Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: fheydbueyj.exe im Autostart. Was ist das?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.10.2010, 13:06   #1
p3ng
 
fheydbueyj.exe im Autostart. Was ist das? - Beitrag

fheydbueyj.exe im Autostart. Was ist das?



Hallo,
wollte mal fragen ob sich mal jemand meinen Autostart angucken kann und mir sagen kann, was dort rein gehört und was nicht!

Diese Datei: fheydbueyj.exe kann ich mir jedenfalls nicht erklären!






Hab auch schon nach der Datei gegoogelt aber dabei nichts sinnvolles gefunden.
Kann mir wer sagen, was das ist? Danke im Vorraus

Alt 18.10.2010, 15:14   #2
kira
/// Helfer-Team
 
fheydbueyj.exe im Autostart. Was ist das? - Standard

fheydbueyj.exe im Autostart. Was ist das?



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
► vermutlich hast Du dir einen bösen Schädling eingefangen

1.
- Lade dir RSIT - 2.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool "Ccleaner" herunter
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

6.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Lade und installiere das Tool RootRepeal herunter
  • setze einen Hacken bei: "Drivers"-> "Scan"-> Save Report"...
  • "Stealth Objects" -> "Scan"-> Save Report"...
  • "Hidden Services" -> "Scan"-> Save Report"...
  • speichere das Logfile als "RootRepeal.txt" auf dem Desktop und Kopiere den Inhalt hier in den Thread

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow
__________________


Alt 21.10.2010, 12:00   #3
p3ng
 
fheydbueyj.exe im Autostart. Was ist das? - Beitrag

fheydbueyj.exe im Autostart. Was ist das?



Hallo,
es hat ein bisschen gedauert alles zusammen zu tragen.
Aber hier die Log-files....ich hoffe es ist nicht zu unübersichtlich!

rsit log:
Code:
ATTFilter
Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-10-20 15:20:30
WIN_XP Service Pack 3
System drive C: has 211 MB (3%) free of 7 GB
Total RAM: 3582 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:20:40, on 20.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\Avira\AntiVir Desktop\avgnt.exe
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\Programme\Mozilla Firefox\plugin-container.exe
D:\Programme\ICQ6.5\ICQ.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\RSIT.exe
C:\Programme\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1085031214-73586283-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/ADMINI~1/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 6158 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-05-26 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-26 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"avgnt"=D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=D:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2]
D:\Programme\Hercules\Deluxe Optical Glass\Camservice.exe [2007-08-10 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fheydbueyj.exe]
C:\fheydbueyj.exe\fheydbueyj.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2004-04-13 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre6\bin\jusched.exe [2009-05-26 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YVIBBBHA8C]
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^forteManager.lnk]
C:\PROGRA~1\LGSOFT~1\FORTEM~1\bin\Monitor.exe [2008-12-12 1687552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
D:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsNetHood"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Programme\ICQ6\ICQ.exe"="D:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ Library"
"D:\SIERRA\Steam\steamapps\cagiva82\counter-strike source\hl2.exe"="D:\SIERRA\Steam\steamapps\cagiva82\counter-strike source\hl2.exe:*:Enabled:hl2"
"D:\Programme\SFT Loader\leecher.exe"="D:\Programme\SFT Loader\leecher.exe:*:Enabled:leecher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Programme\ICQ6.5\ICQ.exe"="D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\SIERRA\Steam\steamapps\***************\counter-strike\hl.exe"="D:\SIERRA\Steam\steamapps\************\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"D:\Programme\Skype\Phone\Skype.exe"="D:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit - "D:\Programme\************************************" "%1"

======List of files/folders created in the last 1 months======

2010-10-18 20:04:36 ----D---- C:\Programme\trend micro
2010-10-18 20:04:35 ----D---- C:\rsit
2010-10-15 22:33:10 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech

======List of files/folders modified in the last 1 months======

2010-10-20 15:17:23 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ
2010-10-20 15:17:06 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
2010-10-20 15:03:15 ----SD---- C:\WINDOWS\Tasks
2010-10-20 15:01:40 ----D---- C:\WINDOWS\Temp
2010-10-20 15:01:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-20 13:45:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-20 13:27:08 ----D---- C:\WINDOWS\Prefetch
2010-10-20 09:39:16 ----D---- C:\WINDOWS
2010-10-20 02:11:35 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2010-10-19 16:50:31 ----HD---- C:\fheydbueyj.exe
2010-10-19 12:09:52 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2010-10-19 12:08:36 ----D---- C:\Programme\NCH Software
2010-10-19 12:08:01 ----RD---- C:\Programme
2010-10-19 11:50:53 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\LumaPix
2010-10-19 11:50:01 ----D---- C:\WINDOWS\system32\drivers
2010-10-18 20:06:57 ----SHD---- C:\WINDOWS\Installer
2010-10-18 20:06:42 ----SHD---- C:\Config.Msi
2010-10-18 20:06:42 ----D---- C:\Programme\Lavasoft
2010-10-16 21:23:26 ----D---- C:\WINDOWS\security
2010-10-16 21:17:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-16 21:17:00 ----D---- C:\WINDOWS\system32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-02-16 44928]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-06-11 64288]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-04-28 721904]
R1 avgio;avgio; \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928]
R3 camfilt2;camfilt2; C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 94720]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SNPSTD3;Hercules Deluxe Optical Glass; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-07-17 10371072]
R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 fupkkzul;fupkkzul; C:\WINDOWS\system32\drivers\fupkkzul.sys []
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 a8p200u1;a8p200u1; C:\WINDOWS\system32\drivers\a8p200u1.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scannerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 LGDDCDevice;LGDDCDevice; \??\C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys []
S3 LGII2CDevice;LGII2CDevice; \??\C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-05-26 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-06-29 1352832]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-04 75064]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe /svc []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office  Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-11-11 38912]

-----------------EOF-----------------
         

Hijacklist-log

Code:
ATTFilter
Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-10-20 15:20:30
WIN_XP Service Pack 3
System drive C: has 211 MB (3%) free of 7 GB
Total RAM: 3582 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:20:40, on 20.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\Avira\AntiVir Desktop\avgnt.exe
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\Programme\Mozilla Firefox\plugin-container.exe
D:\Programme\ICQ6.5\ICQ.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\RSIT.exe
C:\Programme\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1085031214-73586283-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/ADMINI~1/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 6158 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-05-26 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-26 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"avgnt"=D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=D:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2]
D:\Programme\Hercules\Deluxe Optical Glass\Camservice.exe [2007-08-10 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fheydbueyj.exe]
C:\fheydbueyj.exe\fheydbueyj.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2004-04-13 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre6\bin\jusched.exe [2009-05-26 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YVIBBBHA8C]
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^forteManager.lnk]
C:\PROGRA~1\LGSOFT~1\FORTEM~1\bin\Monitor.exe [2008-12-12 1687552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
D:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsNetHood"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Programme\ICQ6\ICQ.exe"="D:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ Library"
"D:\SIERRA\Steam\steamapps\XXXX\counter-strike source\hl2.exe"="D:\SIERRA\Steam\steamapps\XXXXXX\counter-strike source\hl2.exe:*:Enabled:hl2"
"D:\Programme\SFT Loader\leecher.exe"="D:\Programme\SFT Loader\leecher.exe:*:Enabled:leecher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Programme\ICQ6.5\ICQ.exe"="D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\SIERRA\Steam\steamapps\***************\counter-strike\hl.exe"="D:\SIERRA\Steam\steamapps\************\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"D:\Programme\Skype\Phone\Skype.exe"="D:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit - "D:\Programme\************************************" "%1"

======List of files/folders created in the last 1 months======

2010-10-18 20:04:36 ----D---- C:\Programme\trend micro
2010-10-18 20:04:35 ----D---- C:\rsit
2010-10-15 22:33:10 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech

======List of files/folders modified in the last 1 months======

2010-10-20 15:17:23 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ
2010-10-20 15:17:06 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
2010-10-20 15:03:15 ----SD---- C:\WINDOWS\Tasks
2010-10-20 15:01:40 ----D---- C:\WINDOWS\Temp
2010-10-20 15:01:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-20 13:45:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-20 13:27:08 ----D---- C:\WINDOWS\Prefetch
2010-10-20 09:39:16 ----D---- C:\WINDOWS
2010-10-20 02:11:35 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2010-10-19 16:50:31 ----HD---- C:\fheydbueyj.exe
2010-10-19 12:09:52 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2010-10-19 12:08:36 ----D---- C:\Programme\NCH Software
2010-10-19 12:08:01 ----RD---- C:\Programme
2010-10-19 11:50:53 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\LumaPix
2010-10-19 11:50:01 ----D---- C:\WINDOWS\system32\drivers
2010-10-18 20:06:57 ----SHD---- C:\WINDOWS\Installer
2010-10-18 20:06:42 ----SHD---- C:\Config.Msi
2010-10-18 20:06:42 ----D---- C:\Programme\Lavasoft
2010-10-16 21:23:26 ----D---- C:\WINDOWS\security
2010-10-16 21:17:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-16 21:17:00 ----D---- C:\WINDOWS\system32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-02-16 44928]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-06-11 64288]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-04-28 721904]
R1 avgio;avgio; \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928]
R3 camfilt2;camfilt2; C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 94720]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SNPSTD3;Hercules Deluxe Optical Glass; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-07-17 10371072]
R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 fupkkzul;fupkkzul; C:\WINDOWS\system32\drivers\fupkkzul.sys []
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 a8p200u1;a8p200u1; C:\WINDOWS\system32\drivers\a8p200u1.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scannerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 LGDDCDevice;LGDDCDevice; \??\C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys []
S3 LGII2CDevice;LGII2CDevice; \??\C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-05-26 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-06-29 1352832]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-04 75064]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe /svc []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office  Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-11-11 38912]

-----------------EOF-----------------
         
Hjtscanlist:

Code:
ATTFilter
 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows XP [Version 5.1.2600]
 
 
C:

        C:\pagefile.sys ---------  
  20.10.2010 15:00      C:\aaw7boot.log --------- 70286 
  20.10.2010 09:39      C:\WINDOWS --------- 0 
  19.10.2010 16:50      C:\fheydbueyj.exe --------- 0 
  19.10.2010 12:08      C:\Programme --------- 0 
  18.10.2010 20:06      C:\Config.Msi --------- 0 
  18.10.2010 20:04      C:\rsit --------- 0 
  25.08.2010 20:35      C:\Dokumente und Einstellungen --------- 0 
  25.08.2010 20:32      C:\boot.ini --------- 211 
  25.08.2010 16:34      C:\boot.ini.backup.txt --------- 325 
  25.08.2010 16:14      C:\RECYCLER --------- 0 
  25.08.2010 16:10      C:\System Volume Information --------- 0 
  31.05.2010 13:39      C:\MSOCache --------- 0 
  20.05.2010 10:56      C:\ntldr --------- 251712 
  20.01.2010 22:12      C:\ptcsetup.log --------- 5653 
  20.01.2010 22:11      C:\ptcsetup.bak --------- 17723 
  28.08.2009 11:36      C:\crashAddress.txt --------- 160 
  25.06.2009 17:08      C:\1100 --------- 0 
  11.06.2009 20:43      C:\usr --------- 0 
  03.03.2009 13:25      C:\found.000 --------- 0 
  22.02.2009 21:07      C:\ImageOutput --------- 0 
  21.01.2009 14:27      C:\Intel --------- 0 
  21.01.2009 14:24      C:\csb.log --------- 10 
  21.01.2009 00:57      C:\ATI --------- 0 
  21.01.2009 00:48      C:\MSDOS.SYS --------- 0 
  21.01.2009 00:48      C:\IO.SYS --------- 0 
  21.01.2009 00:48      C:\AUTOEXEC.BAT --------- 0 
  21.01.2009 00:48      C:\CONFIG.SYS --------- 0 
  11.11.2004 14:00      C:\NTDETECT.COM --------- 47564 
  11.11.2004 14:00      C:\bootfont.bin --------- 4952 
----------------------------------------

