
2009-03-12 20:53:06 ----D---- C:\Program Files\Windows Media Player
2009-03-08 14:24:50 ----D---- C:\Update
2009-02-18 15:06:14 ----D---- C:\Windows\Microsoft.NET
2009-02-18 15:05:59 ----RSD---- C:\Windows\assembly
2009-02-18 14:55:22 ----D---- C:\Windows\ehome

rest von logfile


======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2006-10-18 10216]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-04-27 55640]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 RMCAST;RMCAST (Pgm)-Protokolltreiber; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-10 113664]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-08-30 140800]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GearAspiWDM;GEARAspiWDM; C:\Windows\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-12-07 4456416]
R3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2006-10-27 72704]
R3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2006-10-27 43904]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 SNC;Sony Firmware Extension Parser Device; C:\Windows\System32\Drivers\SonyNC.sys [2006-10-13 27520]
R3 SonyImgF;Sony Image Conversion Filter Driver; C:\Windows\system32\DRIVERS\SonyImgF.sys [2006-09-06 30976]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-02-06 650240]
R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2006-11-06 227328]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2006-11-21 113792]
R3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2006-10-05 73600]
R3 tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2006-10-28 40960]
R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
S3 e1express;Intel(R) PRO/1000 PCI Express-Netzwerkverbindungstreiber; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 SI3132;SiI-3132 SATALink Controller; C:\Windows\system32\DRIVERS\SI3132.sys [2006-11-01 74672]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-10-31 108136]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-27 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2006-11-10 1504304]
R2 lxbc_device;lxbc_device; C:\Windows\system32\lxbccoms.exe [2007-03-16 537520]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-11-15 28933976]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 77824]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2006-11-24 182392]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2006-09-26 172032]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2006-09-26 135168]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2006-08-23 274432]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe [2006-10-04 57344]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe [2006-10-04 57344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe [2006-10-04 69632]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe [2006-11-13 69632]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2007-01-12 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2007-01-16 2523136]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2007-01-08 491520]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2006-11-15 45272]
S4 SQLBrowser;SQL Server-Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-11-15 240416]

