| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner & Viren on Board durch ICQWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.05.2010, 21:23
| #1 |
 |  Trojaner & Viren on Board durch ICQ Hallo, leider sind auch wir auf den ICQ-Virus reingefallen ("schau mal das Foto an"...) ...Seitdem hat unser Anti-Viren-Programm (McAfee) viel zu tun. Fast täglich findet er neue Trojaner oder Viren und stellt sie unter Quarantäne (z.B. Generic.dx!sqg). Natürlich Entferne ich diese dann durch McAffee. Aber irgendwie habe ich das Gefühl, dass ich sie so nicht losbekomme, bzw. weiß ich nicht woran es liegt, dass plötzlich so viele "Schädlinge" den Weg zu unserem PC finden. Jetzt hoffe ich auf Eure Hilfe. Ich habe mir Eure Anleitung gut durchgelesen und hoffe, dass ich alles richtig gemacht habe :-) Den CCleaner habe ich installiert und durchlaufen lassen. Alle Fehler sind behoben. Danach habe ich mit Malwarebytes und RSIT weitergemacht. Hier die Ergebnisse: Report von Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4090 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 11.05.2010 20:53:36 mbam-log-2010-05-11 (20-53-36).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 127807 Laufzeit: 7 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Delete on reboot. Hier die beiden Logfiles von RSIT: info.txt Code:
ATTFilter logfile of random's system information tool 1.06 2010-05-11 21:08:12
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55B781F0-060E-11D4-99D7-00C04FCCB775}\Setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C183A21C-395A-490F-99D4-CCAB35E32859}\Setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97260AE9-A1EE-492E-8DCC-FD0AFF785720}\setup.exe" -l0x7 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2B38044-AEF2-40AF-BDD8-FEDE799A8633}\setup.exe" -l0x7 -removeonly
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
AAVUpdateManager-->MsiExec.exe /X{0D410F4D-9009-43F8-9DF1-BDADCE7FC43F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0.2 Patcher-->MsiExec.exe /I{4F0F82CF-F03A-4681-8606-C4FB3AE30E3A}
Adobe Photoshop Elements 5.0-->msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 9.3.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
AGEIA PhysX v7.07.09-->MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
Alps Pointing-device for VAIO-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}\setup.exe" -l0x7 -removeonly
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Browser Address Error Redirector-->regsvr32 /u /s "C:\PROGRA~1\GOOGLE~1\BAE.dll"
Call of Duty(R) - World at War(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0407
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FHMcomCharMarsh_scenes Screen Saver-->C:\Windows\system32\FHMcomCharMarsh_scenes.scr /u
FUSSBALL MANAGER 07-->C:\Program Files\EA SPORTS\FUSSBALL MANAGER 07\EAUninstall.exe
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\HXFSETUP.EXE -U -ISnSZIRXz.inf
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ7.1-->"C:\Program Files\InstallShield Installation Information\{71BFC818-0CED-42D6-9C87-5142918957EE}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LAN Setting Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5958CAC6-373E-402F-84FE-0A699AA920B9}\setup.exe" -l0x7 -removeonly
LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x0007 -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x7 LG -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Medal of Honor Airborne-->MsiExec.exe /X{25F28E39-FDBB-11DB-8314-0800200C9A66}
Medal of Honor Allied Assault(tm) Spearhead-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}\Setup.exe" -l0x7
Medal of Honor Pacific Assault(tm)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\setup.exe" -l0x7 -removeonly
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{7FB12670-0F93-4E1E-B2F5-4F339199A03A}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{849A32C3-E75A-4791-9B11-E568BA3525A4}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Native Instruments - Traktor 1.06-->C:\Audio\NATIVE~1\Traktor\UNINST~1\106\UNWISE.EXE C:\Audio\NATIVE~1\Traktor\UNINST~1\106\INSTALL.LOG
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenMG Secure Module 4.6.01-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3D79DB6E-73DA-46C9-B8FA-DAE52108246F} UNINSTALL
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Revo Uninstaller 1.87-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Roxio Easy Media Creator Home-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Setting Utility Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59452470-A902-477F-9338-9B88101681BD}\setup.exe" -l0x7 UNINSTALL -removeonly
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x7 -remove -removeonly
Silent Hill Homecoming-->"C:\Program Files\Steam\steam.exe" steam://uninstall/19000
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
Sony Snymsico for Vista-->MsiExec.exe /I{17C7703E-0B2A-4593-9CB7-E2FE14B6F8EA}
Sony Utilities DLL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9 -removeonly
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x7 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steuer-Spar-Erklärung 2008-->C:\Windows\unin0407.exe -fc:\users\anne\steuerpr\DeIsL1.isu
Steuer-Spar-Erklärung 2009-->MsiExec.exe /X{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
U3Launcher-->MsiExec.exe /I{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VAIO Aqua Breeze Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97BCD719-6ECB-458F-97D6-F38D2E07375E}\setup.exe" -l0x9 -removeonly
VAIO Camera Capture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D2576EC-A0E9-418A-A09A-409933A3B6F4}\setup.exe" -l0x7 -removeonly
VAIO Camera Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1417F599-1DBD-4499-9375-B2813E9F890C}\setup.exe" -l0x7 -removeonly
VAIO Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC37C108-821D-4EDE-8F40-D5B497586805}\setup.exe" -l0x7 -removeonly
VAIO Cozy Orange Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}\setup.exe" -l0x9 -removeonly
VAIO Data Restore Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\Setup.exe" -l0x7
VAIO Entertainment Platform-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe" -l0x7 -removeonly
VAIO Event Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x7 -removeonly
VAIO Hardware Diagnostics-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A947C2B3-7445-42C4-9063-EE704CACCB22}\Setup.exe" -l0x7
VAIO Information FLOW-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24960AC2-C413-4A86-B1C1-E4CCADCA44D3}\setup.exe" -l0x7 -removeonly
VAIO Media 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x7 UNINSTALL
VAIO Media Content Collection 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500162A0-4DD5-460A-BAFD-895AAE48C532}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media Integrated Server 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media Redistribution 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Media Registration Tool 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Photo 2007-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}\setup.exe" -l0x11 -removeonly
VAIO Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E319E96-ED8E-4B01-9775-C521A1869A25}\setup.exe" -l0x7 UNINSTALL -removeonly
VAIO Tender Green Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934A3213-1CB6-4264-84A2-EE080C017BCA}\setup.exe" -l0x9 -removeonly
VAIO Update 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x7 -removeonly
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WinDVD for VAIO-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0407
Wireless Switch Setting Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\setup.exe" -l0x7 -removeonly
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
Zulu DJ Software-->C:\Program Files\NCH Software\Zulu\uninst.exe
======Security center information======
AS: Windows-Defender (disabled) (outdated)
======System event log======
Computer Name: Marc-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Microsoft-Windows-DGT-Package-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18107() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 295263
Source Name: Microsoft-Windows-Servicing
Time Written: 20091104172022.000000-000
Event Type: Informationen
User:
Computer Name: Marc-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Microsoft-Windows-DGT-Package-MiniLP~31bf3856ad364e35~x86~de-DE~7.0.6002.18107() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 295262
Source Name: Microsoft-Windows-Servicing
Time Written: 20091104172022.000000-000
Event Type: Informationen
User:
Computer Name: Marc-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Microsoft-Windows-AutomationAPI-Package~31bf3856ad364e35~x86~~6.0.6002.18156() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 295261
Source Name: Microsoft-Windows-Servicing
Time Written: 20091104172022.000000-000
Event Type: Informationen
User:
Computer Name: Marc-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Microsoft-Windows-AutomationAPI-Package~31bf3856ad364e35~x86~zh-TW~6.0.6002.18156() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 295260
Source Name: Microsoft-Windows-Servicing
Time Written: 20091104172022.000000-000
Event Type: Informationen
User:
Computer Name: Marc-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Microsoft-Windows-AutomationAPI-Package~31bf3856ad364e35~x86~zh-HK~6.0.6002.18156() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 295259
Source Name: Microsoft-Windows-Servicing
Time Written: 20091104172022.000000-000
Event Type: Informationen
User:
=====Application event log=====
Computer Name: Marc-PC
Event Code: 0
Message:
Record Number: 94392
Source Name: McAfee SiteAdvisor Service
Time Written: 20090219100758.000000-000
Event Type: Informationen
User:
Computer Name: Marc-PC
Event Code: 2570
Message: Der Adobe Active File-Monitor-Service wurde gestartet.
