Umleitung auf windowsclick.com , Programme funktionieren nicht etc.

Michi86 · 22.08.2009, 14:26

RSIT log.txt Teil 1

Zitat:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ich at 2009-08-22 15:22:19
WIN_XP Service Pack 2
System drive C: has 132 GB (55%) free of 238 GB
Total RAM: 1023 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:22:22, on 22.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\DU Meter\DUMeterSvc.exe
c:\programme\dvrmstoolbox\dvrmsfilewatcherservice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\TweakMASTER\TMTray.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programme\phonostar\ps_timer.exe
C:\Programme\nobox.de\HS WinPerfect\WinPerfect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Orbitdownloader\orbitdm.exe
C:\Programme\OpenOffice.org 3\program\soffice.exe
C:\Programme\OpenOffice.org 3\program\soffice.bin
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ehome\EHTray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programme\PokerStars\PokerStars.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\trend micro\Ich.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\Programme\TweakMASTER\TweakBHO.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: TBSB03968 - {AA61DE26-FA67-4575-9033-918671094293} - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Toolbar fuer eBay - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TweakMASTER] "C:\Programme\TweakMASTER\TMTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] REM C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [WinPerfectAutoRun] C:\Programme\nobox.de\HS WinPerfect\WinPerfect.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStart-Manager 2006] "C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe" /AUTOSTART
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [WinPerfectAutoRun] C:\Programme\nobox.de\HS WinPerfect\WinPerfect.exe -boot (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [AutoStart-Manager 2006] "C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe" /AUTOSTART (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-776561741-1425521274-725345543-1004 Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe (User '?')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Hama Wireless LAN Utility.lnk = C:\Programme\Hama\Common\RaUI.exe
O4 - Global Startup: Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Zu &LinkFox hinzufügen - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: TestPokerStars.com - {809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - C:\Programme\PokerStars.TEST\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: nnnopOhi - nnnopOhi.dll (file missing)
O20 - Winlogon Notify: urqQjiGY - urqQjiGY.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Programme\DU Meter\DUMeterSvc.exe
O23 - Service: DVRMSFileWatcherService - - c:\programme\dvrmstoolbox\dvrmsfilewatcherservice.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate1c92d5b88e0307c) (gupdate1c92d5b88e0307c) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Programme\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\test.com\HIDEC.exe" "C:\test.com\SWREG.EXE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 13172 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Programme\Orbitdownloader\orbitcth.dll [2008-12-19 134344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll [2009-01-22 68936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programme\AVG\AVG8\avgssie.dll [2009-08-21 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C}]
TweakMASTER PRO Component - C:\Programme\TweakMASTER\TweakBHO.dll [2008-05-18 133184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}]
TBSB03968 Class - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll [2008-08-14 2484224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-02-19 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll [2009-07-17 2097152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-01-22 211272]
{000E148C-F7A7-445A-9044-93BF6CE09ECB} - Toolbar fuer eBay - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll [2008-08-14 2484224]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]
"nwiz"=nwiz.exe /install []
"TweakMASTER"=C:\Programme\TweakMASTER\TMTray.exe [2008-05-18 610368]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-01 7311360]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2008-11-20 290088]
"FreePDF Assistant"=REM C:\Programme\FreePDF_XP\fpassist.exe []
"UnlockerAssistant"=C:\Programme\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-21 2007832]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-10 160768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"PhonostarTimer"=C:\Programme\phonostar\ps_timer.exe [2009-05-13 126976]
"WinPerfectAutoRun"=C:\Programme\nobox.de\HS WinPerfect\WinPerfect.exe [2007-09-28 3732992]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"AutoStart-Manager 2006"=C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe [2005-12-23 397312]
"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"SUPERAntiSpyware"=C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UserAccess7"=2

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Hama Wireless LAN Utility.lnk - C:\Programme\Hama\Common\RaUI.exe
Orbit.lnk - C:\Programme\Orbitdownloader\orbitdm.exe

C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart
OpenOffice.org 3.1.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-21 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
avldr.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnopOhi]
nnnopOhi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqQjiGY]
urqQjiGY.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ljJBrstU
"notification packages"=scecli
C:\WINDOWS\system32\kusewovi.dll
C:\WINDOWS\system32\wudepuve.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