-----------------EOF-----------------

info

info.txt logfile of random's system information tool 1.06 2009-04-29 22:19:46

======Uninstall list======

-->Dummy
-->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55B781F0-060E-11D4-99D7-00C04FCCB775}\Setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C183A21C-395A-490F-99D4-CCAB35E32859}\Setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97260AE9-A1EE-492E-8DCC-FD0AFF785720}\setup.exe" -l0x7 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2B38044-AEF2-40AF-BDD8-FEDE799A8633}\setup.exe" -l0x7 -removeonly
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0-->msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Alps Pointing-device for VAIO-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Ashampoo ClipFinder 1.26-->"C:\Program Files\Ashampoo\Ashampoo ClipFinder\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}\setup.exe" -l0x7 -removeonly
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Click to DVD 2.0.05 Menu Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x7 -removeonly
Click to DVD 2.6.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x7 -removeonly
Die Sims 2-->C:\Program Files\EA GAMES\Die Sims 2\EAUninstall.exe
DVAG Online-System-->MsiExec.exe /I{029AAFFE-55B2-421A-A91E-2323B12E19F6}
DVgate Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe" -l0x7 -removeonly
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\HXFSETUP.EXE -U -ISnSZIRXz.inf
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
InstallRTC-->MsiExec.exe /X{200F584F-848D-4B6B-B1A1-C74D735F18A4}
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
LAN Setting Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5958CAC6-373E-402F-84FE-0A699AA920B9}\setup.exe" -l0x7 -removeonly
Lexmark Z500-Z600 Series-->C:\Program Files\Lexmark Z500-Z600 Series\Install\x86\Uninst.exe
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120407-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenMG Secure Module 4.6.01-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3D79DB6E-73DA-46C9-B8FA-DAE52108246F} UNINSTALL
Radiotracker-->MsiExec.exe /I{1167A21C-ECCE-4563-BEE9-6FBE462A381D}
SecureW2 TTLS Client 3.2.0 for Windows Vista BETA1-->C:\Program Files\SecureW2\SecureW2 TTLS Client\Uninstall.exe
Setting Utility Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59452470-A902-477F-9338-9B88101681BD}\setup.exe" -l0x7 UNINSTALL -removeonly
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x7 -remove -removeonly
SonicStage 4.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x7 UNINSTALL -removeonly
SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}\setup.exe" -l0x7 -removeonly
SonicStage Mastering Studio Plug-Ins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}\setup.exe" -l0x7 -removeonly
SonicStage Mastering Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6332AFF1-9D9A-429C-AA03-F82749FA4F49}\setup.exe" -l0x7 -removeonly
Sony Snymsico for Vista-->MsiExec.exe /I{17C7703E-0B2A-4593-9CB7-E2FE14B6F8EA}
Sony Utilities DLL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9 -removeonly
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x7 -removeonly
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
VAIO Aqua Breeze Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97BCD719-6ECB-458F-97D6-F38D2E07375E}\setup.exe" -l0x9 -removeonly
VAIO Camera Capture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D2576EC-A0E9-418A-A09A-409933A3B6F4}\setup.exe" -l0x7 -removeonly
VAIO Camera Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1417F599-1DBD-4499-9375-B2813E9F890C}\setup.exe" -l0x7 -removeonly
VAIO Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC37C108-821D-4EDE-8F40-D5B497586805}\setup.exe" -l0x7 -removeonly
VAIO Cozy Orange Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}\setup.exe" -l0x9 -removeonly
VAIO Entertainment Platform-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe" -l0x7 -removeonly
VAIO Event Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x7 -removeonly
VAIO Hardware Diagnostics-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A947C2B3-7445-42C4-9063-EE704CACCB22}\Setup.exe" -l0x7
VAIO Information FLOW-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24960AC2-C413-4A86-B1C1-E4CCADCA44D3}\setup.exe" -l0x7 -removeonly
VAIO Media 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x7 UNINSTALL
VAIO Media Content Collection 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500162A0-4DD5-460A-BAFD-895AAE48C532}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media Integrated Server 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media Redistribution 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media Registration Tool 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Photo 2007-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}\setup.exe" -l0x11 -removeonly
VAIO Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E319E96-ED8E-4B01-9775-C521A1869A25}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Tender Green Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934A3213-1CB6-4264-84A2-EE080C017BCA}\setup.exe" -l0x9 -removeonly
VAIO Update 4-->"C:\Program Files\InstallShield Installation Information\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}\setup.exe" -runfromtemp -l0x0007 -removeonly
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows-Treiberpaket - Ricoh R5U870 (UVC) (11/07/2006 6.1003.206.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst32.exe /u C:\Windows\system32\DRVSTORE\r5u870fl_242326966DE0944BED7253EB1DD26F482183757C\r5u870fl.inf
WinDVD for VAIO-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0407
Wireless Switch Setting Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\setup.exe" -l0x7 -removeonly