 
C:\WINDOWS

  20.10.2010 15:01     C:\WINDOWS\0.log --------- 0 
  20.10.2010 15:01     C:\WINDOWS\wiadebug.log --------- 159 
  20.10.2010 15:00     C:\WINDOWS\wiaservc.log --------- 50 
  20.10.2010 15:00     C:\WINDOWS\bootstat.dat --------- 2048 
  20.10.2010 13:45     C:\WINDOWS\SchedLgU.Txt --------- 32386 
  20.10.2010 13:45     C:\WINDOWS\WindowsUpdate.log --------- 1288 
  19.10.2010 20:15     C:\WINDOWS\setupapi.log --------- 5090 
  25.05.2010 21:50     C:\WINDOWS\citamis.str --------- 3241 
  20.05.2010 11:41     C:\WINDOWS\SiInst.ini --------- 1331 
  20.05.2010 11:14     C:\WINDOWS\WMSysPr9.prx --------- 316640 
  03.05.2010 14:24     C:\WINDOWS\wininit.ini --------- 209 
  03.05.2010 13:31     C:\WINDOWS\win.ini --------- 477 
  03.05.2010 13:31     C:\WINDOWS\system.ini --------- 227 
  14.01.2010 21:02     C:\WINDOWS\pwc62ud.INI --------- 279 
  14.01.2010 17:32     C:\WINDOWS\ODBC.INI --------- 400 
  14.01.2010 17:32     C:\WINDOWS\vbaddin.ini --------- 63 
  27.08.2009 14:20     C:\WINDOWS\ULead32.ini --------- 315 
  27.08.2009 14:20     C:\WINDOWS\u3dedit3.INI --------- 2602 
  21.01.2009 16:31     C:\WINDOWS\HideWin.exe --------- 319488 
  21.01.2009 15:46     C:\WINDOWS\gdrv.sys --------- 15600 
  21.01.2009 15:36     C:\WINDOWS\winamp.ini --------- 1065 
  21.01.2009 14:32     C:\WINDOWS\nsreg.dat --------- 0 
  21.01.2009 01:03     C:\WINDOWS\ativpsrm.bin --------- 0 
  21.01.2009 00:51     C:\WINDOWS\REGLOCS.OLD --------- 8192 
  21.01.2009 00:48     C:\WINDOWS\control.ini --------- 0 
  21.01.2009 00:47     C:\WINDOWS\ODBCINST.INI --------- 4161 
  21.01.2009 00:47     C:\WINDOWS\WindowsShell.Manifest --------- 749 
  21.01.2009 00:45     C:\WINDOWS\vb.ini --------- 36 
  17.10.2008 16:19     C:\WINDOWS\atiogl.xml --------- 15079 
  23.07.2008 17:51     C:\WINDOWS\RTHDCPL.exe --------- 16804864 
  15.07.2008 14:58     C:\WINDOWS\RtlExUpd.dll --------- 524288 
  15.07.2008 14:47     C:\WINDOWS\RtlUpd.exe --------- 1196032 
  19.06.2008 17:42     C:\WINDOWS\alcwzrd.exe --------- 2808832 
  19.06.2008 17:27     C:\WINDOWS\RTLCPL.exe --------- 9715200 
  19.06.2008 17:20     C:\WINDOWS\Alcmtr.exe --------- 57344 
  18.06.2008 19:01     C:\WINDOWS\SoundMan.exe --------- 77824 
  14.04.2008 07:53     C:\WINDOWS\winhlp32.exe --------- 288768 
  14.04.2008 07:53     C:\WINDOWS\slrundll.exe --------- 32866 
  14.04.2008 07:53     C:\WINDOWS\regedit.exe --------- 153600 
  14.04.2008 07:52     C:\WINDOWS\notepad.exe --------- 70144 
  14.04.2008 07:52     C:\WINDOWS\hh.exe --------- 10752 
  14.04.2008 07:52     C:\WINDOWS\explorer.exe --------- 1036800 
  14.04.2008 07:52     C:\WINDOWS\twain_32.dll --------- 50688 
  01.01.2008 01:58     C:\WINDOWS\Sti_Trace.log --------- 0 
  20.11.2007 19:15     C:\WINDOWS\SkyTel.exe --------- 1826816 
  14.11.2007 01:18     C:\WINDOWS\USetup.iss --------- 553 
  20.07.2007 12:33     C:\WINDOWS\snpstd3.ini --------- 15478 
  20.07.2007 12:18     C:\WINDOWS\snpstd3.src --------- 13003 
  28.06.2007 17:44     C:\WINDOWS\MicCal.exe --------- 2165760 
  29.12.2006 00:31     C:\WINDOWS\002671_.tmp --------- 19569 
  01.08.2006 13:31     C:\WINDOWS\ffmpeg.exe --------- 3600384 
  31.07.2006 12:27     C:\WINDOWS\alcrmv.exe --------- 217088 
  31.07.2006 12:19     C:\WINDOWS\alcupd.exe --------- 315392 
  11.11.2004 14:00     C:\WINDOWS\Zapotek.bmp --------- 9522 
  11.11.2004 14:00     C:\WINDOWS\SET8.tmp --------- 14043 
  11.11.2004 14:00     C:\WINDOWS\SET4.tmp --------- 1086058 
  11.11.2004 14:00     C:\WINDOWS\SET3.tmp --------- 106147 
  11.11.2004 14:00     C:\WINDOWS\Seifenblase.bmp --------- 65978 
  11.11.2004 14:00     C:\WINDOWS\Santa Fe-Stuck.bmp --------- 65832 
  11.11.2004 14:00     C:\WINDOWS\TASKMAN.EXE --------- 15872 
  11.11.2004 14:00     C:\WINDOWS\twain.dll --------- 94800 
  11.11.2004 14:00     C:\WINDOWS\msdfmap.ini --------- 1405 
  11.11.2004 14:00     C:\WINDOWS\twunk_16.exe --------- 49680 
  11.11.2004 14:00     C:\WINDOWS\Granit.bmp --------- 26582 
  11.11.2004 14:00     C:\WINDOWS\Feder.bmp --------- 16730 
  11.11.2004 14:00     C:\WINDOWS\explorer.scf --------- 80 
  11.11.2004 14:00     C:\WINDOWS\wmprfDEU.prx --------- 34818 
  11.11.2004 14:00     C:\WINDOWS\winnt256.bmp --------- 48680 
  11.11.2004 14:00     C:\WINDOWS\desktop.ini --------- 2 
  11.11.2004 14:00     C:\WINDOWS\vmmreg32.dll --------- 18944 
  11.11.2004 14:00     C:\WINDOWS\clock.avi --------- 82944 
  11.11.2004 14:00     C:\WINDOWS\Blaue Spitzen 16.bmp --------- 1272 
  11.11.2004 14:00     C:\WINDOWS\Angler.bmp --------- 17336 
  11.11.2004 14:00     C:\WINDOWS\Rhododendron.bmp --------- 17362 
  11.11.2004 14:00     C:\WINDOWS\twunk_32.exe --------- 25600 
  11.11.2004 14:00     C:\WINDOWS\F„cher.bmp --------- 26680 
  11.11.2004 14:00     C:\WINDOWS\winhelp.exe --------- 257568 
  11.11.2004 14:00     C:\WINDOWS\Kaffeetasse.bmp --------- 17062 
  11.11.2004 14:00     C:\WINDOWS\Pr„riewind.bmp --------- 65954 
  11.11.2004 14:00     C:\WINDOWS\winnt.bmp --------- 48680 
  11.11.2004 14:00     C:\WINDOWS\_default.pif --------- 707 
  12.01.2001 18:04     C:\WINDOWS\setdebug.exe --------- 46352 
  12.01.2001 16:10     C:\WINDOWS\jautoexp.dat --------- 6550 
  17.11.1998 12:44     C:\WINDOWS\IsUn0407.exe --------- 328704 
  29.10.1998 16:45     C:\WINDOWS\IsUninst.exe --------- 306688 
----------------------------------------

 
C:\WINDOWS\System

 14.04.2008 07:53    C:\WINDOWS\System\winspool.drv --------- 146944 
 11.11.2004 14:00    C:\WINDOWS\System\AVIFILE.DLL --------- 109504 
 11.11.2004 14:00    C:\WINDOWS\System\COMMDLG.DLL --------- 33744 
 11.11.2004 14:00    C:\WINDOWS\System\WFWNET.DRV --------- 13600 
 11.11.2004 14:00    C:\WINDOWS\System\VGA.DRV --------- 2176 
 11.11.2004 14:00    C:\WINDOWS\System\VER.DLL --------- 9200 
 11.11.2004 14:00    C:\WINDOWS\System\KEYBOARD.DRV --------- 2000 
 11.11.2004 14:00    C:\WINDOWS\System\LZEXPAND.DLL --------- 9936 
 11.11.2004 14:00    C:\WINDOWS\System\MCIAVI.DRV --------- 73760 
 11.11.2004 14:00    C:\WINDOWS\System\MCISEQ.DRV --------- 25296 
 11.11.2004 14:00    C:\WINDOWS\System\MCIWAVE.DRV --------- 28160 
 11.11.2004 14:00    C:\WINDOWS\System\MMSYSTEM.DLL --------- 69632 
 11.11.2004 14:00    C:\WINDOWS\System\MMTASK.TSK --------- 1152 
 11.11.2004 14:00    C:\WINDOWS\System\MOUSE.DRV --------- 2032 
 11.11.2004 14:00    C:\WINDOWS\System\TIMER.DRV --------- 4048 
 11.11.2004 14:00    C:\WINDOWS\System\TAPI.DLL --------- 19200 
 11.11.2004 14:00    C:\WINDOWS\System\SYSTEM.DRV --------- 3360 
 11.11.2004 14:00    C:\WINDOWS\System\stdole.tlb --------- 5532 
 11.11.2004 14:00    C:\WINDOWS\System\MSVIDEO.DLL --------- 127104 
 11.11.2004 14:00    C:\WINDOWS\System\AVICAP.DLL --------- 70368 
 11.11.2004 14:00    C:\WINDOWS\System\OLECLI.DLL --------- 82944 
 11.11.2004 14:00    C:\WINDOWS\System\OLESVR.DLL --------- 24064 
 11.11.2004 14:00    C:\WINDOWS\System\SOUND.DRV --------- 1744 
 11.11.2004 14:00    C:\WINDOWS\System\setup.inf --------- 59167 
 11.11.2004 14:00    C:\WINDOWS\System\SHELL.DLL --------- 5120 
 13.08.2002 10:57    C:\WINDOWS\System\tabctl16.ocx --------- 113056 
 13.08.2002 10:57    C:\WINDOWS\System\threed16.ocx --------- 177824 
 13.08.2002 10:57    C:\WINDOWS\System\oc25.dll --------- 536048 
 13.08.2002 10:57    C:\WINDOWS\System\mscomm16.ocx --------- 71104 
 13.08.2002 10:57    C:\WINDOWS\System\grid16.ocx --------- 85552 
 13.08.2002 10:56    C:\WINDOWS\System\dao2516.dll --------- 543584 
 13.08.2002 10:56    C:\WINDOWS\System\vbajet.dll --------- 2920 
 13.08.2002 10:56    C:\WINDOWS\System\vbdb16.dll --------- 86848 
 13.08.2002 10:56    C:\WINDOWS\System\vb40016.dll --------- 935632 
 13.08.2002 10:56    C:\WINDOWS\System\vaen21.olb --------- 35200 
 13.08.2002 10:56    C:\WINDOWS\System\msjetint.dll --------- 15936 
 13.08.2002 10:56    C:\WINDOWS\System\regsvr.exe --------- 7216 
 13.08.2002 10:56    C:\WINDOWS\System\msjeterr.dll --------- 11232 
 13.08.2002 10:56    C:\WINDOWS\System\msajt200.dll --------- 995136 
 13.08.2002 10:56    C:\WINDOWS\System\compobj.dll --------- 108544 
----------------------------------------