Michi86 · 22.08.2009, 14:32

Log Teil 2

Zitat:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Dokumente und Einstellungen\Ich\Desktop\freezer.exe"="C:\Dokumente und Einstellungen\Ich\Desktop\freezer.exe:*:Enabled:freezer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\Orbitdownloader\orbitnet.exe"="C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"
"C:\Programme\Azureus\Azureus.exe"="C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*

isabled:Firefox"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe"="C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Programme\Spotify\spotify.exe"="C:\Programme\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Programme\AVG\AVG8\avgemc.exe"="C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programme\AVG\AVG8\avgupd.exe"="C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programme\AVG\AVG8\avgnsx.exe"="C:\Programme\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Programme\SoulseekNS\slsk.exe"="C:\Programme\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-08-21 20:43:23 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\SUPERAntiSpyware.com
2009-08-21 20:24:34 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Malwarebytes
2009-08-21 17:03:33 ----D---- C:\Programme\Sophos
2009-08-21 16:54:56 ----SD---- C:\cofi
2009-08-21 16:54:54 ----A---- C:\WINDOWS\system32\CF10293.exe
2009-08-21 16:46:34 ----A---- C:\WINDOWS\RGI1.tmp
2009-08-21 15:30:43 ----A---- C:\WINDOWS\system32\CF26563.exe
2009-08-21 15:03:50 ----A---- C:\WINDOWS\system32\CF21292.exe
2009-08-21 14:56:43 ----A---- C:\Boot.bak
2009-08-21 14:56:28 ----RASHD---- C:\cmdcons
2009-08-21 14:54:29 ----D---- C:\WINDOWS\ERDNT
2009-08-21 14:54:27 ----A---- C:\WINDOWS\system32\CF19447.exe
2009-08-19 21:31:29 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-08-19 21:31:29 ----A---- C:\WINDOWS\gmer.dll
2009-08-19 21:31:28 ----A---- C:\WINDOWS\gmer.exe
2009-08-19 19:48:23 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-08-19 19:48:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-08-19 19:08:56 ----D---- C:\Programme\Mozilla Firefox
2009-08-18 20:33:48 ----D---- C:\Programme\trend micro
2009-08-18 20:33:47 ----D---- C:\rsit
2009-08-18 20:24:20 ----D---- C:\Programme\CCleaner
2009-08-17 22:54:45 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-14 13:35:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-14 13:35:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-14 13:34:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-14 13:34:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-14 13:34:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-14 13:34:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-14 13:34:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-14 13:29:48 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-14 13:29:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-14 13:29:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-14 13:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-08-10 11:28:10 ----A---- C:\WINDOWS\system32\xa.tmp
2009-08-08 00:59:05 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\OpenOffice.org
2009-08-07 23:38:27 ----D---- C:\Programme\OpenOffice.org 3
2009-08-07 23:24:58 ----D---- C:\Programme\MSECache
2009-08-05 20:34:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Soulseek
2009-08-05 20:34:11 ----D---- C:\Programme\SoulseekNS
2009-08-03 12:20:27 ----A---- C:\WINDOWS\system32\MRT.INI
2009-08-01 21:03:24 ----SHD---- C:\found.000
2009-07-23 10:36:01 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Uniblue