Record Number: 94391
Source Name: Adobe Active File Monitor 5.0
Time Written: 20090219100757.000000-000
Event Type: Informationen
User:
Computer Name: Marc-PC
Event Code: 902
Message: Der Softwarelizenzierungsdienst wurde gestartet.
Record Number: 94390
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20090219100757.000000-000
Event Type: Informationen
User:
Computer Name: Marc-PC
Event Code: 1005
Message: Ergebnis der Inanspruchnahme von Windows-Rechten: hr=0x0
Record Number: 94389
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20090219100757.000000-000
Event Type: Informationen
User:
Computer Name: Marc-PC
Event Code: 1003
Message: Softwarelizenzierungsdienst hat die Überprüfung des Lizenzierungsstatus abgeschlossen.
Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f
Lizenzierungsstatus=
{1,[3a1d44e2-bede-46fb-8a02-0cd485a1db8b, 8, 0xC004F014,0x0]}
{1,[9e042223-03bf-49ae-808f-ff37f128d40d, 8, 0xC004F014,0x0]}
{1,[a3481201-436e-4fc9-88b4-34ccf7f81789, 8, 0xC004F014,0x0]}
{1,[a4eec485-e375-48b4-8f51-80d13a4086b6, 8, 0xC004F014,0x0]}
{1,[b6795467-dc45-4acf-af87-e948ee3f15f4, 8, 0xC004F014,0x0]}
{1,[bffdc375-bbd5-499d-8ef1-4f37b61c895f, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]}
{1,[c3505bd0-004a-49b9-84db-a1a4869eddf1, 8, 0xC004F014,0x0]}
{1,[c5d8ec70-e2ae-42d8-aaa9-eec3772438ee, 8, 0xC004F014,0x0]}
{1,[f3acdd3c-119a-4932-a3d7-0b6f33a1dca9, 8, 0xC004F014,0x0]}
{1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 8, 0xC004F014,0x0]}
Record Number: 94388
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20090219100757.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: Marc-PC
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.
Fehlercode: 2
Record Number: 70790
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090312135057.252110-000
Event Type: Überwachung gescheitert
User:
Computer Name: Marc-PC
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.
Fehlercode: 2
Record Number: 70789
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090312135057.251110-000
Event Type: Überwachung gescheitert
User:
Computer Name: Marc-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 70788
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090312113944.563110-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Marc-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: MARC-PC$
Kontodomäne: ARBEITSGRUPPE
Anmelde-ID: 0x3e7
Anmeldetyp: 5
Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x2f0
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 70787
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090312113944.563110-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Marc-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: MARC-PC$
Kontodomäne: ARBEITSGRUPPE
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Zielserver:
Zielservername: localhost
Weitere Informationen: localhost
Prozessinformationen:
Prozess-ID: 0x2f0
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Netzwerkadresse: -
Port: -
Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 70786
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090312113944.563110-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
-----------------EOF-----------------
Code:
ATTFilter Logfile of random's system information tool 1.07 (written by random/random) Run by Anne at 2010-05-11 21:07:44 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 9 GB (9%) free of 105 GB Total RAM: 2045 MB (55% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:08:09, on 11.05.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Users\Anne\AppData\Local\Temp\nvdis.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\ProgramData\U3\U3Launcher\LaunchU3.exe C:\Program Files\Apoint\Apntex.exe C:\Windows\ehome\ehmsas.exe C:\Users\Anne\AppData\Local\Temp\nvdis.exe C:\Users\Public\winsvcn.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Anne\Desktop\RSIT.exe C:\Program Files\trend micro\Anne.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [WinSrvsMngr] C:\Users\Public\winupdmgr.exe O4 - HKCU\..\Run: [WindowsUpdateService] C:\Users\Public\winsvcn.exe O4 - HKCU\..\Run: [Windows Control Service] C:\Users\Public\winvscn.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Google Updater] C:\Users\Anne\AppData\Local\Temp\nvdis.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\Users\Anne\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\R9EUVHTJ\INDEX_~2.SH! C:\Users\Anne\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EWLI1C0M\INDEX_~1.SH! C:\Users\Anne\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\UHOVKXKH\INFDD4~1.SH! (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Anne\AppData\Local\Temp\Low\HSPERF~1.SH! (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\Users\Anne\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\R9EUVHTJ\INDEX_~2.SH! C:\Users\Anne\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EWLI1C0M\INDEX_~1.SH! C:\Users\Anne\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\UHOVKXKH\INFDD4~1.SH! (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Anne\AppData\Local\Temp\Low\HSPERF~1.SH! (User 'Default user') O4 - Startup: LaunchU3.exe.lnk = ? O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - K:\Spiele\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13136 bytes ======Scheduled tasks folder====== C:\Windows\tasks\McDefragTask.job C:\Windows\tasks\McQcTask.job C:\Windows\tasks\User_Feed_Synchronization-{15A120CC-DE56-4CA8-A7F1-B6A324B7FAC3}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}] McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - C:\PROGRA~1\GOOGLE~1\BAE.dll [2006-06-23 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048] {855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "Apoint"=C:\Program Files\Apoint\Apoint.exe [2006-09-11 118784] "VAIOCameraUtility"=C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe [2006-11-14 411768] "ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2006-11-11 43128] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-12-07 7766016] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-12-07 81920] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "McAfee Backup"=C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [2009-07-08 5134864] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] " Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "Steam"=C:\Program Files\Steam\Steam.exe [2010-05-09 1238352] "WinSrvsMngr"=C:\Users\Public\winupdmgr.exe [2010-04-28 77824] "WindowsUpdateService"=C:\Users\Public\winsvcn.exe [2010-04-19 73728] "Windows Control Service"=C:\Users\Public\winvscn.exe [2010-04-28 80384] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] "Google Updater"=C:\Users\Anne\AppData\Local\Temp\nvdis.exe [2010-05-02 159744] "ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2010-04-22 133368] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup LaunchU3.exe.lnk - C:\Users\Anne\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon] C:\Windows\system32\VESWinlogon.dll [2006-11-24 73728] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2927658-3589-11de-bcf2-9d6fa5278c9f}] shell\AutoRun\command - H:\LaunchU3.exe -a ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-05-11 21:07:45 ----D---- C:\Program Files\trend micro 2010-05-11 21:07:44 ----D---- C:\rsit 2010-05-11 19:26:34 ----D---- C:\Users\Anne\AppData\Roaming\Malwarebytes 2010-05-11 19:26:22 ----D---- C:\ProgramData\Malwarebytes 2010-05-11 19:26:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-05-11 18:58:55 ----D---- C:\Program Files\CCleaner 2010-05-03 15:23:12 ----RSHD---- C:\RECYCLER 2010-04-28 22:01:56 ----SHD---- C:\Config.Msi 2010-04-22 20:06:21 ----D---- C:\Program Files\ICQ7.1 2010-04-22 12:44:10 ----D---- C:\Program