 
C:\WINDOWS\System32

 20.10.2010 15:01     C:\WINDOWS\system32\CatRoot2 --------- 0 
 19.10.2010 11:50     C:\WINDOWS\system32\drivers --------- 0 
 16.10.2010 21:17     C:\WINDOWS\system32\dllcache --------- 0 
 09.10.2010 10:33     C:\WINDOWS\system32\wpa.dbl --------- 2206 
 17.09.2010 12:12     C:\WINDOWS\system32\CatRoot --------- 0 
 17.09.2010 12:12     C:\WINDOWS\system32\de-DE --------- 0 
 29.07.2010 18:39     C:\WINDOWS\system32\FNTCACHE.DAT --------- 232776 
 15.07.2010 22:40     C:\WINDOWS\system32\Restore --------- 0 
 15.06.2010 17:44     C:\WINDOWS\system32\lsdelete.exe --------- 15880 
 11.06.2010 17:46     C:\WINDOWS\system32\DRVSTORE --------- 0 
 25.05.2010 22:59     C:\WINDOWS\system32\config --------- 0 
 20.05.2010 11:13     C:\WINDOWS\system32\spupdwxp.log --------- 247 
 20.05.2010 11:13     C:\WINDOWS\system32\Setup --------- 0 
 20.05.2010 11:13     C:\WINDOWS\system32\wbem --------- 0 
 20.05.2010 11:00     C:\WINDOWS\system32\inetsrv --------- 0 
 20.05.2010 10:59     C:\WINDOWS\system32\usmt --------- 0 
 20.05.2010 10:59     C:\WINDOWS\system32\de --------- 0 
 20.05.2010 10:59     C:\WINDOWS\system32\bits --------- 0 
 20.05.2010 10:57     C:\WINDOWS\system32\npp --------- 0 
 20.05.2010 10:57     C:\WINDOWS\system32\Com --------- 0 
 20.05.2010 10:57     C:\WINDOWS\system32\oobe --------- 0 
 20.05.2010 10:55     C:\WINDOWS\system32\ReinstallBackups --------- 0 
 03.05.2010 15:34     C:\WINDOWS\system32\lowsec --------- 0 
 20.03.2010 20:11     C:\WINDOWS\system32\FM20DEU.DLL --------- 36736 
 07.03.2010 17:31     C:\WINDOWS\system32\d3d9caps.dat --------- 664 
 05.03.2010 22:04     C:\WINDOWS\system32\PnkBstrB.exe --------- 189488 
 05.03.2010 22:04     C:\WINDOWS\system32\PnkBstrB.xtr --------- 189488 
 04.03.2010 20:59     C:\WINDOWS\system32\PnkBstrA.exe --------- 75064 
 04.03.2010 20:59     C:\WINDOWS\system32\pbsvc_heroes.exe --------- 2407792 
 20.02.2010 17:20     C:\WINDOWS\system32\FM20ENU.DLL --------- 31616 
 31.01.2010 17:29     C:\WINDOWS\system32\HWC HD --------- 0 
 25.12.2009 02:28     C:\WINDOWS\system32\quicktime --------- 0 
 27.08.2009 14:19     C:\WINDOWS\system32\DKRNL.JAX --------- 24 
 30.06.2009 22:08     C:\WINDOWS\system32\pbsvc.exe --------- 794408 
 30.06.2009 22:08     C:\WINDOWS\system32\LogFiles --------- 0 
 26.05.2009 21:10     C:\WINDOWS\system32\javacpl.cpl --------- 73728 
 26.05.2009 21:10     C:\WINDOWS\system32\javaw.exe --------- 144792 
 26.05.2009 21:10     C:\WINDOWS\system32\javaws.exe --------- 148888 
 26.05.2009 21:10     C:\WINDOWS\system32\java.exe --------- 144792 
 26.05.2009 21:10     C:\WINDOWS\system32\deploytk.dll --------- 410984 
 30.03.2009 14:29     C:\WINDOWS\system32\appmgmt --------- 0 
 29.03.2009 14:09     C:\WINDOWS\system32\perfh007.dat --------- 405448 
 29.03.2009 14:09     C:\WINDOWS\system32\perfh009.dat --------- 392432 
 29.03.2009 14:09     C:\WINDOWS\system32\perfc007.dat --------- 70778 
 29.03.2009 14:09     C:\WINDOWS\system32\perfc009.dat --------- 58732 
 29.03.2009 14:09     C:\WINDOWS\system32\PerfStringBackup.INI --------- 938224 
 17.03.2009 20:16     C:\WINDOWS\system32\mui --------- 0 
 08.03.2009 15:29     C:\WINDOWS\system32\ieframe.dll.mui --------- 1302528 
 08.03.2009 15:29     C:\WINDOWS\system32\msrating.dll.mui --------- 57344 
 08.03.2009 15:28     C:\WINDOWS\system32\mshta.exe.mui --------- 2560 
 08.03.2009 15:27     C:\WINDOWS\system32\ie4uinit.exe.mui --------- 4096 
 08.03.2009 15:27     C:\WINDOWS\system32\advpack.dll.mui --------- 12288 
 08.03.2009 15:27     C:\WINDOWS\system32\iedkcs32.dll.mui --------- 81920 
 08.03.2009 15:09     C:\WINDOWS\system32\iedkcs32.dll --------- 391536 
 08.03.2009 05:41     C:\WINDOWS\system32\mshtml.dll --------- 5937152 
 08.03.2009 05:39     C:\WINDOWS\system32\ieframe.dll --------- 11063808 
 08.03.2009 05:35     C:\WINDOWS\system32\html.iec --------- 385024 
 08.03.2009 05:34     C:\WINDOWS\system32\wininet.dll --------- 914944 
 08.03.2009 05:34     C:\WINDOWS\system32\urlmon.dll --------- 1206784 
 08.03.2009 05:34     C:\WINDOWS\system32\inetcpl.cpl --------- 1469440 
 08.03.2009 05:34     C:\WINDOWS\system32\WinFXDocObj.exe --------- 208384 
 08.03.2009 05:34     C:\WINDOWS\system32\webcheck.dll --------- 236544 
 08.03.2009 05:34     C:\WINDOWS\system32\licmgr10.dll --------- 43008 
 08.03.2009 05:34     C:\WINDOWS\system32\url.dll --------- 105984 
 08.03.2009 05:34     C:\WINDOWS\system32\msrating.dll --------- 193536 
 08.03.2009 05:34     C:\WINDOWS\system32\occache.dll --------- 109568 
 08.03.2009 05:33     C:\WINDOWS\system32\corpol.dll --------- 18944 
 08.03.2009 05:33     C:\WINDOWS\system32\jsproxy.dll --------- 25600 
 08.03.2009 05:33     C:\WINDOWS\system32\jscript.dll --------- 726528 
 08.03.2009 05:33     C:\WINDOWS\system32\ieaksie.dll --------- 229376 
 08.03.2009 05:33     C:\WINDOWS\system32\vbscript.dll --------- 420352 
 08.03.2009 05:33     C:\WINDOWS\system32\ieakeng.dll --------- 125952 
 08.03.2009 05:32     C:\WINDOWS\system32\admparse.dll --------- 72704 
 08.03.2009 05:32     C:\WINDOWS\system32\ie4uinit.exe --------- 173056 
 08.03.2009 05:32     C:\WINDOWS\system32\ieakui.dll --------- 163840 
 08.03.2009 05:32     C:\WINDOWS\system32\iesetup.dll --------- 71680 
 08.03.2009 05:32     C:\WINDOWS\system32\iernonce.dll --------- 55808 
 08.03.2009 05:32     C:\WINDOWS\system32\advpack.dll --------- 128512 
 08.03.2009 05:32     C:\WINDOWS\system32\inseng.dll --------- 94720 
 08.03.2009 05:32     C:\WINDOWS\system32\msfeeds.dll --------- 594432 
 08.03.2009 05:32     C:\WINDOWS\system32\iertutil.dll --------- 1985024 
 08.03.2009 05:32     C:\WINDOWS\system32\mstime.dll --------- 611840 
 08.03.2009 05:31     C:\WINDOWS\system32\iepeers.dll --------- 183808 
 08.03.2009 05:31     C:\WINDOWS\system32\msfeedssync.exe --------- 13312 
 08.03.2009 05:31     C:\WINDOWS\system32\icardie.dll --------- 59904 
 08.03.2009 05:31     C:\WINDOWS\system32\msfeedsbs.dll --------- 55296 
 08.03.2009 05:31     C:\WINDOWS\system32\dxtmsft.dll --------- 348160 
 08.03.2009 05:31     C:\WINDOWS\system32\dxtrans.dll --------- 216064 
 08.03.2009 05:31     C:\WINDOWS\system32\imgutil.dll --------- 34816 
 08.03.2009 05:31     C:\WINDOWS\system32\pngfilt.dll --------- 46592 
 08.03.2009 05:31     C:\WINDOWS\system32\mshtmled.dll --------- 66560 
 08.03.2009 05:31     C:\WINDOWS\system32\mshtmler.dll --------- 48128 
 08.03.2009 05:31     C:\WINDOWS\system32\mshtml.tlb --------- 1638912 
 08.03.2009 05:31     C:\WINDOWS\system32\mshta.exe --------- 45568 
 08.03.2009 05:30     C:\WINDOWS\system32\tdc.ocx --------- 66560 
 08.03.2009 05:22     C:\WINDOWS\system32\ieui.dll --------- 164352 
 08.03.2009 05:22     C:\WINDOWS\system32\msls31.dll --------- 156160 
 08.03.2009 05:15     C:\WINDOWS\system32\ieuinit.inf --------- 57667 
 08.03.2009 05:11     C:\WINDOWS\system32\ieapfltr.dll --------- 445952 
 08.03.2009 04:32     C:\WINDOWS\system32\ieudinit.exe --------- 36864 
----------------------------------------