======List of files/folders modified in the last 1 months======

2009-08-22 15:20:20 ----D---- C:\WINDOWS\Prefetch
2009-08-22 15:11:49 ----D---- C:\WINDOWS
2009-08-22 15:11:43 ----D---- C:\WINDOWS\system32
2009-08-22 14:54:49 ----D---- C:\Programme\PokerStars
2009-08-22 14:52:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-22 14:51:43 ----D---- C:\WINDOWS\Temp
2009-08-22 14:49:30 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Orbit
2009-08-22 14:48:25 ----D---- C:\WINDOWS\Registration
2009-08-22 01:59:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-22 01:57:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
2009-08-22 01:32:11 ----RD---- C:\Programme
2009-08-22 01:00:02 ----D---- C:\Programme\ANSTOSS 3
2009-08-21 23:35:52 ----AD---- C:\Downloads
2009-08-21 23:25:58 ----HD---- C:\$AVG8.VAULT$
2009-08-21 20:43:28 ----SHD---- C:\WINDOWS\Installer
2009-08-21 20:43:28 ----D---- C:\Config.Msi
2009-08-21 20:43:26 ----D---- C:\Programme\SUPERAntiSpyware
2009-08-21 20:43:10 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-08-21 16:47:23 ----SD---- C:\WINDOWS\Tasks
2009-08-21 16:47:23 ----D---- C:\WINDOWS\system32\drivers
2009-08-21 14:56:43 ----RASH---- C:\boot.ini
2009-08-21 14:49:50 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-08-18 21:14:52 ----HD---- C:\WINDOWS\inf
2009-08-18 20:27:00 ----D---- C:\WINDOWS\Debug
2009-08-18 00:10:15 ----A---- C:\WINDOWS\win.ini
2009-08-18 00:10:15 ----A---- C:\WINDOWS\system.ini
2009-08-17 22:54:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-17 21:46:30 ----D---- C:\Programme\Gemeinsame Dateien
2009-08-15 23:32:11 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-15 23:16:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-14 13:37:33 ----D---- C:\WINDOWS\system32\Setup
2009-08-14 13:34:30 ----D---- C:\Programme\Outlook Express
2009-08-11 18:57:20 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Move Networks
2009-08-10 11:40:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
2009-08-08 15:28:23 ----D---- C:\Programme\Azureus
2009-08-08 15:28:20 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Azureus
2009-08-07 23:40:48 ----RSD---- C:\WINDOWS\assembly
2009-08-07 23:39:21 ----RSD---- C:\WINDOWS\Fonts
2009-08-07 23:38:02 ----D---- C:\Programme\OpenOffice.org 2.4
2009-08-07 23:21:27 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\OpenOffice.org2
2009-08-06 16:39:36 ----D---- C:\Programme\Replay Media Catcher
2009-08-06 16:33:10 ----A---- C:\WINDOWS\system32\rmc_fixasf.exe
2009-08-06 16:33:06 ----A---- C:\WINDOWS\system32\rmc_rtspdl.dll
2009-08-06 16:33:05 ----A---- C:\WINDOWS\system32\AUDIOGENIE2.DLL
2009-08-05 11:05:18 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 17:01:19 ----A---- C:\WINDOWS\system32\lsprst7.dll
2009-08-03 17:01:14 ----D---- C:\Programme\SPSS Evaluation
2009-08-03 17:01:10 ----A---- C:\WINDOWS\system32\ssprs.dll
2009-08-03 12:21:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-03 12:21:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-03 12:20:54 ----D---- C:\WINDOWS\system32\de-de
2009-08-03 12:20:54 ----D---- C:\Programme\Internet Explorer
2009-08-03 12:20:30 ----D---- C:\WINDOWS\WinSxS
2009-08-03 12:16:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-08-02 13:09:49 ----D---- C:\Programme\Google
2009-08-02 13:08:53 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-01 22:05:43 ----D---- C:\WINDOWS\system32\config
2009-08-01 22:04:42 ----D---- C:\Programme\Unlocker
2009-08-01 22:04:39 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Adobe
2009-08-01 22:00:34 ----D---- C:\Programme\LimeWire
2009-08-01 22:00:26 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\LimeWire