Files\VS Revo Group 2010-04-15 06:33:10 ----A---- C:\Windows\system32\vbscript.dll 2010-04-15 06:33:05 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-04-15 06:33:04 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-04-15 06:32:32 ----A---- C:\Windows\system32\iphlpsvc.dll 2010-04-14 10:28:59 ----A---- C:\Windows\system32\wintrust.dll 2010-04-14 10:28:56 ----A---- C:\Windows\system32\cabview.dll ======List of files/folders modified in the last 1 months====== 2010-05-11 21:07:55 ----D---- C:\Windows\Temp 2010-05-11 21:07:45 ----RD---- C:\Program Files 2010-05-11 21:02:50 ----D---- C:\Program Files\Common Files\Steam 2010-05-11 21:02:26 ----D---- C:\Program Files\Steam 2010-05-11 20:58:49 ----D---- C:\Windows 2010-05-11 20:58:02 ----RSD---- C:\Windows\Fonts 2010-05-11 20:58:02 ----D---- C:\Windows\system32\drivers 2010-05-11 20:57:52 ----D---- C:\Program Files\ICQToolbar 2010-05-11 20:55:08 ----D---- C:\Windows\Minidump 2010-05-11 19:26:22 ----HD---- C:\ProgramData 2010-05-11 19:04:31 ----D---- C:\Windows\Debug 2010-05-11 11:40:06 ----D---- C:\Windows\tracing 2010-05-11 09:48:19 ----SHD---- C:\System Volume Information 2010-05-11 09:45:12 ----D---- C:\Users\Anne\AppData\Roaming\ICQ 2010-05-10 23:24:30 ----D---- C:\Windows\Prefetch 2010-05-09 01:03:18 ----D---- C:\Users\Anne\AppData\Roaming\Skype 2010-05-06 10:36:38 ----N---- C:\Windows\system32\MpSigStub.exe 2010-05-01 18:37:03 ----D---- C:\Windows\System32 2010-05-01 18:37:03 ----D---- C:\Windows\inf 2010-05-01 18:37:03 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-04-29 08:35:00 ----D---- C:\ProgramData\NOS 2010-04-29 08:34:56 ----SD---- C:\Windows\Downloaded Program Files 2010-04-28 22:07:51 ----SHD---- C:\Windows\Installer 2010-04-28 22:05:36 ----D---- C:\ProgramData\Adobe 2010-04-28 22:04:11 ----D---- C:\Program Files\Common Files\Adobe 2010-04-28 22:03:25 ----D---- C:\Program Files\Adobe 2010-04-28 19:02:37 ----D---- C:\Windows\winsxs 2010-04-28 10:16:16 ----D---- C:\Windows\system32\catroot2 2010-04-28 10:16:16 ----D---- C:\Windows\system32\catroot 2010-04-26 21:47:31 ----SD---- C:\Users\Anne\AppData\Roaming\Microsoft 2010-04-22 20:07:28 ----D---- C:\Program Files\ICQ6Toolbar 2010-04-22 20:07:23 ----HD---- C:\Program Files\InstallShield Installation Information 2010-04-22 20:07:20 ----D---- C:\ProgramData\ICQ 2010-04-22 12:48:07 ----D---- C:\Program Files\EA GAMES 2010-04-15 19:19:40 ----D---- C:\Program Files\Windows Mail ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2006-10-18 10216] R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-09-16 214664] R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424] R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896] R2 ACEDRV07;ACEDRV07; \??\C:\Windows\system32\drivers\ACEDRV07.sys [2007-09-12 101376] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-08-30 140800] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 E100B;Intel(R) PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-10-31 165760] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848] R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-09-16 79816] R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-09-16 35272] R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-09-16 40552] R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-12-07 4456416] R3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2006-10-27 72704] R3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2006-10-27 43904] R3 SNC;Sony Firmware Extension Parser Device; C:\Windows\System32\Drivers\SonyNC.sys [2006-10-13 27520] R3 SonyImgF;Sony Image Conversion Filter Driver; C:\Windows\system32\DRIVERS\SonyImgF.sys [2006-09-06 30976] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-02-06 650240] R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2006-11-06 227328] R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600] R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-10 93696] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-10 93696] S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 e1express;Intel(R) PRO/1000 PCI Express-Netzwerkverbindungstreiber; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-09-16 34248] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2006-11-21 113792] S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480] S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2006-10-05 73600] S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612] S3 tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2006-10-28 40960] S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416] S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840] S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S4 SI3132;SiI-3132 SATALink Controller; C:\Windows\system32\DRIVERS\SI3132.sys [2006-11-01 74672] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AAV UpdateService;AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296] R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-12-22 108712] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696] R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640] R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 SQLBrowser;SQL Server-Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 77824] R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2006-11-24 182392] R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2006-09-26 172032] R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2006-09-26 135168] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560] R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736] R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2006-08-23 274432] S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S2 PnkBstrA;PunkBuster; K:\Spiele\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072] S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe [2006-10-04 57344] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe [2006-10-04 57344] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe [2006-10-04 69632] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-05-11 390952] S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2007-01-12 73728] S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2007-01-16 2523136] S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312] S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536] S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2007-01-08 491520] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536] S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408] -----------------EOF----------------- Ich hoffe, das Problem hält sich in Grenzen und Ihr könnt mir helfen ?! Gruß Nuari |
|
12.05.2010, 08:10
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner & Viren on Board durch ICQ Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
12.05.2010, 19:35
| #3 |
| | Trojaner & Viren on Board durch ICQ Guten Abend :-)
__________________...so, ich habe die erforderlichen "Scans" durchgeführt. Hier die Ergebnisse... Malwarebytes Vollscan Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4090 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 12.05.2010 20:11:58 mbam-log-2010-05-12 (20-11-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 261561 Laufzeit: 1 Stunde(n), 31 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL Analyse Code:
ATTFilter OTL Extras logfile created on: 12.05.2010 20:20:51 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Anne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,48 Gb Total Space | 8,11 Gb Free Space | 7,91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MARC-PC
Current User Name: Anne