 
C:\WINDOWS\Prefetch

 20.10.2010 15:38     C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf --------- 11724 
 20.10.2010 15:31     C:\WINDOWS\Prefetch\AVWSC.EXE-1742FD55.pf --------- 37996 
 20.10.2010 15:30     C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf --------- 16000 
 20.10.2010 15:29     C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-3643707F.pf --------- 25714 
 20.10.2010 15:20     C:\WINDOWS\Prefetch\ADMINISTRATOR.EXE-2711813F.pf --------- 28090 
 20.10.2010 15:20     C:\WINDOWS\Prefetch\RSIT.EXE-3AC3D3D1.pf --------- 18966 
 20.10.2010 15:17     C:\WINDOWS\Prefetch\ICQ.EXE-1AD5010D.pf --------- 75120 
 20.10.2010 15:05     C:\WINDOWS\Prefetch\SKYPE.EXE-0D322358.pf --------- 56458 
 20.10.2010 15:04     C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf --------- 15704 
 20.10.2010 15:04     C:\WINDOWS\Prefetch\PLUGIN-CONTAINER.EXE-022F6795.pf --------- 94680 
 20.10.2010 15:04     C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-1E60A522.pf --------- 7768 
 20.10.2010 15:04     C:\WINDOWS\Prefetch\FIREFOX.EXE-28BE8AE1.pf --------- 114524 
 20.10.2010 15:03     C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf --------- 48562 
 20.10.2010 15:03     C:\WINDOWS\Prefetch\AUTOLAUNCH.EXE-343E795D.pf --------- 51288 
 20.10.2010 15:03     C:\WINDOWS\Prefetch\AD-AWARE.EXE-2B8B58D1.pf --------- 60898 
 20.10.2010 15:03     C:\WINDOWS\Prefetch\AAWTRAY.EXE-31E33C30.pf --------- 62728 
 20.10.2010 15:02     C:\WINDOWS\Prefetch\AAWWSC.EXE-3513A2B5.pf --------- 23786 
 20.10.2010 15:02     C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf --------- 17814 
 20.10.2010 15:01     C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf --------- 45698 
 20.10.2010 15:01     C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf --------- 15274 
 20.10.2010 15:01     C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf --------- 30444 
 20.10.2010 15:01     C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf --------- 16738 
 20.10.2010 15:01     C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 1209232 
 20.10.2010 13:30     C:\WINDOWS\Prefetch\OSE.EXE-313A091F.pf --------- 9116 
 20.10.2010 13:27     C:\WINDOWS\Prefetch\IMAGECONVERTER.EXE-2FB34E09.pf --------- 14808 
 20.10.2010 13:26     C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf --------- 20032 
 20.10.2010 13:25     C:\WINDOWS\Prefetch\EXCEL.EXE-09824C88.pf --------- 88220 
 20.10.2010 13:24     C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-19B1D743.pf --------- 58140 
 20.10.2010 13:24     C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf --------- 27152 
 20.10.2010 12:44     C:\WINDOWS\Prefetch\WINAMP.EXE-065B55C4.pf --------- 85116 
 20.10.2010 02:11     C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf --------- 25124 
 20.10.2010 01:38     C:\WINDOWS\Prefetch\VLC.EXE-2584CE07.pf --------- 97026 
 20.10.2010 01:38     C:\WINDOWS\Prefetch\ADOBEARM.EXE-237273D1.pf --------- 23250 
 20.10.2010 01:37     C:\WINDOWS\Prefetch\ACRORD32.EXE-2E761392.pf --------- 58328 
 20.10.2010 01:22     C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf --------- 36308 
 19.10.2010 21:55     C:\WINDOWS\Prefetch\AVNOTIFY.EXE-22D2A6A0.pf --------- 41626 
 19.10.2010 21:55     C:\WINDOWS\Prefetch\UPDATE.EXE-33FE454B.pf --------- 50738 
 19.10.2010 20:14     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C51EBAA.pf --------- 17256 
 19.10.2010 20:14     C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf --------- 16154 
 19.10.2010 19:56     C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf --------- 100946 
 19.10.2010 17:50     C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf --------- 19538 
 19.10.2010 17:49     C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf --------- 88286 
 19.10.2010 17:49     C:\WINDOWS\Prefetch\Layout.ini --------- 499202 
 19.10.2010 17:45     C:\WINDOWS\Prefetch\AAWSERVICE.EXE-1E1DE6D1.pf --------- 81572 
 19.10.2010 17:44     C:\WINDOWS\Prefetch\AD-AWAREADMIN.EXE-1618EEEB.pf --------- 37580 
 19.10.2010 16:50     C:\WINDOWS\Prefetch\AVSCAN.EXE-068A2CAC.pf --------- 86356 
 19.10.2010 13:03     C:\WINDOWS\Prefetch\AVCENTER.EXE-377C5668.pf --------- 62604 
 19.10.2010 13:01     C:\WINDOWS\Prefetch\THREATWORK.EXE-2CC668FF.pf --------- 31900 
 19.10.2010 12:59     C:\WINDOWS\Prefetch\GUARDGUI.EXE-1FA25B88.pf --------- 15708 
 19.10.2010 12:09     C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf --------- 53742 
 19.10.2010 12:09     C:\WINDOWS\Prefetch\_IU14D2N.TMP-38A1306E.pf --------- 26292 
 19.10.2010 12:09     C:\WINDOWS\Prefetch\UNINS001.EXE-1EB18737.pf --------- 19506 
 19.10.2010 12:09     C:\WINDOWS\Prefetch\UNINS000.EXE-02BCB9C7.pf --------- 18766 
 19.10.2010 12:09     C:\WINDOWS\Prefetch\FOTOFUSIONV4 UNINSTALLER.EXE-1AB6D74C.pf --------- 19102 
 19.10.2010 12:09     C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf --------- 128060 
 19.10.2010 12:09     C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf --------- 23888 
 19.10.2010 12:09     C:\WINDOWS\Prefetch\COLLAGE.EXE-34742083.pf --------- 56016 
 19.10.2010 12:08     C:\WINDOWS\Prefetch\UNINST.EXE-1E1D427F.pf --------- 16754 
 19.10.2010 12:08     C:\WINDOWS\Prefetch\UNINST.EXE-1910BCF3.pf --------- 28430 
 19.10.2010 12:08     C:\WINDOWS\Prefetch\UNINS000.EXE-0B5F6769.pf --------- 16692 
 19.10.2010 12:07     C:\WINDOWS\Prefetch\UNINS000.EXE-2C46BE05.pf --------- 18628 
 19.10.2010 12:07     C:\WINDOWS\Prefetch\CCLEANER.EXE-17ADB38C.pf --------- 113546 
 19.10.2010 11:50     C:\WINDOWS\Prefetch\AU_.EXE-1563F1CE.pf --------- 24870 
 19.10.2010 11:50     C:\WINDOWS\Prefetch\UNINSTALL.EXE-2B525910.pf --------- 13676 
 19.10.2010 11:50     C:\WINDOWS\Prefetch\UNINS000.EXE-2AE40FD4.pf --------- 24612 
 19.10.2010 11:49     C:\WINDOWS\Prefetch\NMSACCESSU.EXE-0836AD64.pf --------- 8794 
 19.10.2010 11:34     C:\WINDOWS\Prefetch\RUNDLL32.EXE-481F709A.pf --------- 48596 
 19.10.2010 11:34     C:\WINDOWS\Prefetch\JAVA.EXE-2167859B.pf --------- 72862 
 18.10.2010 22:48     C:\WINDOWS\Prefetch\WINRAR.EXE-1A0EFB18.pf --------- 52964 
 18.10.2010 20:06     C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf --------- 26442 
 18.10.2010 20:06     C:\WINDOWS\Prefetch\RUNDLL32.EXE-13404D23.pf --------- 63118 
 18.10.2010 14:03     C:\WINDOWS\Prefetch\SYSTEMLOOK.EXE-047336E8.pf --------- 18400 
 18.10.2010 13:07     C:\WINDOWS\Prefetch\HJTINSTALL.EXE-120AE2D7.pf --------- 20036 
 18.10.2010 12:44     C:\WINDOWS\Prefetch\POWERPNT.EXE-2A26805E.pf --------- 69842 
 18.10.2010 11:39     C:\WINDOWS\Prefetch\CLEANSWEEPUPD.EXE-1F1C0D67.pf --------- 22106 
 18.10.2010 00:07     C:\WINDOWS\Prefetch\RUNDLL32.EXE-207E54C3.pf --------- 14962 
 18.10.2010 00:07     C:\WINDOWS\Prefetch\RUNDLL32.EXE-4BA7A70C.pf --------- 15130 
 17.10.2010 19:37     C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf --------- 21290 
 17.10.2010 19:16     C:\WINDOWS\Prefetch\AGENT.EXE-241FAAD9.pf --------- 60418 
 17.10.2010 19:16     C:\WINDOWS\Prefetch\ISUSPM.EXE-1D77C392.pf --------- 153370 
 16.10.2010 22:41     C:\WINDOWS\Prefetch\LEECHER.EXE-2319A22A.pf --------- 29676 
 16.10.2010 22:40     C:\WINDOWS\Prefetch\RUNDLL32.EXE-4C40A48F.pf --------- 15630 
 16.10.2010 22:40     C:\WINDOWS\Prefetch\RUNDLL32.EXE-188DF14E.pf --------- 23664 
 16.10.2010 22:36     C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf --------- 16732 
 16.10.2010 22:19     C:\WINDOWS\Prefetch\CLVIEW.EXE-23D169C2.pf --------- 65234 
 16.10.2010 22:01     C:\WINDOWS\Prefetch\WINWORD.EXE-2811918F.pf --------- 98858 
 16.10.2010 21:23     C:\WINDOWS\Prefetch\STATION2.EXE-038805B3.pf --------- 53856 
 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf --------- 22744 
 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-49A1D709.pf --------- 19928 
 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-15206D5C.pf --------- 19980 
 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-188D9E9C.pf --------- 19996 
 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D3D8701.pf --------- 19968 
 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3085D5CC.pf --------- 19968 
 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-43854211.pf --------- 19968 
 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C703AED.pf --------- 17738 
 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-14EC1EE8.pf --------- 17738 
 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-4ABAF25B.pf --------- 17738 
 16.10.2010 21:14     C:\WINDOWS\Prefetch\MMC.EXE-39071BCC.pf --------- 36142 
 16.10.2010 21:14     C:\WINDOWS\Prefetch\RUNDLL32.EXE-44A0B4BC.pf --------- 32444 
 16.10.2010 21:08     C:\WINDOWS\Prefetch\RUNDLL32.EXE-23061B8F.pf --------- 16074 
 16.10.2010 19:17     C:\WINDOWS\Prefetch\PLAYER.EXE-3A1D4B43.pf --------- 47752 
 16.10.2010 19:12     C:\WINDOWS\Prefetch\VEETLE-0.9.18.EXE-1F1D1ED4.pf --------- 31336 
 16.10.2010 16:19     C:\WINDOWS\Prefetch\CALC.EXE-02CD573A.pf --------- 17398 
 15.10.2010 23:48     C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B08ECFB.pf --------- 23268 
 15.10.2010 22:44     C:\WINDOWS\Prefetch\RUNDLL32.EXE-47DAD21C.pf --------- 43988 
 15.10.2010 22:33     C:\WINDOWS\Prefetch\SETUP.EXE-002F50CE.pf --------- 35118 
 15.10.2010 22:33     C:\WINDOWS\Prefetch\SEAGATE-RELEASE.EXE-1589B8C9.pf --------- 49106 
 15.10.2010 22:32     C:\WINDOWS\Prefetch\RUNDLL32.EXE-4207E90B.pf --------- 15260 
 14.10.2010 22:25     C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf --------- 19036 
 14.10.2010 21:22     C:\WINDOWS\Prefetch\RUNDLL32.EXE-28DAF2FD.pf --------- 17296 
 14.10.2010 21:06     C:\WINDOWS\Prefetch\FHEYDBUEYJ.EXE-2CFB0202.pf --------- 15354 
 13.10.2010 23:43     C:\WINDOWS\Prefetch\RUNDLL32.EXE-19411A95.pf --------- 16748 
 13.10.2010 23:02     C:\WINDOWS\Prefetch\FIREWORKS 4.EXE-28616533.pf --------- 56422 
 12.10.2010 23:48     C:\WINDOWS\Prefetch\RUNDLL32.EXE-418EC388.pf --------- 35126 
 12.10.2010 23:02     C:\WINDOWS\Prefetch\CRASHREPORTER.EXE-05610F59.pf --------- 20764 
 12.10.2010 18:33     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B495574.pf --------- 15772 
 12.10.2010 16:38     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3E116FC1.pf --------- 15686 
 12.10.2010 16:30     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3BA10EF7.pf --------- 44256 
 12.10.2010 16:30     C:\WINDOWS\Prefetch\RUNDLL32.EXE-27CA4AF1.pf --------- 38154 
 12.10.2010 15:49     C:\WINDOWS\Prefetch\RUNDLL32.EXE-29192C59.pf --------- 46622 
 12.10.2010 14:10     C:\WINDOWS\Prefetch\DW20.EXE-005BA42F.pf --------- 10146 
 12.10.2010 14:09     C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf --------- 62202 
 11.10.2010 22:35     C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf --------- 35656 
 11.10.2010 22:35     C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf --------- 32918 
 11.10.2010 22:34     C:\WINDOWS\Prefetch\0.40520102324780105.EXE-38E656CB.pf --------- 7862 
 11.10.2010 22:34     C:\WINDOWS\Prefetch\JAVAW.EXE-0159D575.pf --------- 5432 
 11.10.2010 22:34     C:\WINDOWS\Prefetch\JAVAWS.EXE-1714DD62.pf --------- 15864 
 11.10.2010 22:13     C:\WINDOWS\Prefetch\RUNDLL32.EXE-14F71516.pf --------- 47326 
----------------------------------------

 
C:\WINDOWS\Tasks

 20.10.2010 15:23     C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job --------- 892 
 20.10.2010 15:03     C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job --------- 470 
 20.10.2010 15:00     C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job --------- 888 
 20.10.2010 15:00     C:\WINDOWS\Tasks\SA.DAT --------- 6 
 11.11.2004 14:00     C:\WINDOWS\Tasks\desktop.ini --------- 65 
----------------------------------------

 
C:\WINDOWS\Temp

 20.10.2010 15:00     C:\WINDOWS\Temp\Perflib_Perfdata_21c.dat --------- 16384 
 19.10.2010 16:50     C:\WINDOWS\Temp\History --------- 0 
 19.10.2010 16:50     C:\WINDOWS\Temp\Cookies --------- 0 
 19.10.2010 16:50     C:\WINDOWS\Temp\Temporary Internet Files --------- 0 
 16.10.2010 14:54     C:\WINDOWS\Temp\Perflib_Perfdata_9dc.dat --------- 16384 
----------------------------------------