======Security center information======

AS: Windows-Defender

======System event log======

Computer Name: vaio
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB955430(Update) in den Status Wird aufgelöst(Resolving).
Record Number: 300308
Source Name: Microsoft-Windows-Servicing
Time Written: 20090429201626.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: vaio
Event Code: 4383
Message: Windows-Wartung hat das Update 955430-1_neutral_GDR aus Paket KB955430 (Update) in den Status Wird aufgelöst(Resolving) gesetzt.
Record Number: 300309
Source Name: Microsoft-Windows-Servicing
Time Written: 20090429201633.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: vaio
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB955430(Update) in den Status Aufgelöst(Resolved).
Record Number: 300310
Source Name: Microsoft-Windows-Servicing
Time Written: 20090429201640.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: vaio
Event Code: 7040
Message: Der Starttyp des Diensts "Windows Modules Installer" wurde von Automatisch starten in Manuell starten geändert.
Record Number: 300311
Source Name: Service Control Manager
Time Written: 20090429201640.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: vaio
Event Code: 18
Message: Installationsbereit: Die folgenden Updates wurden heruntergeladen und können installiert werden. Diese Updates sollen laut Zeitplan am ?Donnerstag, ?30. ?April ?2009 um 03:00 auf diesem Computer installiert werden:
- Update für Windows Vista (KB955430)
Record Number: 300312
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20090429201901.590026-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: vaio
Event Code: 20221
Message: CoID={2F11430A-CE8C-40C4-8FBF-0511EF26A806}: Der Benutzer "vaio\trulli" hat eine Broadband-Verbindung mit einem all-user-Verbindungsprofil mit dem Namen "Breitbandverbindung" angewählt. Die Verbindungseinstellungen lauten:
Dial-in User = 03513296697
VpnStrategy =Not Applicable
DataEncryption = Requested
PrerequisiteEntry =
CompartmentsEnabled = No
AutoLogon = No
UseRasCredentials = No
CustomAuthKey =
AuthRestriction Mask = 0x00000228
RasIpv4DefaultGateway = Yes
Ipv4AddressAssignment = By Server
Ipv4DNSServerAssignment = By Server
RasIpv6DefaultGateway = Yes
Ipv6DNSServerAssignment = By Server
IpDnsFlags =
IpNBTEnabled = No
UseFlags = Internet Connection
IpSecFlags = No Pre-shared key
ConnectOnWinlogon = No.
Record Number: 175268
Source Name: RasClient
Time Written: 20090429201458.000000-000
Event Type: Informationen
User:

Computer Name: vaio
Event Code: 20222
Message: CoID={2F11430A-CE8C-40C4-8FBF-0511EF26A806}: Der Benutzer "vaio\trulli" versucht, eine Verbindung zum RAS-Server für die Verbindung mit dem Namen "Breitbandverbindung" mit dem folgenden Gerät herzustellen:
Server address/Phone Number =
Device = WAN-Miniport (PPPOE)
Port = PPPoE2-0
MediaType = PPPoE.
Record Number: 175269
Source Name: RasClient
Time Written: 20090429201458.000000-000
Event Type: Informationen
User:

Computer Name: vaio
Event Code: 20223
Message: CoID={2F11430A-CE8C-40C4-8FBF-0511EF26A806}: Der Benutzer "vaio\trulli" hat eine Verbindung mit dem RAS-Server hergestellt, verwendet wurde das Gerät: "
Server address/Phone Number =
Device = WAN-Miniport (PPPOE)
Port = PPPoE2-0
MediaType = PPPoE".
Record Number: 175270
Source Name: RasClient
Time Written: 20090429201458.000000-000
Event Type: Informationen
User:

Computer Name: vaio
Event Code: 20224
Message: CoID={2F11430A-CE8C-40C4-8FBF-0511EF26A806}: Die Verbindung mit dem RAS-Server wurde von Benutzer "vaio\trulli" hergestellt.
Record Number: 175271
Source Name: RasClient
Time Written: 20090429201458.000000-000
Event Type: Informationen
User:

Computer Name: vaio
Event Code: 20225
Message: CoID={2F11430A-CE8C-40C4-8FBF-0511EF26A806}: Der Benutzer "vaio\trulli" hat erfolgreich eine Verbindung mit dem Namen "Breitbandverbindung" mit dem RAS-Server hergestellt. Die Verbindungsparameter lauten:
TunnelIpAddress = 78.53.86.2
TunnelIpv6Address = fe80::
Dial-in User = 03513296697.
Record Number: 175272
Source Name: RasClient
Time Written: 20090429201515.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: vaio
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 112021
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090429201940.902026-000
Event Type: Überwachung gescheitert
User:

Computer Name: vaio
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 112022
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090429201941.026826-000
Event Type: Überwachung gescheitert
User:

Computer Name: vaio
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 112023
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090429201941.136026-000
Event Type: Überwachung gescheitert
User:

Computer Name: vaio
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 112024
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090429201941.214026-000
Event Type: Überwachung gescheitert
User:

Computer Name: vaio
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 112025
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090429201941.276426-000
Event Type: Überwachung gescheitert
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\PROGRAM FILES\MICROSOFT SQL SERVER\90\TOOLS\BINN;C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\9.0\DLLSHARED;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot

-----------------EOF-----------------