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0141EDB0-F960-4172-8804-B45B3A232AF7}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{1F2BCF97-3B63-43ED-A967-45E7B3EB1A79}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{206F1429-4A88-4892-8AFD-4F55A879F9E3}" = rport=445 | protocol=6 | dir=out | app=system |
"{2CA950DA-D07A-401B-94B1-00971756F81D}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{2FE04B2E-8852-468C-B196-A1C2C1F8738E}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{41A9ED02-183F-413A-863A-C3FD2CF56199}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{43C67D2C-93F6-45CB-AD6B-679557A0A4B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{4631936B-86E4-4874-AD7E-08AA514BE214}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{47228324-D5D5-46F6-B118-B5A112BD19A4}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{5140A2D5-B875-4204-8861-9C6A5FA737F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D4009C5-2E18-43FA-BD3D-7A5C3BAC3285}" = lport=2869 | protocol=6 | dir=in | app=system |
"{651D9F11-EACB-4F6F-8E4E-84BA9D0D479D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71ECEB4B-8BA8-40A3-8A43-877EA060EA23}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D6F06F9-D075-4B3C-BE10-EE161FB43399}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{8F0BD98C-19AA-4128-933D-9F2C5B9D914C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{94F08B2E-5D5B-409B-8834-E453152D6231}" = lport=2869 | protocol=6 | dir=in | app=system |
"{959313ED-3B20-4DBD-B96C-8CBE72353C98}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9895AE91-A12D-4333-8BC4-DAA499F0786B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A729F6A6-4818-4E52-B291-234775EDF72E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B0B5536D-07C2-4495-8310-87F4784B286F}" = rport=139 | protocol=6 | dir=out | app=system |
"{B451B642-36C0-4958-88DB-AFCCFC76AA1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD16ADA6-DC8C-4F77-8412-CA6B38BE7B31}" = lport=445 | protocol=6 | dir=in | app=system |
"{CCC25534-C0E3-4932-8591-8C0F9072C4D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CDE06401-43F0-40F0-AED9-61C59149F50A}" = lport=138 | protocol=17 | dir=in | app=system |
"{CE0A00FB-87ED-4D89-95B2-1B5061A30643}" = lport=137 | protocol=17 | dir=in | app=system |
"{D03BB095-81B4-479D-8C53-F125BB48DFC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E6661A68-D8EB-451A-9377-649D59423F63}" = rport=138 | protocol=17 | dir=out | app=system |
"{E7E650D8-8902-4DF3-97D4-EEE95B7FB120}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{E8F328FB-DD77-4A9E-9FA7-E0EFC9F4AF39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB6E9ED1-027A-47A3-9ABF-876F3B03C16C}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DF6CFA-40D9-4F6E-812E-244ADD190DBA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{01F765A1-51AC-4FE2-B4D6-82B9F796A45A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0934A995-5E1D-40C5-8C76-F57662C645B3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0C1A4BFC-9245-4B8C-8BBC-62F0B881B795}" = protocol=6 | dir=out | app=system |
"{12FED8DC-4327-4852-90A9-6C030F1C8076}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1BE306BD-B0AF-4FE8-9AB4-B91672B9C59A}" = protocol=6 | dir=in | app=k:\spiele\unrealengine3\binaries\moha.exe |
"{1DE5A667-C9B2-42D1-899E-B9EF26285B35}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1E4543BB-B0D4-4EF2-8F3A-F6C2CAA1337E}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F1B7C13-3500-4A57-83E7-22258EF223CB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{21BA97E3-3912-4B1A-BC8F-95E869F7BA48}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{2D6EE771-09AB-418C-A907-213BABBCADF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{38977865-B776-4C23-8F96-916D5FF2022F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{38B3FCB6-8660-47CB-A596-F6F8C5DD2FFB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3AF93B63-2332-4DBA-8179-189AA9B6883C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{3F151DB8-CB22-42F4-A71C-5D0CEB191CE5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{42CC82C8-2E6B-40BC-9F80-6950136DBDAB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{466FB82E-8856-43EC-AD4F-9566F31A6C50}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{470617E8-BBC3-43B2-97AD-D70B94D51ECE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\silent hill homecoming\bin\silenthill.exe |
"{47DA29F6-350E-4B10-87F8-33A543052EA0}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{4BC438A4-EBE2-4DDA-934E-AA101BF0EBD1}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{4DF8AE98-2C7B-4264-94C3-702485656403}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{528473FB-D777-470F-97E0-18DE3EB034CA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\silent hill homecoming\bin\silenthill.exe |
"{56EC9C8F-DDA4-43F5-BFFD-B179C45BCDCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{660673FA-7965-4957-BA4A-EFD96BC6C499}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{66D6A128-2489-401E-8DA4-5AD9F4FBA5CA}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{68F548E5-FE33-4889-BB29-DE409C695386}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6E2FA903-96EC-4C86-AACE-D47569627ADE}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{719B336D-4A89-4DC1-AE97-D503B6CBB8CA}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{72B391EA-350C-4AF4-84CE-E067857BB4D5}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{7BC495E8-9028-46B3-BEA4-C094F1AB9B2D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{7DC6A0BE-92C8-4C2A-B988-766BEA24E577}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8774E354-9337-4169-AEE6-9E0ED2EB756A}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{89F67C38-4681-4EA9-8B2D-394F76E63B6B}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{8EA2BA9A-EEE5-4838-9856-E76823E77204}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8F1390D7-20DD-4F71-A31C-95FF949E0031}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FAD7E95-34F5-40E9-B2B1-D13E708B14D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{965EC27F-A33D-4944-9635-B90D07FF64D3}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{96CE558F-7A8F-4ED4-A8F1-5888117ECBB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9D27720D-A072-4C83-A49D-4F85F39F05C0}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{A5F0F7A4-760A-4B1E-93EB-7C1E0A749692}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A60A0443-36D7-4E5D-B6B4-794CFC8ADE2E}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{ABBF4276-7C41-4245-8DBA-9FD3DFFC7355}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{AD9CE05B-8592-4136-9CEC-56D760E64749}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{B1F9FA6E-E0F1-45E4-A772-E18DCD96E036}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B4C26E50-97F8-422C-B368-8B3A24A7E349}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5AC7D36-CDC4-4A87-AE35-C03F49F42D6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B76C387E-F4CF-4559-80C9-09C892FFCB7D}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{CF63EF43-9E90-451A-A6E4-08B4A51E04A0}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{D26C2798-68E4-410F-BC60-C1CA77A11255}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E32F4DD7-F9EF-43C8-900F-B00F87733314}" = protocol=6 | dir=out | app=system |
"{E7E34E0E-74DC-4621-B066-7E15046B796E}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{EA746E8A-D78F-46AD-BB88-A98E2EB525C1}" = protocol=17 | dir=in | app=k:\spiele\unrealengine3\binaries\moha.exe |
"{F30C496E-16AA-401D-BDAA-7367B6CF0852}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{FAC39D9D-26A3-4B42-9251-EDCE7B23E862}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{FD7BA1F4-65E2-42D8-B3E6-C22511F02535}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"TCP Query User{08F15A51-F56B-4806-9750-7C5A00915B2A}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{0F82C4F6-5137-4678-9C2E-9C475C6E7698}C:\gamigo games\smash online\smashonline.exe" = protocol=6 | dir=in | app=c:\gamigo games\smash online\smashonline.exe |