 
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp

 20.10.2010 15:17      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\JETB906.tmp --------- 0 
 20.10.2010 15:16      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\plugtmp --------- 0 
 20.10.2010 15:04      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\foxtab --------- 0 
 20.10.2010 01:38      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\AdobeARM_NotLocked.log --------- 735 
 20.10.2010 01:38      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ArmUI.ini --------- 148526 
 19.10.2010 12:56      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\hsperfdata_Administrator --------- 0 
 19.10.2010 11:37      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\AdobeARM.log --------- 245330 
 19.10.2010 11:34      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\java_install_reg.log --------- 1580 
 17.10.2010 19:17      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\34661.dmp --------- 45671 
 17.10.2010 19:17      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\34576.dmp --------- 26234 
 17.10.2010 19:17      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\45b3_appcompat.txt --------- 16174 
 17.10.2010 19:17      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\437f_appcompat.txt --------- 16174 
 16.10.2010 19:12      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\veetleb --------- 0 
 16.10.2010 14:54      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\AD85.dmp --------- 27778 
 16.10.2010 14:54      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\95a0_appcompat.txt --------- 11664 
 13.10.2010 20:57      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache2316889501280927226.tmp --------- 37809 
 13.10.2010 20:57      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache3801248208306411390.tmp --------- 43975 
 13.10.2010 20:57      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache1710087421479198575.tmp --------- 84096 
 13.10.2010 20:57      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache6640324910098707211.tmp --------- 59439 
 13.10.2010 20:56      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache2351662818532060136.tmp --------- 9457 
 13.10.2010 20:56      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache2700756697933379298.tmp --------- 14802 
 12.10.2010 22:55      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\plugtmp-2 --------- 0 
 11.10.2010 22:34      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\0.40163477446917484.exe --------- 101071 
 21.09.2010 13:22      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\SkypeSetup.exe --------- 19075976 
 30.08.2010 23:25      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\tmp10.tmp --------- 349517 
 13.06.2010 11:06      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\German.bin --------- 25764 
 30.04.2010 23:13      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\uninst.exe --------- 991236 
----------------------------------------

 
C:\Programme

 20.10.2010 15:20     C:\Programme\trend micro --------- 0 
 19.10.2010 12:08     C:\Programme\NCH Software --------- 0 
 18.10.2010 20:06     C:\Programme\Lavasoft --------- 0 
 17.09.2010 12:19     C:\Programme\Internet Explorer --------- 0 
 25.08.2010 16:02     C:\Programme\Windows Media Player --------- 0 
 25.08.2010 16:02     C:\Programme\Movie Maker --------- 0 
 25.08.2010 16:02     C:\Programme\NetMeeting --------- 0 
 25.08.2010 16:02     C:\Programme\Outlook Express --------- 0 
 25.08.2010 16:01     C:\Programme\ComPlus Applications --------- 0 
 25.08.2010 16:01     C:\Programme\Messenger --------- 0 
 25.08.2010 16:00     C:\Programme\Windows NT --------- 0 
 12.06.2010 13:48     C:\Programme\MSECache --------- 0 
 11.06.2010 22:40     C:\Programme\Microsoft Office --------- 0 
 31.05.2010 13:24     C:\Programme\Gemeinsame Dateien --------- 0 
 02.02.2010 20:22     C:\Programme\LG Soft India --------- 0 
 02.02.2010 20:21     C:\Programme\InstallShield Installation Information --------- 0 
 14.01.2010 17:31     C:\Programme\Microsoft.NET --------- 0 
 25.12.2009 02:28     C:\Programme\NimoCodec Pack --------- 0 
 25.12.2009 02:28     C:\Programme\XviD --------- 0 
 25.12.2009 02:28     C:\Programme\DivX --------- 0 
 25.12.2009 02:28     C:\Programme\DivXCodec --------- 0 
 23.12.2009 20:12     C:\Programme\UnderCoverXP --------- 0 
 17.06.2009 11:08     C:\Programme\Kyocera --------- 0 
 26.05.2009 21:10     C:\Programme\Java --------- 0 
 29.04.2009 10:39     C:\Programme\DAEMON Tools Lite --------- 0 
 11.04.2009 18:01     C:\Programme\Adobe --------- 0 
 19.03.2009 17:20     C:\Programme\Graphviz2.22 --------- 0 
 17.03.2009 20:17     C:\Programme\Mindjet --------- 0 
 17.03.2009 20:16     C:\Programme\MSXML 6.0 --------- 0 
 21.01.2009 16:31     C:\Programme\Realtek --------- 0 
 21.01.2009 16:04     C:\Programme\Realtek AC97 --------- 0 
 21.01.2009 14:36     C:\Programme\xp-AntiSpy --------- 0 
 21.01.2009 14:27     C:\Programme\Intel --------- 0 
 21.01.2009 00:58     C:\Programme\ATI Technologies --------- 0 
 21.01.2009 00:51     C:\Programme\Uninstall Information --------- 0 
 21.01.2009 00:48     C:\Programme\xerox --------- 0 
 21.01.2009 00:48     C:\Programme\microsoft frontpage --------- 0 
 21.01.2009 00:47     C:\Programme\WindowsUpdate --------- 0 
 21.01.2009 00:47     C:\Programme\Online-Dienste --------- 0 
 21.01.2009 00:45     C:\Programme\Online Services --------- 0 
 21.01.2009 00:44     C:\Programme\MSN Gaming Zone --------- 0 
 21.01.2009 00:44     C:\Programme\MSN --------- 0 
----------------------------------------

 
C:\Dokumente und Einstellungen\All Users\.. 

Administrator    
LocalService.NT-AUTORITŽT    
NetworkService.NT-AUTORITŽT    
All Users    
LocalService    
NetworkService    
Default User    
----------------------------------------

 
C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost
***************************************
----------------------------------------

 

 
***** Ende des Scans 20.10.2010 um 15:38:34,31 ***
         

Ccleaner:
Install:

Code:
ATTFilter
3GP Media Player 1.0    vsevensoft.com    
ACDSee Pro 2.5    ACD Systems International    2.5.333
Ad-Aware    Lavasoft    
Adobe Flash Player 10 ActiveX    Adobe Systems Incorporated    10.0.42.34
Adobe Flash Player 10 Plugin    Adobe Systems Incorporated    10.1.53.64
Adobe Reader 9.3.4 - Deutsch    Adobe Systems Incorporated    9.3.4
ATI - Software Uninstall Utility        6.14.10.1022
ATI Catalyst Control Center        2.008.1201.1503
ATI Display Driver        8.561-081201a1-072271C-ATI
Avira AntiVir Personal - Free Antivirus    Avira GmbH    10.0.0.565
Battlefield Heroes (Administrator)    EA Digital illusions    
CCleaner    Piriform    2.31
DivX Plus Web Player    DivX,Inc.    2.0.0
Easy Graphic Converter 1.2    Etru Software Development    1.1
Enterprise Dynamics Developer 8.0.0 1617        
forteManager    LG Soft India    3.15
Gigabyte Raid Configurer    Gigabyte Technology Corp.    1.00.0000
Graphviz    AT&T Research Labs    2.22
Hercules Deluxe Optical Glass    Hercules    2.8.0.0
High Definition Audio Driver Package - KB888111    Microsoft Corporation    20040219.000000
HijackThis 2.0.2    TrendMicro    2.0.2
ICQ6.5    ICQ    6.5
Java(TM) 6 Update 13    Sun Microsystems, Inc.    6.0.130
JDownloader    AppWork UG (haftungsbeschränkt)    0.89
xxxxxxxxxxxxxxx
xxxxxxxxxxxxxxx
xxxxxxxxxxxxxxx
xxxxxxxxxxxxxxx
xxxxxxxxxxxxxxx
xxxxxxxxxxxxxxx
xxxxxxxxxxxxxxx
mIRC        
Mozilla Firefox (3.6.10)    Mozilla    3.6.10 (de)
MSXML 6.0 Parser    Microsoft Corporation    6.10.1129.0
Mumble and Murmur    Mumble    1.1.8
Nimo Codecs Pack v5.0 (Remove Only)        
PDF-XChange 3    Tracker Software    
PDF24 Creator    PDF24.org    
Prism Video Converter    NCH Software    
xxxxxxxxxxxxxxx
PunkBuster Services    Even Balance, Inc.    0.988
Realtek AC'97 Audio    Realtek Semiconductor Corp.    5.36
REALTEK GbE & FE Ethernet PCI-E NIC Driver    Realtek    1.08.0000
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    5.10.0.5672
Skype™ 4.2    Skype Technologies S.A.    4.2.187
Spybot - Search & Destroy    Safer Networking Limited    1.6.2
taraVRbuilder 8.0 Demo    tarakos GmbH    8.0.14
TeamSpeak 2 RC2    Dominating Bytes Design    2.0.32.60
UnderCoverXP 1.22    Wicked & Wild Inc.    
Uninstall 1.0.0.1        
Veetle TV 0.9.18    Veetle, Inc    0.9.18
VLC media player 1.0.3    VideoLAN Team    1.0.3
Winamp    Nullsoft, Inc    5.56 
Windows Internet Explorer 8    Microsoft Corporation    20090308.140743
Windows Media Player Firefox Plugin    Microsoft Corp    1.0.0.8
Windows XP Service Pack 3    Microsoft Corporation    20080414.031514
WinRAR        
xp-AntiSpy 3.97    Christian Taubenheim
         
Startup

Code:
ATTFilter
Ja    HKCU:Run    CTFMON.EXE    C:\WINDOWS\system32\ctfmon.exe
Ja    HKCU:Run    SpybotSD TeaTimer    D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
Nein    HKCU:Run    DAEMON Tools Lite    "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
Nein    HKCU:Run    fheydbueyj.exe    C:\fheydbueyj.exe\fheydbueyj.exe
Nein    HKCU:Run    Hvh    C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe
Ja    HKLM:Run    StartCCC    "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Ja    HKLM:Run    JMB36X IDE Setup    C:\WINDOWS\JM\JMInsIDE.exe
Ja    HKLM:Run    avgnt    "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
Nein    HKLM:Run    36X Raid Configurer    C:\WINDOWS\system32\JMRaidSetup.exe boot
Nein    HKLM:Run    Alcmtr    ALCMTR.EXE
Nein    HKLM:Run    AlcWzrd    ALCWZRD.EXE
Nein    HKLM:Run    Camservice    D:\Programme\Hercules\Deluxe Optical Glass\Camservice.exe /startup
Nein    HKLM:Run    ISUSPM Startup    C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
Nein    HKLM:Run    ISUSScheduler    "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
Nein    HKLM:Run    RTHDCPL    RTHDCPL.EXE
Nein    HKLM:Run    SoundMan    SOUNDMAN.EXE
Nein    HKLM:Run    SunJavaUpdateSched    "C:\Programme\Java\jre6\bin\jusched.exe"
Nein    Startup Common    forteManager.lnk    C:\PROGRA~1\LGSOFT~1\FORTEM~1\bin\Monitor.exe -startup
Nein    Startup Common    Microsoft Office.lnk    D:\PROGRA~1\MICROS~1\Office10\OSA.EXE
         
Gmer log:

[CODE]
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15319 - hxxp://www.gmer.net
Rootkit scan 2010-10-20 16:17:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT            A075E656                                                                                                            ZwCreateKey
SSDT            A075E64C                                                                                                            ZwCreateThread
SSDT            A075E65B                                                                                                            ZwDeleteKey
SSDT            A075E665                                                                                                            ZwDeleteValueKey
SSDT            spea.sys                                                                                                            ZwEnumerateKey [0xB9EC5CA4]
SSDT            spea.sys                                                                                                            ZwEnumerateValueKey [0xB9EC6032]
SSDT            A075E66A                                                                                                            ZwLoadKey
SSDT            spea.sys                                                                                                            ZwOpenKey [0xB9EA70C0]
SSDT            A075E638                                                                                                            ZwOpenProcess
SSDT            A075E63D                                                                                                            ZwOpenThread
SSDT            spea.sys                                                                                                            ZwQueryKey [0xB9EC610A]
SSDT            spea.sys                                                                                                            ZwQueryValueKey [0xB9EC5F8A]
SSDT            A075E674                                                                                                            ZwReplaceKey
SSDT            A075E66F                                                                                                            ZwRestoreKey
SSDT            A075E660                                                                                                            ZwSetValueKey
SSDT            A075E647                                                                                                            ZwTerminateProcess