2009-08-01 21:16:25 ----D---- C:\Dokumente und Einstellungen
2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-21 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-21 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-23 108552]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-10 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-04 20747]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 141582]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 16496]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-01-24 666368]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-10-13 4022528]
R3 AmdTools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 31744]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2006-10-02 126864]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-10 9600]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-01 3535424]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]
R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]
R3 SASENUM;SASENUM; \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-10 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-10 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-10 17024]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]
S2 mtviaxz;mtviaxz; C:\WINDOWS\system32\drivers\hucl.sys []
S2 qkkewwvh;qkkewwvh; C:\WINDOWS\system32\drivers\rynzgk.sys []
S3 catchme;catchme; \??\C:\DOKUME~1\Ich\LOKALE~1\Temp\catchme.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-08-19 85969]
S3 HidIr;Microsoft Infrarot-HID-Treiber; C:\WINDOWS\system32\DRIVERS\hidir.sys [2004-08-10 15104]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2004-08-10 46208]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\3.tmp []
S3 MHNDRV;MHN-Treiber; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-10 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-10 10880]
S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-10 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-06-21 42512]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-10 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-10 15360]
S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2009-03-21 27136]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-21 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-21 297752]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ClipInc001;ClipInc 001; C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe [2008-11-28 2195720]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2006-11-10 1504304]
R2 DUMeterSvc;DU Meter Service; C:\Programme\DU Meter\DUMeterSvc.exe [2008-05-18 1388592]
R2 DVRMSFileWatcherService;DVRMSFileWatcherService; c:\programme\dvrmstoolbox\dvrmsfilewatcherservice.exe [2006-03-18 32768]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center-Planerdienst; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-02-19 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-01 131139]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 gupdate1c92d5b88e0307c;Google Update Service (gupdate1c92d5b88e0307c); C:\Programme\Google\Update\GoogleUpdate.exe [2008-10-13 133104]
S2 PEVSystemStart;PEVSystemStart; cmd /k start /i /dC: C:\test.com\HIDEC.exe C:\test.com\SWREG.EXE ACL HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep /RESET /Q []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Programme\Hotspot Shield\bin\HssTrayService.EXE []
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programme\WinPcap\rpcapd.exe [2007-06-21 92792]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-12 355584]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe []

-----------------EOF-----------------

Michi86 · 22.08.2009, 14:38

RSIT Info Teil 1

Zitat:

info.txt logfile of random's system information tool 1.06 2009-08-22 15:22:24

======Uninstall list======

-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Programme\7-Zip\Uninstall.exe"
ActionPoker.com-->C:\Programme\Action Poker\uninst.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70800000002}
All2WAV Recorder 3.20-->"C:\Programme\All2WAV Recorder\unins000.exe"
AMD Dual-Core Optimizer-->MsiExec.exe /X{886C92E6-4AF1-4290-BB86-4B5064A1BB7D}
AmoK DelayDel 1.2-->C:\Programme\AmoK\AmoK DelayDel\uninst.exe
ANSTOSS 3-->"C:\Programme\ANSTOSS 3\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Programme\FLV Player\Uninstall\uninstall.xml"
Ashampoo WinOptimizer 2008-->"C:\Programme\Ashampoo\Ashampoo WinOptimizer 2008\Uninstall\1806_Uninstall.exe"
Audacity 1.2.6-->"C:\Programme\Audacity\unins000.exe"
Audio Recorder for Free-->C:\PROGRA~1\AUDIOR~2\UNWISE.EXE C:\PROGRA~1\AUDIOR~2\INSTALL.LOG
Audio Recorder Pro 3.70-->"C:\Programme\Audio Recorder Pro\unins000.exe"
Audiograbber 1.83 SE -->"C:\Programme\Audiograbber\Uninstall.exe"
AudioRecorder-->C:\AudioSuite\AudioRecorder\UninstalAR.exe
Autostart-Manager 2006-->MsiExec.exe /I{3B11379A-9196-4228-981A-BB255E13109E}
AVG Free 8.5-->C:\Programme\AVG\AVG8\setup.exe /UNINSTALL
AVS Video Converter 6-->"C:\Programme\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Programme\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Azureus-->C:\Programme\Azureus\Uninstall.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Bounci Madness 2.0-->C:\Programme\Bounci Madness\Uninstal.exe
Broken Sword 2.5-->"C:\Programme\Broken Sword 2.5\unins000.exe"
Camtasia Studio 5-->MsiExec.exe /I{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Programme\CDex_170b2\uninstall.exe"
CheckerBoard 1.65-->"C:\Programme\CheckerBoard\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cisco Systems VPN Client 4.8.02.0010-->MsiExec.exe /X{176130BC-99A1-41FE-A78B-56045E33AD70}
Crashday-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9C27ADE1-EAFB-4BB7-9FE3-5DD9BA9A3DD2}\setup.exe" -l0x7 -removeonly
Crashday-demo-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{66A0EFCD-EF56-4F16-8B04-A1BE121099BD}\setup.exe" -l0x7 -removeonly
dCut-->MsiExec.exe /I{885EE19A-486C-4A85-BA1B-19D719C72798}
DH Driver Cleaner Professional Edition-->C:\Programme\Driver Cleaner Pro\Uninstall.exe
Digital Media Converter 2.7-->"C:\Programme\Deskshare\Digital Media Converter\unins000.exe"
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Updater Pro-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}\DriverUpdaterPro.exe" REMOVE=TRUE MODIFY=FALSE
Driver Updater Pro-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}\DriverUpdaterPro.exe
DVD Flick-->"C:\Programme\DVD Flick\unins000.exe"
DVRMSToolbox-->MsiExec.exe /I{19C17C44-FA53-4873-A83E-434AC61028DF}
Easy Website Pro 3-->C:\Programme\PhotonFX\Easy Website Pro 3\Uninstall.exe
EasyCleaner-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
Echospin Delivery Wizard-->RunDll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\esProxy.inf,DefaultUninstall
eMule-->"C:\Programme\eMule\Uninstall.exe"
Firebird SQL Server - MAGIX Edition-->C:\Programme\MAGIX\Common\Database\unwise.exe
FlatOut2-->MsiExec.exe /I{7E641E46-81DB-4D1D-906A-48342523051C}
Floses Spielesammlung 1.3.1-->"C:\Programme\Flo & Seb Engineering\Floses Spielesammlung\unins000.exe"
Flv Audio Extractor 1.04-->"C:\Programme\Flv Audio Extractor\unins000.exe"
FlvRecorder-->"C:\Programme\FlvRecorder\unins000.exe"
Free FLV to MP3 Converter-->"C:\Programme\Topsevenreviews\Free FLV to MP3 Converter\unins000.exe"
Free M4a to MP3 Converter 6.0-->"C:\Programme\Free M4a to MP3 Converter\unins000.exe"
Free Video to Flash Converter version 4.1-->"C:\Programme\DVDVideoSoft\Free Video to Flash Converter\unins000.exe"
FreePDF XP (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r
GetASFStream-->"C:\Program Files\GetASFStream\epuninst.exe" /s
Google Gears-->MsiExec.exe /I{F724042F-367A-3B58-9BE3-8EF7A6F058D6}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPL Ghostscript 8.63-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.63\uninstal.txt"