"TCP Query User{3C9CB928-5274-4B86-918D-F121F30957C2}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"TCP Query User{41F8FF9A-E754-4197-A181-07C122107456}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4B71AA99-3C8A-4C25-9417-754C4888EBD9}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"TCP Query User{4E9E2498-84A8-4EA8-BA51-82FE9EFFC4AD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{85D0BB6C-00A7-4157-8D74-1B30BA151771}C:\gamigo games\smash online\smashonline.exe" = protocol=6 | dir=in | app=c:\gamigo games\smash online\smashonline.exe |
"TCP Query User{9BD2CAB1-D359-4228-BF86-C886C6FD7165}C:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"TCP Query User{A1E0452E-A800-4479-A94B-FD5A994DEBB8}K:\spiele marc\mohpa.exe" = protocol=6 | dir=in | app=k:\spiele marc\mohpa.exe |
"TCP Query User{A69C32EA-7AE5-49B1-97B4-4D462B5ADA56}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{D12E3683-DABF-47AB-AD67-B5B12B1FBF95}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D1F18FD1-22AE-4A35-9C09-172266AB94E0}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{E2903D0C-9A2E-45B1-AD5A-DF7C7D848E42}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{FF51C641-9D11-4490-B4D0-0630AB0AA7B2}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{131D1105-E9E5-4B7B-825C-5DA043D0BAB8}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{2BEEB9F6-7898-4305-BAB2-1C5400053AE4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{43F61BBF-0EF3-44CE-A262-2EAF0BF574EA}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{50B42948-025E-4794-A238-8E6C4348DAC9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{598AF476-F7DE-4033-BED4-F71BB3B5B5BB}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{69305D07-EB96-471F-A7EC-31CCF0F58B9A}K:\spiele marc\mohpa.exe" = protocol=17 | dir=in | app=k:\spiele marc\mohpa.exe |
"UDP Query User{7154165B-8E16-4943-AE3D-CAD7B4640C0D}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"UDP Query User{A3972A2E-8CE7-4FEE-A610-B52032A1B841}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{AADBEFA2-8B0E-4285-B024-457FDBF5DB4D}C:\gamigo games\smash online\smashonline.exe" = protocol=17 | dir=in | app=c:\gamigo games\smash online\smashonline.exe |
"UDP Query User{AB630CDF-AF47-442E-8274-21599DF66D78}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"UDP Query User{B2A25010-496A-4DBC-BBDD-E48F167AF2DB}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{D4D94143-6833-4913-BB63-6DAF72A59827}C:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"UDP Query User{DD79E6BA-B979-46A6-B44C-6B6A2259DE43}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{E0855FDB-5ADA-48BC-8537-8D9F47C8B927}C:\gamigo games\smash online\smashonline.exe" = protocol=17 | dir=in | app=c:\gamigo games\smash online\smashonline.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D410F4D-9009-43F8-9DF1-BDADCE7FC43F}" = AAVUpdateManager
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{17C7703E-0B2A-4593-9CB7-E2FE14B6F8EA}" = Sony Snymsico for Vista
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{23DD6DAA-DDEF-41F5-A527-CECF07FA2CAF}" = 1500
"{24960AC2-C413-4A86-B1C1-E4CCADCA44D3}" = VAIO Information FLOW
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3D79DB6E-73DA-46C9-B8FA-DAE52108246F}" = OpenMG Secure Module 4.6.01
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4F0F82CF-F03A-4681-8606-C4FB3AE30E3A}" = Adobe Photoshop Elements 5.0.2 Patcher
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" =
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" =
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault(tm) Spearhead
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{97260AE9-A1EE-492E-8DCC-FD0AFF785720}" =
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C183A21C-395A-490F-99D4-CCAB35E32859}" =
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2B38044-AEF2-40AF-BDD8-FEDE799A8633}" =
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"FHMcomCharMarsh_scenes" = FHMcomCharMarsh_scenes Screen Saver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{3D79DB6E-73DA-46C9-B8FA-DAE52108246F}" = OpenMG Secure Module 4.6.01
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"MSC" = McAfee SecurityCenter
"Native Instruments - Traktor 1.06" = Native Instruments - Traktor 1.06
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"PROSet" = Intel(R) PRO Network Connections Drivers
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.87
"Skype_is1" = Skype 2.5
"Steam App 19000" = Silent Hill Homecoming
"Steuer-Spar-Erklärung 2008 deinstallieren" = Steuer-Spar-Erklärung 2008
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"XviD_is1" = XviD MPEG-4 Video Codec
"Zulu" = Zulu DJ Software
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.05.2010 08:07:21 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung winupdmgr.exe, Version 0.0.0.0, Zeitstempel
0x4bd7f51d, fehlerhaftes Modul WS2_32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a798,
Ausnahmecode 0xc0000005, Fehleroffset 0x00016342, Prozess-ID 0x1020, Anwendungsstartzeit
01caef702186ba0f.
Error - 10.05.2010 04:36:53 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung winvscn.exe, Version 0.0.0.0, Zeitstempel 0x4bd8364e,
fehlerhaftes Modul WS2_32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a798,
Ausnahmecode 0xc0000005, Fehleroffset 0x00016342, Prozess-ID 0xc20, Anwendungsstartzeit
01caf01be016c204.
Error - 10.05.2010 06:38:13 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung winupdmgr.exe, Version 0.0.0.0, Zeitstempel
0x4bd7f51d, fehlerhaftes Modul WS2_32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a798,
Ausnahmecode 0xc0000005, Fehleroffset 0x00016342, Prozess-ID 0x4f8, Anwendungsstartzeit
01caf02cd913bea4.
Error - 10.05.2010 12:28:09 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung winvscn.exe, Version 0.0.0.0, Zeitstempel 0x4bd8364e,
fehlerhaftes Modul WS2_32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a798,
Ausnahmecode 0xc0000005, Fehleroffset 0x00016342, Prozess-ID 0xf94, Anwendungsstartzeit
01caf05d7d3d032f.
Error - 11.05.2010 03:44:08 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung winvscn.exe, Version 0.0.0.0, Zeitstempel 0x4bd8364e,
fehlerhaftes Modul WS2_32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a798,
Ausnahmecode 0xc0000005, Fehleroffset 0x00016342, Prozess-ID 0x558, Anwendungsstartzeit
01caf0ddadfcc098.
Error - 11.05.2010 03:45:50 | Computer Name = Marc-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.1.0.2096 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: b28 Anfangszeit: 01caf0ddbd8f6a88 Zeitpunkt der Beendigung:
110
Error - 11.05.2010 15:01:21 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung winvscn.exe, Version 0.0.0.0, Zeitstempel 0x4bd8364e,
fehlerhaftes Modul WS2_32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a798,
Ausnahmecode 0xc0000005, Fehleroffset 0x00016342, Prozess-ID 0x14dc, Anwendungsstartzeit
01caf13c43328282.
Error - 11.05.2010 15:03:05 | Computer Name = Marc-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.1.0.2096 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1398 Anfangszeit: 01caf13c4019d8a2 Zeitpunkt der Beendigung:
21
Error - 12.05.2010 12:37:41 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung winvscn.exe, Version 0.0.0.0, Zeitstempel 0x4bd8364e,
fehlerhaftes Modul WS2_32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a798,
Ausnahmecode 0xc0000005, Fehleroffset 0x00016342, Prozess-ID 0x1474, Anwendungsstartzeit
01caf1f1613f9037.