INT 0x62        ?                                                                                                                   8B189BF8
INT 0x73        ?                                                                                                                   8B189BF8
INT 0x73        ?                                                                                                                   8B189BF8
INT 0x73        ?                                                                                                                   8B119BF8
INT 0x73        ?                                                                                                                   8AEB5BF8
INT 0x73        ?                                                                                                                   8B189BF8
INT 0x82        ?                                                                                                                   8B189BF8
INT 0x84        ?                                                                                                                   8AEB5BF8
INT 0xA4        ?                                                                                                                   8AEB5BF8
INT 0xA4        ?                                                                                                                   8AEB5BF8
INT 0xA4        ?                                                                                                                   8AEB5BF8
INT 0xA4        ?                                                                                                                   8AEB5BF8
INT 0xB4        ?                                                                                                                   8AEB5BF8

---- Kernel code sections - GMER 1.0.15 ----

?               spea.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                            section is writeable [0xB8502000, 0x1B601E, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                               B84B98AC 5 Bytes  JMP 8AEB51D8 
.text           a8p200u1.SYS                                                                                                        B8432386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text           a8p200u1.SYS                                                                                                        B84323AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text           a8p200u1.SYS                                                                                                        B84323C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text           a8p200u1.SYS                                                                                                        B84323C9 1 Byte  [30]
.text           a8p200u1.SYS                                                                                                        B84323C9 11 Bytes  [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [B9EA8042] spea.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [B9EA813E] spea.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                 [B9EA80C0] spea.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                         [B9EA8800] spea.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                 [B9EA86D6] spea.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [B9EB7E9C] spea.sys
IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KfAcquireSpinLock]                                                18C4830E
IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!READ_PORT_UCHAR]                                                  1C8D9E88
IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KeGetCurrentIrql]                                                 9E880000
IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KfRaiseIrql]                                                      00001CA9
IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KfLowerIrql]                                                      0E798366
IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!HalGetInterruptVector]                                            74AAB000
IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!HalTranslateBusAddress]                                           8186C636
IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KeStallExecutionProcessor]                                        1A00001C
IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KfReleaseSpinLock]                                                1C8386C6
IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          C6020000
IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!READ_PORT_USHORT]                                                 001C8E86
IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                         86C60200
IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                 00001CAA
IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[WMILIB.SYS!WmiSystemControl]                                              8800001C
IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[WMILIB.SYS!WmiCompleteRequest]                                            001CB19E

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              8B1151F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    8AEB11F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    8AEB11F8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                           8B1171F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                             8B1171F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                8B1171F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                               8B1171F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    8AEB11F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                    8AEBD500
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                    8AEB11F8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                           Lbd.sys (Boot Driver/Lavasoft AB)

Device          \Driver\usbuhci \Device\USBPDO-5                                                                                    8AEB11F8
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                    8AEB11F8
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8B18A1F8
Device          \Driver\usbehci \Device\USBPDO-7                                                                                    8AEBD500
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8B18A1F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                        8AE641F8
Device          \Driver\Cdrom \Device\CdRom1                                                                                        8AE641F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\PCI_PNP6778 \Device\0000003d                                                                                spea.sys
Device          \Driver\sptd \Device\3100154278                                                                                     spea.sys
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             8A3941F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    8A3941F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    8AEB11F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    8AEB11F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   8A3861F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    8AEB11F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         8A3861F8
Device          \Driver\usbehci \Device\USBFDO-3                                                                                    8AEBD500
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                    8AEB11F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                    8B18A1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{0779FD98-11CB-4589-B42A-3CE9891FBFEC}                                            8A3941F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                    8AEB11F8
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                    8AEB11F8
Device          \Driver\usbehci \Device\USBFDO-7                                                                                    8AEBD500
Device          \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0                                                              8B1161F8
Device          \Driver\a8p200u1 \Device\Scsi\a8p200u11Port5Path0Target0Lun0                                                        8ADC91F8
Device          \Driver\a8p200u1 \Device\Scsi\a8p200u11                                                                             8ADC91F8
Device          \Driver\JRAID \Device\Scsi\JRAID1                                                                                   8B1161F8
Device          \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target1Lun0                                                              8B1161F8
Device          \FileSystem\Cdfs \Cdfs                                                                                              8ADBE500

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x83 0x3C 0x5F 0x9D ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x4F 0xDA 0xA4 0x54 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xD4 0xBF 0x8C 0x1D ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x83 0x3C 0x5F 0x9D ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x4F 0xDA 0xA4 0x54 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x39 0xB7 0xC1 0x4B ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x83 0x3C 0x5F 0x9D ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x4F 0xDA 0xA4 0x54 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xD4 0xBF 0x8C 0x1D ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---
__________________

Alt 21.10.2010, 12:01   #4
p3ng
 
fheydbueyj.exe im Autostart. Was ist das? - Standard

fheydbueyj.exe im Autostart. Was ist das?



Root repeal log:
Drivers:
Code:
ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2010/10/20 17:02
Program Version:        Version 1.3.5.0
Windows Version:        Windows XP SP3
==================================================

Drivers
-------------------
Name: aaquiu3r.SYS
Image Path: C:\WINDOWS\System32\Drivers\aaquiu3r.SYS
Address: 0xB8432000    Size: 229376    File Visible: -    Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB9E5F000    Size: 188800    File Visible: -    Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000    Size: 2154496    File Visible: -    Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA5DA8000    Size: 138112    File Visible: -    Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB9DF1000    Size: 98304    File Visible: -    Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000    Size: 0    File Visible: -    Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF06A000    Size: 577536    File Visible: -    Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF019000    Size: 331776    File Visible: -    Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB8501000    Size: 5455872    File Visible: -    Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF1B4000    Size: 4120576    File Visible: -    Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF0F7000    Size: 471040    File Visible: -    Signed: -
Status: -

Name: atiok3x2.dll
Image Path: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBF16A000    Size: 303104    File Visible: -    Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF9C3000    Size: 2498560    File Visible: -    Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000    Size: 286720    File Visible: -    Signed: -
Status: -

Name: avgio.sys
Image Path: D:\Programme\Avira\AntiVir Desktop\avgio.sys
Address: 0xA224B000    Size: 6144    File Visible: -    Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0x9E1E5000    Size: 81920    File Visible: -    Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xA0E06000    Size: 114688    File Visible: -    Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBA5C4000    Size: 4224    File Visible: -    Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000    Size: 12288    File Visible: -    Signed: -
Status: -

Name: camfilt2.sys
Image Path: C:\WINDOWS\system32\DRIVERS\camfilt2.sys
Address: 0xA040A000    Size: 94720    File Visible: -    Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xA1536000    Size: 63744    File Visible: -    Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA2F8000    Size: 62976    File Visible: -    Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0F8000    Size: 53248    File Visible: -    Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA0E8000    Size: 36352    File Visible: -    Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xB9E09000    Size: 154112    File Visible: -    Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xBA5AC000    Size: 5888    File Visible: -    Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA1F8000    Size: 61440    File Visible: -    Signed: -
Status: -

Name: dump_diskdump.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys
Address: 0xA1AE8000    Size: 16384    File Visible: No    Signed: -
Status: -

Name: dump_JRAID.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_JRAID.sys
Address: 0xA1506000    Size: 45056    File Visible: No    Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA109A000    Size: 12288    File Visible: -    Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000    Size: 73728    File Visible: -    Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xA10DE000    Size: 4096    File Visible: -    Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xBA448000    Size: 27392    File Visible: -    Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xA86B9000    Size: 44672    File Visible: -    Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xA8C12000    Size: 20480    File Visible: -    Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB9DD1000    Size: 129792    File Visible: -    Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA5C2000    Size: 7936    File Visible: -    Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB9E2F000    Size: 126336    File Visible: -    Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E5000    Size: 134400    File Visible: -    Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB84C5000    Size: 163840    File Visible: -    Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xA82D6000    Size: 36864    File Visible: -    Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xA8BFA000    Size: 28672    File Visible: -    Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xA8950000    Size: 10368    File Visible: -    Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0x9D493000    Size: 264832    File Visible: -    Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBA168000    Size: 52992    File Visible: -    Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA2E8000    Size: 42112    File Visible: -    Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xBA2D8000    Size: 40448    File Visible: -    Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA5DCA000    Size: 152832    File Visible: -    Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA5EDE000    Size: 75264    File Visible: -    Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA0A8000    Size: 37632    File Visible: -    Signed: -
Status: -

Name: JGOGO.sys
Image Path: JGOGO.sys
Address: 0xBA5AE000    Size: 6912    File Visible: -    Signed: -
Status: -

Name: jraid.sys
Image Path: jraid.sys
Address: 0xBA0D8000    Size: 44928    File Visible: -    Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA450000    Size: 25216    File Visible: -    Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000    Size: 8192    File Visible: -    Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB847E000    Size: 143360    File Visible: -    Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB9DA8000    Size: 92288    File Visible: -    Signed: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xBA108000    Size: 57600    File Visible: -    Signed: -
Status: -

Name: LGDispDrv.dll
Image Path: C:\WINDOWS\System32\LGDispDrv.dll
Address: 0xBF012000    Size: 28672    File Visible: -    Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA5C6000    Size: 4224    File Visible: -    Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA3A0000    Size: 23552    File Visible: -    Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xA898E000    Size: 12288    File Visible: -    Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA0B8000    Size: 42368    File Visible: -    Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0x9E0C8000    Size: 180608    File Visible: -    Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA5D0D000    Size: 456576    File Visible: -    Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xA9156000    Size: 19072    File Visible: -    Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB8AA5000    Size: 35072    File Visible: -    Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA56C000    Size: 15488    File Visible: -    Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9CD4000    Size: 105344    File Visible: -    Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB9CEE000    Size: 182656    File Visible: -    Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB963F000    Size: 10112    File Visible: -    Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA22B7000    Size: 14592    File Visible: -    Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB841B000    Size: 91520    File Visible: -    Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA1E8000    Size: 40576    File Visible: -    Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xA86C9000    Size: 34688    File Visible: -    Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA5DF0000    Size: 162816    File Visible: -    Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xA88F3000    Size: 30848    File Visible: -    Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9D1B000    Size: 574976    File Visible: -    Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000    Size: 2154496    File Visible: -    Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xA8250000    Size: 2944    File Visible: -    Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB846A000    Size: 80384    File Visible: -    Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBA330000    Size: 19712    File Visible: -    Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xA2241000    Size: 7040    File Visible: -    Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB9E4E000    Size: 68224    File Visible: -    Signed: -
Status: -

Name: PCI_PNP0042
Image Path: \Driver\PCI_PNP0042
Address: 0x00000000    Size: 0    File Visible: No    Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBA670000    Size: 3328    File Visible: -    Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000    Size: 28672    File Visible: -    Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000    Size: 2154496    File Visible: -    Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAAF8F000    Size: 147456    File Visible: -    Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB840A000    Size: 69120    File Visible: -    Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA3C8000    Size: 17792    File Visible: -    Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBA118000    Size: 35712    File Visible: -    Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xA898A000    Size: 8832    File Visible: -    Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBA178000    Size: 51328    File Visible: -    Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA188000    Size: 41472    File Visible: -    Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB8AB5000    Size: 48384    File Visible: -    Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA3D8000    Size: 16512    File Visible: -    Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000    Size: 2154496    File Visible: -    Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA5D7D000    Size: 175744    File Visible: -    Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA5C8000    Size: 4224    File Visible: -    Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB82B7000    Size: 196224    File Visible: -    Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA308000    Size: 57728    File Visible: -    Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9D57F000    Size: 49152    File Visible: No    Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAAFB3000    Size: 4919296    File Visible: -    Signed: -
Status: -

Name: RTL8139.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
Address: 0xBA440000    Size: 20992    File Visible: -    Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xB9E8E000    Size: 98304    File Visible: -    Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBA55C000    Size: 15744    File Visible: -    Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xBA158000    Size: 65536    File Visible: -    Signed: -
Status: -