Grand Theft Auto San Andreas-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{086BADF8-9B1F-4E89-B207-2EDA520972D6}\setup.exe" -l0x7 -removeonly
GTA2-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9
GTR 2 Demo-->"C:\GTR2Demo\Support\unins000.exe"
Hama Wireless LAN Adapter-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x7 -removeonly
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HS WinPerfect-->"C:\Programme\nobox.de\HS WinPerfect\unins000.exe"
ICQ Toolbar-->C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
iMesh-->C:\Programme\iMesh Applications\iMesh\UninstallSurvey.exe C:\Programme\iMesh Applications\iMesh\UnwiseLauncher.exe /A C:\PROGRA~1\IMESHA~1\iMesh\INSTALL.LOG
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Jagged Alliance 2 Wildfire-->C:\PROGRA~1\Zuxxez\JAGGED~1\UNWISE.EXE C:\PROGRA~1\Zuxxez\JAGGED~1\INSTALL.LOG
JAP-->C:\Programme\JAP\uninstall.exe
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Jing-->MsiExec.exe /I{AAF817C5-9B99-4025-A5C1-8D0DB5717F2C}
Just Cause 1.00.0000-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}\setup.exe" -l0x7 -removeonly
Just Cause Demo 1.00.0000-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E766BDE2-A6DF-4066-B495-2B7BDFF01BB0}\setup.exe" -l0x7 -removeonly
MAGIX Music Maker 2008 Producer Edition Trial 13.0.1.11 (D)-->C:\Programme\MAGIX\MusicMaker2008PEDownloadVersion\unwise.exe
MAGIX Screenshare 4.3.6.1987 (D)-->C:\Programme\MAGIX\PCVisit\unwise.exe
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Mercenaries 2: World in Flames™ (DEMO)-->MsiExec.exe /X{8D07389B-2C9D-4B9B-BC6A-85BAD8A848A6}
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 German Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 German Language Pack\setup.exe
Microsoft .NET Framework 3.0 German Language Pack-->MsiExec.exe /X{F2A7F421-1679-48D5-B918-96999014ED53}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Moorhuhn Tennis-->C:\PHENOM~1\MOORHU~1\UNWISE.EXE C:\PHENOM~1\MOORHU~1\INSTALL.LOG
Mozilla Firefox (3.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MP3 Recorder Studio 5.9-->"C:\Programme\MP3 Recorder Studio\unins000.exe"
Mpeg2Decoder 1.3-->"C:\Programme\Mpeg2Decoder\unins000.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero Suite-->C:\Programme\Gemeinsame Dateien\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Network Stumbler 0.4.0 (remove only)-->"C:\Programme\Network Stumbler\uninst.exe"
Neverball 1.5.0-->C:\Programme\Neverball\uninstall.exe
OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}
Orbit Downloader-->"C:\Programme\Orbitdownloader\unins000.exe"
phonostar-Player Version 2.01.4-->"C:\Programme\phonostar\unins000.exe"
PicaLoader 1.7.1-->C:\Programme\PicaLoader\uninst.exe
Picture Ripper 4-->"C:\Programme\Picture Ripper 4\unins000.exe"
PokerStars-->"C:\Programme\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Red Kings Poker (remove only)-->"C:\Programme\Red Kings Poker\uninstall.exe"
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
RemoveIT Pro v4 - SE-->C:\PROGRA~1\INCODE~1\REMOVE~2\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~2\INSTALL.LOG
RemoveIT Pro v7 (Trial)-->C:\PROGRA~1\INCODE~1\REMOVE~1\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~1\INSTALL.LOG
Replay Media Catcher 3.0-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Replay Media Catcher\Uninstall\uninstall.xml"
Replay Media Catcher 3.01-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Programme\Replay Media Catcher\Uninstall\uninstall.xml"
Replay Media Catcher 3.02-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Programme\Replay Media Catcher\Uninstall\uninstall.xml"
Replay Media Catcher-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Programme\Replay Media Catcher\Uninstall\uninstall.xml"
RichFLV-->msiexec /qb /x {B09501E3-A67A-83C9-6678-59FF8C510822}
RichFLV-->MsiExec.exe /I{B09501E3-A67A-83C9-6678-59FF8C510822}
SA25x0 & SA26x0 Device Manager-->C:\Programme\InstallShield Installation Information\{0AD8AA88-0DE9-4065-A35E-529EB576A507}\setup.exe -runfromtemp -l0x0007 -removeonly
Security Task Manager 1.7g-->C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sharpshooter's Miniature Golf Version 4.285-->"C:\Programme\Sharpshooter's Miniature Golf\unins000.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Michi86 · 22.08.2009, 14:39