Error - 12.05.2010 12:39:59 | Computer Name = Marc-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.1.0.2096 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 134c Anfangszeit: 01caf1f1588b8937 Zeitpunkt der Beendigung:
22
[ System Events ]
Error - 11.05.2010 03:40:37 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 11.05.2010 03:50:47 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 11.05.2010 03:50:47 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.05.2010 14:59:41 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.05.2010 14:59:41 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.05.2010 15:00:17 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 12.05.2010 03:32:07 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 12.05.2010 12:30:19 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.05.2010 12:30:19 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.05.2010 12:31:17 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 12.05.2010 20:20:51 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Anne\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 102,48 Gb Total Space | 8,11 Gb Free Space | 7,91% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARC-PC Current User Name: Anne Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Anne\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Anne\AppData\Local\Temp\nvdis.exe ( ) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Users\Public\winsvcn.exe () PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) PRC - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.) PRC - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.) PRC - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee) PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) PRC - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.) PRC - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\ProgramData\U3\U3Launcher\LaunchU3.exe () PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () PRC - C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) ========== Modules (SafeList) ========== MOD - C:\Users\Anne\Desktop\OTL.exe (OldTimer Tools) MOD - c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (McODS) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.) SRV - (McShield) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee) SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (McProxy) -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) SRV - (MSSQL$VAIO_VEDB) SQL Server (VAIO_VEDB) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (SiFilter) -- C:\Windows\system32\drivers\siwinacc.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\Windows\system32\drivers\siremfil.sys (Silicon Image, Inc.) DRV - (SI3132) -- C:\Windows\system32\DRIVERS\SI3132.sys (Silicon Image, Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh) DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\TosRfhid.sys (TOSHIBA Corporation.) DRV - (SonyImgF) -- C:\Windows\System32\drivers\SonyImgF.sys (Sony Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.04.23 05:04:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.24 22:51:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.29 08:34:56 | 000,000,000 | ---D | M] [2008.08.19 16:43:16 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\mozilla\Extensions [2010.05.01 18:32:59 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\mozilla\Firefox\Profiles\qc82bxfd.default\extensions [2009.09.06 15:12:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anne\AppData\Roaming\mozilla\Firefox\Profiles\qc82bxfd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.30 04:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne\AppData\Roaming\mozilla\Firefox\Profiles\qc82bxfd.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.04.24 20:17:18 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\FireFox\Profiles\qc82bxfd.default\searchplugins\icqplugin-1.xml [2009.12.09 23:19:09 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\FireFox\Profiles\qc82bxfd.default\searchplugins\icqplugin-2.xml [2010.01.11 20:41:41 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\FireFox\Profiles\qc82bxfd.default\searchplugins\icqplugin-3.xml [2010.01.13 20:22:34 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\FireFox\Profiles\qc82bxfd.default\searchplugins\icqplugin-4.xml [2010.02.25 19:07:45 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\FireFox\Profiles\qc82bxfd.default\searchplugins\icqplugin-5.xml [2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\FireFox\Profiles\qc82bxfd.default\searchplugins\icqplugin.xml [2009.11.10 19:34:58 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009.10.30 17:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.12.02 18:23:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.12.02 18:23:12 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2009.12.02 18:23:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.12.02 18:23:13 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009.12.02 18:23:13 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll () O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Google Updater] C:\Users\Anne\AppData\Local\Temp\nvdis.exe ( ) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [Windows Control Service] C:\Users\Public\winvscn.exe () O4 - HKCU..\Run: [WindowsUpdateService] C:\Users\Public\winsvcn.exe () O4 - HKCU..\Run: [WinSrvsMngr] C:\Users\Public\winupdmgr.exe () O4 - Startup: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Users\Anne\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.74.11 192.168.0.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\sheepworld-003.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\sheepworld-003.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b2927658-3589-11de-bcf2-9d6fa5278c9f}\Shell - "" = AutoRun O33 - MountPoints2\{b2927658-3589-11de-bcf2-9d6fa5278c9f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.12 20:18:47 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe [2010.05.11 21:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010.05.11 21:07:44 | 000,000,000 | ---D | C] -- C:\rsit [2010.05.11 19:26:34 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Malwarebytes [2010.05.11 19:26:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.11 19:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.11 19:26:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.11 19:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.05.11 18:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.05.03 15:23:12 | 000,000,000 | RHSD | C] -- C:\RECYCLER [2010.04.28 22:01:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.04.28 21:59:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Installationsprogramm für Adobe Reader 9 [2010.04.22 20:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.1 [2010.04.22 12:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2010.04.15 06:33:10 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.15 06:33:05 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.15 06:33:04 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.15 06:32:43 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010.04.15 06:32:43 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.12 20:20:01 | 003,145,728 | -HS- | M] () -- C:\Users\Anne\ntuser.dat [2010.05.12 20:20:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{15A120CC-DE56-4CA8-A7F1-B6A324B7FAC3}.job [2010.05.12 20:19:06 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe [2010.05.12 18:39:08 | 000,033,625 | ---- | M] () -- C:\Windows\System32\Config.MPF [2010.05.12 18:37:01 | 000,002,431 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk [2010.05.12 18:29:35 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.12 18:29:34 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.12 18:29:29 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2010.05.12 18:29:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.12 18:29:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.12 13:26:11 | 000,000,625 | ---- | M] () -- C:\Windows\System32\MRT.INI [2010.05.12 13:25:40 | 000,524,288 | -HS- | M] () -- C:\Users\Anne\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.05.12 13:25:40 | 000,065,536 | -HS- | M] () -- C:\Users\Anne\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.05.12 13:21:23 | 002,643,114 | -H-- | M] () -- C:\Users\Anne\AppData\Local\IconCache.db [2010.05.11 21:07:09 | 000,824,681 | ---- | M] () -- C:\Users\Anne\Desktop\RSIT.exe [2010.05.11 19:26:25 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.11 