Name: snpstd3.sys
Image Path: C:\WINDOWS\system32\DRIVERS\snpstd3.sys
Address: 0xA0422000    Size: 10371072    File Visible: -    Signed: -
Status: -

Name: spry.sys
Image Path: spry.sys
Address: 0xB9EA6000    Size: 1052672    File Visible: No    Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000    Size: 0    File Visible: No    Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB9DBF000    Size: 73472    File Visible: -    Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0x9DDB9000    Size: 334848    File Visible: -    Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xA88EB000    Size: 23040    File Visible: -    Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xA1526000    Size: 53248    File Visible: -    Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5F2000    Size: 4352    File Visible: -    Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA940A000    Size: 60800    File Visible: -    Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA5E18000    Size: 361344    File Visible: -    Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA340000    Size: 20480    File Visible: -    Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB8A75000    Size: 40704    File Visible: -    Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB8259000    Size: 384768    File Visible: -    Signed: -
Status: -

Name: usbaudio.sys
Image Path: C:\WINDOWS\system32\drivers\usbaudio.sys
Address: 0xA1516000    Size: 60032    File Visible: -    Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xA1675000    Size: 32128    File Visible: -    Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA5FE000    Size: 8192    File Visible: -    Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA438000    Size: 30208    File Visible: -    Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB81D1000    Size: 59520    File Visible: -    Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB84A1000    Size: 147456    File Visible: -    Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBA430000    Size: 20608    File Visible: -    Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xA915E000    Size: 20992    File Visible: -    Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB84ED000    Size: 81920    File Visible: -    Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA0C8000    Size: 53760    File Visible: -    Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xA86D9000    Size: 34560    File Visible: -    Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xA1665000    Size: 20480    File Visible: -    Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0x9E08B000    Size: 83072    File Visible: -    Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000    Size: 1847296    File Visible: -    Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000    Size: 1847296    File Visible: -    Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xBA5AA000    Size: 8192    File Visible: -    Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000    Size: 2154496    File Visible: -    Signed: -
Status: -
         
Stealth Objects:

Code:
ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2010/10/20 17:02
Program Version:        Version 1.3.5.0
Windows Version:        Windows XP SP3
==================================================

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_CREATE]
Process: System    Address: 0x8ade31f8    Size: 121

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_CLOSE]
Process: System    Address: 0x8ade31f8    Size: 121

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8ade31f8    Size: 121

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8ade31f8    Size: 121

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_POWER]
Process: System    Address: 0x8ade31f8    Size: 121

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8ade31f8    Size: 121

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_PNP]
Process: System    Address: 0x8ade31f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_CREATE]
Process: System    Address: 0x8b1161f8    Size: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_CLOSE]
Process: System    Address: 0x8b1161f8    Size: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8b1161f8    Size: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8b1161f8    Size: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_POWER]
Process: System    Address: 0x8b1161f8    Size: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8b1161f8    Size: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_PNP]
Process: System    Address: 0x8b1161f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System    Address: 0x8aedc1f8    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System    Address: 0x8aedc1f8    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8aedc1f8    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8aedc1f8    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System    Address: 0x8aedc1f8    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8aedc1f8    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System    Address: 0x8aedc1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System    Address: 0x8a39f1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System    Address: 0x8a39f1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8a39f1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8a39f1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System    Address: 0x8a39f1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System    Address: 0x8a39f1f8    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System    Address: 0x8aea7500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System    Address: 0x8aea7500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8aea7500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8aea7500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System    Address: 0x8aea7500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8aea7500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System    Address: 0x8aea7500    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_CREATE]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_CLOSE]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_READ]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_CLEANUP]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_PNP]
Process: System    Address: 0x8adc8500    Size: 121
         
Hidden Services:

Code:
ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2010/10/20 17:03
Program Version:        Version 1.3.5.0
Windows Version:        Windows XP SP3
==================================================

Hidden Services
-------------------
         

Alt 21.10.2010, 12:36   #5
kira
/// Helfer-Team
 
fheydbueyj.exe im Autostart. Was ist das? - Standard

fheydbueyj.exe im Autostart. Was ist das?



→ besuche die Seite von virustotal und die Datei/en aus Codebox bitte prüfen lassen - inklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren:
Tipps für die Suche nach Dateien
Code:
ATTFilter
C:\fheydbueyj.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe
         
→ Klicke auf "Durchsuchen"
→ Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
→ "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist
das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)

** Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:
Code:
ATTFilter
Datei <hier kommt die Dateiname> empfangen 2009.xx.xx xx:xx:xx (CET)
Antivirus	Version	letzte aktualisierung	Ergebnis
a-squared	4.0.0.73	2009.01.28	-
AhnLab-V3	5.0.0.2	2009.01.28	-
AntiVir	7.9.0.60	2009.01.28	-
Authentium	5.1.0.4	2009.01.27	-

...über 40 Virenscannern...also Geduld!!
         


Alt 21.10.2010, 13:08   #6
p3ng
 
fheydbueyj.exe im Autostart. Was ist das? - Standard

fheydbueyj.exe im Autostart. Was ist das?



Hallo,
die Suche nach der Datei C:\fheydbueyj.exe ergab folgendes:


Code:
ATTFilter
 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
config.bin
Submission date:
2010-10-21 11:43:25 (UTC)
Current status:
queued (#1) queued (#1) analysing finished
Result:
0/ 43 (0.0%)
    
VT Community

not reviewed
 Safety score: - 
Compact
Print results
Antivirus     Version     Last Update     Result
AhnLab-V3    2010.10.21.02    2010.10.21    -
AntiVir    7.10.13.13    2010.10.21    -
Antiy-AVL    2.0.3.7    2010.10.21    -
Authentium    5.2.0.5    2010.10.21    -
Avast    4.8.1351.0    2010.10.21    -
Avast5    5.0.594.0    2010.10.21    -
AVG    9.0.0.851    2010.10.21    -
BitDefender    7.2    2010.10.21    -
CAT-QuickHeal    11.00    2010.10.21    -
ClamAV    0.96.2.0-git    2010.10.21    -
Comodo    6463    2010.10.21    -
DrWeb    5.0.2.03300    2010.10.21    -
Emsisoft    5.0.0.50    2010.10.21    -
eSafe    7.0.17.0    2010.10.20    -
eTrust-Vet    36.1.7924    2010.10.21    -
F-Prot    4.6.2.117    2010.10.20    -
F-Secure    9.0.16160.0    2010.10.21    -
Fortinet    4.2.249.0    2010.10.21    -
GData    21    2010.10.21    -
Ikarus    T3.1.1.90.0    2010.10.21    -
Jiangmin    13.0.900    2010.10.21    -
K7AntiVirus    9.66.2798    2010.10.20    -
Kaspersky    7.0.0.125    2010.10.21    -
McAfee    5.400.0.1158    2010.10.21    -
McAfee-GW-Edition    2010.1C    2010.10.21    -
Microsoft    1.6301    2010.10.21    -
NOD32    5550    2010.10.21    -
Norman    6.06.10    2010.10.21    -
nProtect    2010-10-21.01    2010.10.21    -
Panda    10.0.2.7    2010.10.21    -
PCTools    7.0.3.5    2010.10.21    -
Prevx    3.0    2010.10.21    -
Rising    22.70.02.05    2010.10.21    -
Sophos    4.58.0    2010.10.21    -
Sunbelt    7109    2010.10.21    -
SUPERAntiSpyware    4.40.0.1006    2010.10.21    -
Symantec    20101.2.0.161    2010.10.21    -
TheHacker    6.7.0.1.063    2010.10.20    -
TrendMicro    9.120.0.1004    2010.10.21    -
TrendMicro-HouseCall    9.120.0.1004    2010.10.21    -
VBA32    3.12.14.1    2010.10.21    -
ViRobot    2010.10.21.4104    2010.10.21    -
VirusBuster    12.69.9.0    2010.10.20    -
Additional information
Show all
MD5   : cf8424d9769581c43ca09f32ecadba5a
SHA1  : 59abde0f2b08463e5064edeaca5d9855469b7d4c
SHA256: 3301ddda2b6178f599fa380ead9ab82e283badb9436e3910de3a3d4036bc6de3
ssdeep: 3072:/XP+TFpo9Pi+K57mNN+q5Vb9yp7gkzoqLWt:+Fp6PGaR5VbK8rqLO
File size : 124556 bytes
First seen: 2010-10-15 12:47:00
Last seen : 2010-10-21 11:43:25
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

VT Community
         
Die Suche nach der Datei unter folgendem Pfad C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe
ergab keine Ergebnisse. ...aber ich glaube die wurde schonmal von Antivir entdeckt und gelöscht. Oder ist sie noch da?

Danke erstmal für die schnelle Reaktion!

Alt 21.10.2010, 13:21   #7
kira
/// Helfer-Team
 
fheydbueyj.exe im Autostart. Was ist das? - Standard

fheydbueyj.exe im Autostart. Was ist das?



Punkt 2. gemacht?:-> http://www.trojaner-board.de/91967-f...tml#post580137

Alt 21.10.2010, 13:27   #8
p3ng
 
fheydbueyj.exe im Autostart. Was ist das? - Standard

fheydbueyj.exe im Autostart. Was ist das?



versteckte Datein sichtbar machen...ja hab ich gemacht wie im Punkt 2. beschrieben war.
Ich hab ja die Datei mit dem CCleaner deaktiviert, kann das sein das die dadurch gelöscht ist?

Alt 22.10.2010, 11:05   #9
kira
/// Helfer-Team
 
fheydbueyj.exe im Autostart. Was ist das? - Standard

fheydbueyj.exe im Autostart. Was ist das?



1.
einfach löschen, danach den Papierkorb leeren:
Code:
ATTFilter
C:\fheydbueyj.exe
C:\WINDOWS\system32\lowsec
         
2.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Java aktualisieren `StartSystemsteuereungJavaAktualisierung...

3.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

4.
Lösche unter C:\rsit die log.txt und info.txt
Doppelklick auf die RSIT.exe
Poste beide Logfiles.

Alt 28.10.2010, 16:01   #10
p3ng
 
fheydbueyj.exe im Autostart. Was ist das? - Standard

fheydbueyj.exe im Autostart. Was ist das?



Hallo,
sorry das es so lange gedauert hat.
Also die Suche ergab folgendes:

info.txt
[CODE]info.txtRSIT Logfile:
Code:
ATTFilter
logfile of random's system information tool 1.08 2010-10-28 16:50:22

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3GP Media Player 1.0-->"D:\Programme\3GP Media Player\unins000.exe"
ACDSee Pro 2.5-->MsiExec.exe /I{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}
Ad-Aware-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 9.3.4 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->D:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner-->"D:\Programme\CCleaner\uninst.exe"
DivX Plus Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy Graphic Converter 1.2-->"D:\Easy Graphic Converter\unins000.exe"
Enterprise Dynamics Developer 8.0.0 1617-->"D:\Programme\Enterprise Dynamics 8 Developer\uninstall.exe"
forteManager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}\setup.exe" -l0x7  -removeonly
Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x7  -removeonly
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Graphviz-->MsiExec.exe /I{F5345C76-AC35-4EDA-8406-1346DE9BFDFA}
Hercules Deluxe Optical Glass-->C:\Programme\InstallShield Installation Information\{56298F72-C2CC-4FE5-ACEA-30C7A866BF4C}\setup.exe -runfromtemp -l0x0007 -removeonly
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"D:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
JDownloader-->D:\Programme\JDownloader\uninstall.exe
*********************
Macromedia Extension Manager-->MsiExec.exe /I{0F022A2E-7022-497D-90A5-0F46746D8275}
Malwarebytes' Anti-Malware-->"D:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme-->MsiExec.exe /X{90120000-00B2-0407-0000-0000000FF1CE}
********
********
********
mIRC-->"D:\Programme\Xperience-Irc\mirc.exe" -uninstall
Mozilla Firefox (3.6.11)-->D:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Mumble and Murmur-->D:\Programme\Mumble\Uninstall.exe
Nimo Codecs Pack v5.0 (Remove Only)-->"C:\Programme\NimoCodec Pack\uninstall.exe"
PDF24 Creator-->"D:\Programme\pdf24\unins000.exe"
PDF-XChange 3-->"C:\Programme\Mindjet\MindManager 8\PDF-XChange\unins000.exe"
Prism Video Converter-->C:\Programme\NCH Software\Prism\uninst.exe
************************
PunkBuster Services-->C:\WINDOWS\system32\pbsvc_heroes.exe -u
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7  -removeonly
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Programme\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spybot - Search & Destroy-->"D:\Programme\Spybot - Search & Destroy\unins000.exe"
taraVRbuilder 8.0 Demo-->MsiExec.exe /X{675BF0A6-E6E6-4316-8EC8-E88E592E46C4}
TeamSpeak 2 RC2-->D:\Programme\Teamspeak2_RC2\unins000.exe
UnderCoverXP 1.22-->"C:\Programme\UnderCoverXP\unins000.exe"
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Veetle TV 0.9.18-->D:\Programme\Veetle\UninstallVeetleTV.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.0.3-->D:\Programme\VideoLAN\VLC\uninstall.exe
Winamp-->"D:\Programme\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->D:\Programme\WinRAR\uninstall.exe
xp-AntiSpy 3.97-->C:\Programme\xp-AntiSpy\Uninstall.exe