Info Teil 2

Zitat:

SiteUnseen-->C:\WINDOWS\ST5UNST.EXE -n "C:\Programme\Itc\SiteUnseen\ST5UNST.LOG"
Snagit 9.1.1-->MsiExec.exe /I{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}
Sophos Anti-Rootkit 1.5.0-->C:\Programme\Sophos\Sophos Anti-Rootkit\helper.exe remove
Spotify-->"C:\Programme\Spotify\uninstall.exe"
SPSS 15.0 for Windows Evaluation Version-->MsiExec.exe /X{EE48D800-A3B5-43E3-B846-1CC556B8170D}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
TestPokerStars.com-->"C:\Programme\PokerStars.TEST\PokerStarsUninstall.exe" /u:TestPokerStars.com
Texas Hold'em Poker 7.1-->"C:\Programme\Texas Hold'em Poker\unins000.exe"
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
Thief - Deadly Shadows Demo-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EB3CEC18-A1C4-4909-8FE2-0C30D7A07E32}\setup.exe" -l0x9
Thief - Deadly Shadows-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FC123EEA-330A-4685-911C-95B8F5E9DE68}\Setup.exe" -l0x7
Toolbar fuer eBay-->regsvr32 /u /s "C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
TweakMASTER-->"C:\Programme\TweakMASTER\unins000.exe"
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Unlocker 1.8.7-->C:\Programme\Unlocker\uninst.exe
Update für Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Service-->C:\Programme\Sony Ericsson\Update Service\uninst.exe
URL Snooper v2.20.02-->"C:\Programme\URLSnooper2\unins000.exe"
VideoLAN VLC media player 0.8.6f-->C:\Programme\VideoLAN\VLC\uninstall.exe
VideoReDo/Plus Version 2.5.6.512-->"C:\Programme\VideoReDoPlus\unins000.exe"
WDR RadioRecorder-->C:\WINDOWS\CISUnins.exe "C:\Programme\Tobit ClipInc\Server\CISUnins.inf"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation Language Pack (DEU)-->MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation DE Language Pack-->MsiExec.exe /I{7228FD8C-3B9E-4204-AE36-8A466107685B}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Media Center Edition 2005 KB911061-->"C:\WINDOWS\$NtUninstallKB911061$\spuninst\spuninst.exe"
Windows-Treiberpaket - NVIDIA System (05/13/2005 4.5.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\setup.exe /u C:\WINDOWS\system32\DRVSTORE\nvsmbus_992BFDA203C1E2C6050C2ACFF181F8A0FA4EC0E6\nvsmbus.inf
Windows-Treiberpaket - NVIDIA System (05/13/2005 5.1.2600.0450)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\setup.exe /u C:\WINDOWS\system32\DRVSTORE\nf4sys_AA3A6883400D458FDC96850CCDF36EFE3227810D\nf4sys.inf
WinPcap 4.1 beta-->C:\Programme\WinPcap\uninstall.exe
WinRAR-->C:\Programme\WinRAR\uninstall.exe
XMedia Recode 2.0.5.6-->C:\Programme\XMedia Recode\uninst.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
xp-AntiSpy 3.96-8-->C:\Programme\xp-AntiSpy\Uninstall.exe
XP-Clean Express-->MsiExec.exe /I{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}
Zattoo 3.2.4 Beta-->C:\Programme\Zattoo\uninst.exe

=====HijackThis Backups=====

O15 - Trusted Zone: *.gomyhit.com [2009-08-21]
O15 - Trusted Zone: *.antimalwareguard.com [2009-08-21]
O15 - Trusted Zone: *.gomyhit.com (HKLM) [2009-08-21]
O15 - Trusted Zone: *.antimalwareguard.com (HKLM) [2009-08-21]

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Michi86 · 22.08.2009, 15:08

Log Teil 2

Zitat:

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-22 15:53
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
"ImagePath"="c:\programme\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-776561741-1425521274-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E19043D-8262-49FD-1693-E4BFF59BC257}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:54,80,9a,3d,a4,08,b9,08,28,f7,81,42,0d,a1,52,f6,bf,ed,00,87,62,67,6b,
09,63,c5,22,60,6f,1e,89,34,40,5e,a9,96,d2,79,bf,76,80,32,ef,7e,4d,85,2c,b7,\
"??"=hex:26,74,35,20,47,ca,4a,e4,38,85,ae,36,04,14,68,15
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1128)
c:\programme\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(448)
c:\windows\system32\msi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Tobit ClipInc\Server\ClipInc-Server.exe
c:\programme\Cisco Systems\VPN Client\cvpnd.exe
c:\programme\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programme\AVG\AVG8\avgcsrvx.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\system32\nvsvc32.exe
c:\programme\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-08-22 16:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-08-22 14:03

Vor Suchlauf: 20 Verzeichnis(se), 138.074.333.184 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 138.062.487.552 Bytes frei

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
394 --- E O F --- 2009-08-17 20:55

Michi86 · 23.08.2009, 16:12

Ich push mal

Chris4You · 24.08.2009, 06:36

Hi,

Folgende Einträge sind immer noch da:
C:\WINDOWS\system32\kusewovi.dll
C:\WINDOWS\system32\wudepuve.dll

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\WINDOWS\system32\UAService7.exe (*Securom oder virus*)

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Also:
Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:

2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")

Code:

ATTFilter

Drivers to delete:
mtviaxz
qkkewwvh

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopOhi
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQjiGY
 
Files to delete:
C:\WINDOWS\system32\kusewovi.dll
C:\WINDOWS\system32\wudepuve.dll

3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!