18:59:03 | 000,001,712 | ---- | M] () -- C:\Users\Anne\Desktop\CCleaner.lnk [2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.03 18:15:47 | 000,000,000 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\chrtmp [2010.05.02 11:30:00 | 000,288,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.01 18:37:03 | 001,693,148 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.01 18:37:03 | 000,722,454 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.01 18:37:03 | 000,673,492 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.01 18:37:03 | 000,167,216 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.01 18:37:03 | 000,135,928 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.01 01:00:08 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\McQcTask.job [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.28 22:07:28 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.04.22 12:44:10 | 000,001,099 | ---- | M] () -- C:\Users\Anne\Desktop\Revo Uninstaller.lnk [2010.04.15 16:09:10 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job [2010.04.13 07:10:15 | 000,088,064 | ---- | M] () -- C:\Users\Anne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.12 13:26:11 | 000,000,625 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.05.11 21:07:00 | 000,824,681 | ---- | C] () -- C:\Users\Anne\Desktop\RSIT.exe [2010.05.11 19:26:25 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.11 18:59:03 | 000,001,712 | ---- | C] () -- C:\Users\Anne\Desktop\CCleaner.lnk [2010.05.03 18:15:47 | 000,000,000 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\chrtmp [2010.04.28 22:04:24 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.04.22 12:44:10 | 000,001,099 | ---- | C] () -- C:\Users\Anne\Desktop\Revo Uninstaller.lnk [2009.07.10 11:56:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.07.03 23:30:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2008.07.03 23:30:57 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2008.07.03 23:30:57 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2008.07.03 23:30:57 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll [2007.12.20 21:58:24 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2007.06.19 09:59:36 | 000,070,400 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2007.04.20 08:57:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.12.22 21:59:14 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2006.12.22 21:48:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2006.12.22 21:44:18 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2006.12.22 21:38:51 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll [2006.12.01 10:24:02 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2006.11.09 11:42:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.08 16:02:38 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.11.08 16:02:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.31 18:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.08.10 16:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll [2005.07.22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2004.12.20 11:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2004.12.20 11:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [1999.01.22 20:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL < End of report > Gruß Nuari |
|
12.05.2010, 20:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner & Viren on Board durch ICQ Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - C:\Users\Public\winsvcn.exe ()
PRC - C:\Users\Anne\AppData\Local\Temp\nvdis.exe ( )
SRV - (CLTNetCnService) -- File not found
O4 - HKCU..\Run: [Google Updater] C:\Users\Anne\AppData\Local\Temp\nvdis.exe ( )
O4 - HKCU..\Run: [Windows Control Service] C:\Users\Public\winvscn.exe ()
O4 - HKCU..\Run: [WindowsUpdateService] C:\Users\Public\winsvcn.exe ()
O4 - HKCU..\Run: [WinSrvsMngr] C:\Users\Public\winupdmgr.exe ()
O4 - Startup: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Users\Anne\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
[2010.05.12 18:29:29 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
:Files
C:\Users\Public\winsvcn.exe
C:\Users\Anne\AppData\Local\Temp\nvdis.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.05.2010, 22:48
| #5 |
| | Trojaner & Viren on Board durch ICQ Hallo, hier das Ergebnis: All processes killed ========== OTL ========== No active process named winsvcn.exe was found! No active process named nvdis.exe was found! Service CLTNetCnService stopped successfully! Service CLTNetCnService deleted successfully! File File not found not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Updater deleted successfully. C:\Users\Anne\AppData\Local\Temp\nvdis.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Control Service deleted successfully. C:\Users\Public\winvscn.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsUpdateService deleted successfully. C:\Users\Public\winsvcn.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WinSrvsMngr deleted successfully. C:\Users\Public\winupdmgr.exe moved successfully. C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk moved successfully. C:\Users\Anne\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe moved successfully. C:\Windows\System32\Ikeext.etl moved successfully. ========== FILES ========== File\Folder C:\Users\Public\winsvcn.exe not found. File\Folder C:\Users\Anne\AppData\Local\Temp\nvdis.exe not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Anne ->Temp folder emptied: 418769 bytes ->Temporary Internet Files folder emptied: 52406243 bytes ->Java cache emptied: 98953539 bytes ->FireFox cache emptied: 73792514 bytes ->Google Chrome cache emptied: 6089182 bytes ->Flash cache emptied: 12713 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User User: Marc User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1249280 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 600437 bytes RecycleBin emptied: 500459 bytes Total Files Cleaned = 223,00 mb OTL by OldTimer - Version 3.2.4.1 log created on 05122010_233724 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\JET6E9A.tmp not found! File\Folder C:\Windows\temp\mcafee_Fs9GM3zsGmcAfws not found! File\Folder C:\Windows\temp\mcafee_suxCfhcNKrRMcOX not found! File\Folder C:\Windows\temp\mcmsc_5hvyhYDLi2iMOhJ not found! File\Folder C:\Windows\temp\mcmsc_VbixZDddX2KEcsG not found! File\Folder C:\Windows\temp\mcmsc_Xh9MCtBNn6tgS53 not found! File\Folder C:\Windows\temp\sqlite_5yWjCQJ3ZyE5Zyf not found! File\Folder C:\Windows\temp\sqlite_hnK9mmbBOLeebrc not found! File\Folder C:\Windows\temp\sqlite_jag6UFaPiGHz6qb not found! File\Folder C:\Windows\temp\sqlite_Kf4gP9eMI38D4bB not found! Registry entries deleted on Reboot... Gruß Nuari |
|
13.05.2010, 14:16
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner & Viren on Board durch ICQ Dann mach mal jetzt bitte nen Durchgang mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Trojaner & Viren on Board durch ICQ |
|
14.05.2010, 22:50
| #7 |
| | Trojaner & Viren on Board durch ICQ Hallo, ich habe mehrmals versucht, ComboFix auszuführen - leider ohne Erfolg. Beim ersten Mal kam ich bis zum Haftungsausschluss, danach hat sich gar nichts mehr getan. Das lag wohl daran, dass ich keine Internetverbindung mehr hatte. Also habe ich einen Neustart durchgeführt und ComboFix erneut gestartet. Danach kam ich etwas weiter. ComboFix hat sich Updates runtergeladen. Für kurze Zeit konnte ich das Fenster mit "Bitte warten...ComboFix wird vorbereitet um ausgeführt zu werden" sehen. Weiter komme ich nie (habe es noch einige Male versucht). Ich habe eigentlich alles nach Anweisung befolgt. Nach dem ersten Versuch ComboFix zu starten, hat sich McAffee selbst wieder eingeschalten. Habe es dann in der Systemconfiguration komplett ausgeschalten (weiß sonst leider nicht, wie ich es anderweitig abstellen kann) Könnte es an McAffee liegen? Gruß Nuari |
|
15.05.2010, 09:18
| #9 |
| | Trojaner & Viren on Board durch ICQ Hallo, ich habe es heute nochmal mit ComboFix versucht und es hat gleich geklappt. Hier der Log: Code:
ATTFilter ComboFix 10-05-14.06 - Anne 15.05.2010 9:51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2045.1066 [GMT 2:00]
ausgeführt von:: c:\users\Anne\Desktop\cofi.exe.exe
SP: Windows-Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Im Speicher befindliches AV aktiv.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Anne\AppData\Roaming\chrtmp
c:\users\Public\wincsvn.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-04-15 bis 2010-05-15 ))))))))))))))))))))))))))))))
.