======Hosts File======

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\Graphviz2.22\bin;D:\Programme\proeWildfire 4.0\bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
         
--- --- ---

log.txt
RSIT Logfile:
Code:
ATTFilter
Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-10-28 16:50:09
WIN_XP Service Pack 3
System drive C: has 312 MB (4%) free of 7 GB
Total RAM: 3582 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:50:21, on 28.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\Avira\AntiVir Desktop\sched.exe
D:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\logs\RSIT.exe
C:\Programme\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1085031214-73586283-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/ADMINI~1/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 6206 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"avgnt"=D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=D:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2]
D:\Programme\Hercules\Deluxe Optical Glass\Camservice.exe [2007-08-10 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fheydbueyj.exe]
C:\fheydbueyj.exe\fheydbueyj.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2004-04-13 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YVIBBBHA8C]
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^forteManager.lnk]
C:\PROGRA~1\LGSOFT~1\FORTEM~1\bin\Monitor.exe [2008-12-12 1687552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
D:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsNetHood"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Programme\ICQ6\ICQ.exe"="D:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ Library"
"D:\SIERRA\Steam\steamapps\cagiva82\counter-strike source\hl2.exe"="D:\SIERRA\Steam\steamapps\cagiva82\counter-strike source\hl2.exe:*:Enabled:hl2"
"D:\Programme\SFT Loader\leecher.exe"="D:\Programme\SFT Loader\leecher.exe:*:Enabled:leecher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Programme\ICQ6.5\ICQ.exe"="D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\SIERRA\Steam\steamapps\master.nito@gmx.de\counter-strike\hl.exe"="D:\SIERRA\Steam\steamapps\master.nito@gmx.de\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"D:\Programme\Skype\Phone\Skype.exe"="D:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit - "D:\Programme\*********" "%1"

======List of files/folders created in the last 1 months======

2010-10-22 15:31:19 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2010-10-22 15:31:11 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-10-22 15:31:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-10-22 15:31:07 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-10-22 15:30:17 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
2010-10-22 15:30:16 ----D---- C:\Programme\Gemeinsame Dateien\Java
2010-10-22 15:30:06 ----A---- C:\WINDOWS\system32\javaws.exe
2010-10-22 15:30:06 ----A---- C:\WINDOWS\system32\javaw.exe
2010-10-22 15:30:06 ----A---- C:\WINDOWS\system32\java.exe
2010-10-22 15:30:06 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-10-18 20:04:36 ----D---- C:\Programme\trend micro
2010-10-18 20:04:35 ----D---- C:\rsit
2010-10-15 22:33:10 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech

======List of files/folders modified in the last 1 months======

2010-10-28 16:50:17 ----D---- C:\WINDOWS\Prefetch
2010-10-28 16:12:04 ----SD---- C:\WINDOWS\Tasks
2010-10-28 16:10:26 ----D---- C:\WINDOWS\Temp
2010-10-28 16:10:22 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-28 16:09:20 ----D---- C:\WINDOWS\system32\drivers
2010-10-28 16:09:20 ----D---- C:\WINDOWS\system32
2010-10-28 16:08:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-28 02:16:00 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ
2010-10-28 01:52:22 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2010-10-28 01:41:30 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
2010-10-25 00:37:52 ----D---- C:\WINDOWS
2010-10-24 01:31:00 ----SHD---- C:\WINDOWS\Installer
2010-10-22 15:30:17 ----SHD---- C:\Config.Msi
2010-10-22 15:30:16 ----D---- C:\Programme\Gemeinsame Dateien
2010-10-22 15:30:04 ----D---- C:\Programme\Java
2010-10-19 12:09:52 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2010-10-19 12:08:36 ----D---- C:\Programme\NCH Software
2010-10-19 12:08:01 ----RD---- C:\Programme
2010-10-19 11:50:53 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\LumaPix
2010-10-18 20:06:42 ----D---- C:\Programme\Lavasoft
2010-10-16 21:23:26 ----D---- C:\WINDOWS\security
2010-10-16 21:17:01 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-02-16 44928]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-06-11 64288]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-04-28 721904]
R1 avgio;avgio; \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 fupkkzul;fupkkzul; C:\WINDOWS\system32\drivers\fupkkzul.sys []
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 aosbizcf;aosbizcf; C:\WINDOWS\system32\drivers\aosbizcf.sys []
S3 camfilt2;camfilt2; C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 94720]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scannerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 LGDDCDevice;LGDDCDevice; \??\C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys []
S3 LGII2CDevice;LGII2CDevice; \??\C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNPSTD3;Hercules Deluxe Optical Glass; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-07-17 10371072]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-06-29 1352832]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-04 75064]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe /svc []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office  Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-11-11 38912]

-----------------EOF-----------------
         
--- --- ---

und vom scan die logdatei:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4974

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28.10.2010 16:05:27
mbam-log-2010-10-28 (16-05-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 357242
Laufzeit: 1 Stunde(n), 38 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\0.40163477446917484.exe (Spyware.Passwords.XGen) -> No action taken.
D:\Programme\Mozilla Firefox\plugins\alhlp.exe (Trojan.AntiLeechPlugin) -> No action taken.
D:\Programme\Mozilla Firefox\plugins\npalnn.dll (Trojan.AntiLeechPlugin) -> No action taken.
D:\Programme\Anti-Leech\ALNN\alhlp.exe (Trojan.AntiLeechPlugin) -> No action taken.
D:\Programme\Anti-Leech\ALNN\npalnn.dll (Trojan.AntiLeechPlugin) -> No action taken.
D:\Programme\Anti-Leech\ALNN\setup2.exe (Rogue.Installer) -> No action taken.
D:\Programme\Aoe2\sxuninst.exe (Backdoor.Bot) -> No action taken.
         
Danke für deine Hilfe!

Alt 29.10.2010, 05:30   #11
kira
/// Helfer-Team
 
fheydbueyj.exe im Autostart. Was ist das? - Standard

fheydbueyj.exe im Autostart. Was ist das?



Systemreinigung und Prüfung:

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
ATTFilter
O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/ADMINI~1/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg
         
oder - So bekommst du den Eintrag weg: Start => Systemsteuerung => Anzeige => Desktop => Desktop anpassen => den Reiter Web wählen => hier siehst Du nun eine Liste der Active Desktop Komponenten => selektiere die Komponente, die Du entfernen willst => rechts dann auf löschen klicken => OK => Fenster schließen => übernehmen => OK"

2.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Java aktualisieren `StartSystemsteuereungJavaAktualisierung...
danach deinstalliere:
`Systemsteuerung → Software → Ändern/Entfernen...`
Code:
ATTFilter
Java(TM) 6 Update 11
         
3.
den Java-Cache leeren - wie unter Punkt 7. u. 8. beschrieben *klick
über Systemsteuerung -> Java...

4.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind, nicht löschbar.
**Lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
  • `Start → ausführen` "cleanmgr" reinschreiben (ohne "") → "ok" - die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) müssen geleert werden→ "Ok"
  • `Start → ausführen` → %temp% reinschreiben (ohne "")→ "Ok" - - Ordnerinhalt überall markieren und löschen
  • für jedes Benutzerkonto bitte durchführen
  • anschließend den Papierkorb leeren

5.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

6.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Also alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.
Außerdem kann man die Autostarteigenschaft auch ausschalten:
Windows-Sicherheit: Datenträger-Autorun deaktivieren- bebilderte Anleitung v.Leonidas/3dcenter.org
Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten/wintotal.de
→ Diese Silly -Beschreibung stützt die Annahme, dass er über einen USB-Stick kam. Die Ursache ist durch formatieren des Sticks aus der Welt geschafft, Du solltest darauf achten, dass dort keine Datei autorun.inf wieder auftaucht und etwas wählerisch sein, wo Du deinen Stick reinsteckst.
Achtung!:
>>Du sollst das Programm nicht installieren, sondern dein System nur online scannen<<
→ Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner/klicke hier
→ um mit dem Vorgang fortzufahren klicke auf "Accept"
→ dann wähle "My computer" aus - Es dauert einige Zeit, bis ein Komplett-Scan durch gelaufen ist, also bitte um Geduld!
Es kann einige Zeit dauern, bis der Scan abgeschlossen ist - je nach Größe der Festplatte eine oder mehrere Stunden - also Geduld...
→ Report angezeigt, klicke auf "Save as" - den bitte kopieren und in deinem Thread hier einfügen
Vor dem Scan Einstellungen im Internet Explorer:
→ "Extras→ InternetoptionenSicherheit":
→ alles auf Standardstufe stellen
Active X erlauben - damit die neue Virendefinitionen installiert werden können

** Hat Dein Rechner noch Probleme?

Antwort

Themen zu fheydbueyj.exe im Autostart. Was ist das?
angucken, autostart, datei, erklären, fheydbueyj.exe, frage, fragen, gefunde, gucken, malware, nichts




Ähnliche Themen: fheydbueyj.exe im Autostart. Was ist das?


  1. Anwendung in den Autostart
    Alles rund um Mac OSX & Linux - 03.04.2014 (12)
  2. tbhcn.exe im Autostart
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (13)
  3. tcbhn im Autostart!
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (58)
  4. runcft.ink im Autostart
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (33)
  5. syspck32 im Autostart
    Plagegeister aller Art und deren Bekämpfung - 01.04.2010 (1)
  6. netuza32.exe in Autostart
    Plagegeister aller Art und deren Bekämpfung - 10.02.2010 (2)
  7. Autostart von eleet
    Plagegeister aller Art und deren Bekämpfung - 15.08.2009 (0)
  8. Autostart abstellen
    Alles rund um Windows - 12.03.2009 (8)
  9. Spyware im Autostart
    Plagegeister aller Art und deren Bekämpfung - 07.09.2008 (1)
  10. svchost.exe im autostart
    Plagegeister aller Art und deren Bekämpfung - 13.05.2007 (1)
  11. Winfixer2005ScannerInstallDE im Autostart
    Log-Analyse und Auswertung - 01.02.2007 (6)
  12. Kein Autostart
    Log-Analyse und Auswertung - 09.01.2007 (5)
  13. Systemkonfiguration und Autostart
    Alles rund um Windows - 06.08.2006 (2)
  14. Trojaner (?) im Autostart!!
    Plagegeister aller Art und deren Bekämpfung - 08.06.2006 (20)
  15. CD/DVD-Autostart abschalten?
    Alles rund um Windows - 27.04.2006 (4)
  16. Autostart geändert?
    Log-Analyse und Auswertung - 23.12.2005 (2)
  17. Autostart Ereignisse;
    Mülltonne - 10.09.2005 (1)

Zum Thema fheydbueyj.exe im Autostart. Was ist das? - Hallo, wollte mal fragen ob sich mal jemand meinen Autostart angucken kann und mir sagen kann, was dort rein gehört und was nicht! Diese Datei: fheydbueyj.exe kann ich mir jedenfalls - fheydbueyj.exe im Autostart. Was ist das?...
Archiv
Du betrachtest: fheydbueyj.exe im Autostart. Was ist das? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.