2010-05-15 07:58 . 2010-05-15 07:59 -------- d-----w- c:\users\Anne\AppData\Local\temp
2010-05-15 07:58 . 2010-05-15 07:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-12 21:37 . 2010-05-12 21:37 -------- d-----w- C:\_OTL
2010-05-12 08:08 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 19:07 . 2010-05-11 19:08 -------- d-----w- c:\program files\trend micro
2010-05-11 19:07 . 2010-05-11 19:08 -------- d-----w- C:\rsit
2010-05-11 17:26 . 2010-05-11 17:26 -------- d-----w- c:\users\Anne\AppData\Roaming\Malwarebytes
2010-05-11 17:26 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-11 17:26 . 2010-05-11 17:26 -------- d-----w- c:\programdata\Malwarebytes
2010-05-11 17:26 . 2010-05-11 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-11 17:26 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-11 16:58 . 2010-05-11 16:59 -------- d-----w- c:\program files\CCleaner
2010-04-22 18:06 . 2010-04-22 18:08 -------- d-----w- c:\program files\ICQ7.1
2010-04-22 10:44 . 2010-04-22 10:44 -------- d-----w- c:\program files\VS Revo Group
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 18:06 . 2008-03-24 15:14 -------- d-----w- c:\program files\Common Files\Steam
2010-05-14 18:06 . 2009-11-07 16:08 -------- d-----w- c:\program files\Steam
2010-05-14 06:42 . 2007-09-30 15:39 -------- d-----w- c:\users\Anne\AppData\Roaming\ICQ
2010-05-12 11:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-11 18:57 . 2007-09-30 15:39 -------- d-----w- c:\program files\ICQToolbar
2010-05-08 23:03 . 2007-08-29 17:58 -------- d-----w- c:\users\Anne\AppData\Roaming\Skype
2010-05-06 08:36 . 2009-10-02 17:55 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-01 16:37 . 2006-11-02 15:33 722454 ----a-w- c:\windows\system32\perfh007.dat
2010-05-01 16:37 . 2006-11-02 15:33 167216 ----a-w- c:\windows\system32\perfc007.dat
2010-04-29 06:35 . 2009-05-23 00:17 -------- d-----w- c:\programdata\NOS
2010-04-28 20:04 . 2006-12-01 08:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-22 18:07 . 2009-07-14 14:25 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-22 18:07 . 2006-11-30 14:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-22 18:07 . 2009-07-14 14:25 -------- d-----w- c:\programdata\ICQ
2010-04-22 10:48 . 2008-03-29 21:45 -------- d-----w- c:\program files\EA GAMES
2010-03-30 02:23 . 2009-10-30 15:04 -------- d-----w- c:\program files\ICQ6.5
2010-03-29 06:36 . 2007-09-28 23:00 -------- d-----w- c:\program files\McAfee
2010-03-05 14:01 . 2010-04-15 04:33 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-28 22:14 . 2010-02-22 18:10 1407 ----a-w- c:\windows\eReg.dat
2010-02-24 18:25 . 2007-08-29 17:58 69840 ----a-w- c:\users\Anne\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 11:10 . 2010-04-15 04:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-15 04:32 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-15 04:32 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-03-31 20:27 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 20:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 20:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 20:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 18:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 18:00 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 18:00 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-18 14:07 . 2010-04-15 04:32 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:07 . 2010-04-15 04:33 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:07 . 2010-04-15 04:33 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 13:30 . 2010-04-15 04:32 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:28 . 2010-04-15 04:32 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-09-11 118784]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2006-11-14 411768]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-08 5134864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\progra~1\mcafee\mshr\ShrCL.EXE" [2009-09-25 113168]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-11-25 2134016]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 09:36 73728 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):55,2b,f7,a7,4b,01,ca,01
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-10-27 72704]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-10-27 43904]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-09-06 30976]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-11-06 227328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 10:22]
2010-04-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 10:22]
2010-05-15 c:\windows\Tasks\User_Feed_Synchronization-{15A120CC-DE56-4CA8-A7F1-B6A324B7FAC3}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aol.de/
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\qc82bxfd.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-{993960EE-CA4D-443F-8F88-E24260DD5FD2} - c:\program files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-15 09:58
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2055621991-1177287905-3800235295-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f7,e5,6b,6e,d6,54,0c,21,fd,65,8a,ad,68,e3,d9,11,8f,6e,21,cb,5b,e5,fe,
0c,45,32,ed,08,9a,00,d7,21,52,1c,28,d5,fb,21,9f,f6,29,12,28,88,b0,bb,d6,6e,\
"??"=hex:e6,ee,9d,6e,d5,bd,99,7f,d1,7b,87,75,e6,94,78,33
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-05-15 10:15:14
ComboFix-quarantined-files.txt 2010-05-15 08:15
Vor Suchlauf: 9.277.329.408 Bytes frei
Nach Suchlauf: 9.211.650.048 Bytes frei
- - End Of File - - D1B80553884DE7C5FD65A58DD4CC9530
|
|
16.05.2010, 18:09
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner & Viren on Board durch ICQ CF hat da noch was gelöscht. Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2010, 22:52
| #11 |
| | Trojaner & Viren on Board durch ICQ Ok, ... SuperAntiSpyware hat wohl noch was gefunden. Hier die Logs: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4110 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 17.05.2010 20:24:13 mbam-log-2010-05-17 (20-24-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 266160 Laufzeit: 1 Stunde(n), 27 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 05/17/2010 at 11:41 PM Application Version : 4.37.1000 Core Rules Database Version : 4945 Trace Rules Database Version: 2757 Scan type : Complete Scan Total Scan Time : 02:15:38 Memory items scanned : 877 Memory threats detected : 0 Registry items scanned : 8357 Registry threats detected : 0 File items scanned : 138447 File threats detected : 5 Trojan.Agent/Gen-FakeAlert C:\QOOBOX\QUARANTINE\C\USERS\PUBLIC\WINCSVN.EXE.VIR C:\_OTL\MOVEDFILES\05122010_233724\C_USERS\PUBLIC\WINSVCN.EXE C:\_OTL\MOVEDFILES\05122010_233724\C_USERS\PUBLIC\WINUPDMGR.EXE C:\_OTL\MOVEDFILES\05122010_233724\C_USERS\PUBLIC\WINVSCN.EXE Trojan.Agent/Gen C:\_OTL\MOVEDFILES\05122010_233724\C_USERS\ANNE\APPDATA\LOCAL\TEMP\NVDIS.EXE Gruß Nuari und Danke schonmal für Eure tolle Hilfe !!! |
|
18.05.2010, 10:56
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner & Viren on Board durch ICQ Sieht ok aus. SASW hat nur Dateien gefunden, die wir schon mit OTL und CF gelöscht haben, im Grunde sind das Funde in den Quarantäneordern, die sind die Dateien unschädlich. System wieder normal?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.05.2010, 18:00
| #13 |
| | Trojaner & Viren on Board durch ICQ Ah, ok. ...Ja, ich glaube es ist soweit wieder alles in Ordnung. McAfee verhält sich ruhig und alles läuft irgendwie reibungsloser... Vielen, vielen Dank :-) Wie gehts jetzt weiter? Können die Dateien, die unter Quarantäne stehen, gelöscht werden usw. (Habe mir gerade nochmal die Anleitung von SUPERAntiSpyware durchgelesen - Punkt 4...). Gruß Anne |
|
18.05.2010, 18:40
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner & Viren on Board durch ICQ Ja, wenn Dich die Sachen stören lösch sie aus der Quarantäne. Dann wirds aber Zeit mal die Updates zu prüfen: Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.05.2010, 16:34
| #15 |
| | Trojaner & Viren on Board durch ICQ Danke für die Hinweise! Hab mal alles überprüft und aktuallisiert. Sorry, wenn ich so blöde Fragen stelle, aber wie siehts denn mit den bisher installierten Programmen durch die Behebung meines Problems aus (Malwarebytes, OTL, RSIT, CCLEANER, SASW) - kann/sollte ich die wieder deinstallieren. Welches davon wäre nützlich? Gibt es viell. dadurch Probleme mit meinem Anti-Virenprogramm (McAfee)? Viele Grüße Anne |
|
| Themen zu Trojaner & Viren on Board durch ICQ |
| .com, blockiert, browser, components, data restore, desktop, error, fehler, firefox, flash player, fontcache, generic.dx, google, hdaudio.sys, helper, hijack, hijackthis, hkus\s-1-5-18, home premium, hotfix.exe, icq-virus, index, install.exe, local\temp, msiexec, msiexec.exe, mssql, notepad.exe, nvlddmkm.sys, officejet, phishing, plug-in, problem, programdata, proxy, registry, security update, server, siteadvisor, software, start menu, studio, svchost.exe, symantec, system, trojaner, updates, usbvideo.sys, viren, vista 32, vista 32 bit, vlc media player, windows-defender, world at war, wscript.exe |
Linear-Darstellung