Code:

ATTFilter

R3 - URLSearchHook: (no name) - - (no file)
O20 - Winlogon Notify: nnnopOhi - nnnopOhi.dll (file missing)
O20 - Winlogon Notify: urqQjiGY - urqQjiGY.dll (file missing)

Prevx:
http://www.prevx.com/freescan.asp
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

Chris

Michi86 · 24.08.2009, 18:37

Die UAService7.exe finde ich nicht.

Avenger-File:

Zitat:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "mtviaxz" deleted successfully.
Driver "qkkewwvh" deleted successfully.

Error: file "C:\WINDOWS\system32\kusewovi.dll" not found!
Deletion of file "C:\WINDOWS\system32\kusewovi.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\wudepuve.dll" not found!
Deletion of file "C:\WINDOWS\system32\wudepuve.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopOhi" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopOhi" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQjiGY" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQjiGY" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Bei HijackThis hab ich nur den ersten Eintrag "gefixed", die anderen beiden bei O20 existieren so nicht, anstattdessen steht dort:

Zitat:

O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

Mit der urqQjiGY.dll war mein Rechner vor ein paar Monaten mal "verseucht", hab diesen Prozess damals im Security Task Manager entdeckt und mit Avenger die Datei gelöscht. Der Prozess war dann noch beim Security Task Manager zu finden, jedoch unter der Anmerkung "Datei existiert nicht mehr". Jetzt taucht auch der Prozess nicht mehr auf.

Chris4You · 24.08.2009, 18:43

Hi,

klappt das fixen der beiden Einträge mit HJ?
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopOhi"

Sonst muß ich da ein Reg.-Script oder ein CF-Script basteln...

chris

Michi86 · 24.08.2009, 19:15

Zitat:

Zitat von Chris4You

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopOhi"

Hi,

was soll ich mit dieser Zeile machen

?

Die beiden O20 Einträge hab ich erfolgreich gefixed

Der Scan hat was gefunden, jpg ist angehängt.
Ich konnte das Fenster nicht größer machen, deshalb hab ich die ersten 7 Threats unten im jpg nochmal ausgeschrieben reinkopiert.

edit: hab grad neugestartet, da hat's mir einen 9. Threat angezeigt:

windowsshell.manifest in c:\windows\ (Medium Risk Malware)

Michi86 · 24.08.2009, 19:59

eBayShortcuts.exe

bei allen Scannern: Nichts gefunden

ebay.dll

ebay.dll - Jottis Malwarescanner

Michi86 · 24.08.2009, 20:10

Hab meine Antivirusmeldung angehängt, die bei Virustotal bei der ebay.dll kommt und auch bei der eBayShortcuts.exe
(also wahrscheinlich immer), und zwar egal ob ich auf den Permalink, "Analysiere die Datei" oder "Zeige die letzten Ergebnisse" klicke

Chris4You · 25.08.2009, 06:33

Hi,

das dachte ich mir schon, dass das ein false/positive ist...
Die angegebene IP (74.53.201.162) gehört allerdings eindeutig zu virustotal.com (http://www.robtex.com/ip/74.53.201.162.html).
Entweder liegt hier auch ein false/positiv vor, oder es ist den Hackern gelungen was auf den Server von Virustotal zu schmuggeln...

Teste den Link später mal mit Dr. Web...

Da die Meldung von Prevx ein f/p ist (lt. Threadexpert lässt sich das Modul allerdings auch Remote steuern) bleibt es Dir überlassen ob Du es löschen möchtest oder nicht. Was hast Du installiert? Es wird anscheinend bei der Installation des "Phonostar"-Players, des Audiograbbers SE mit installiert...

chris

Michi86 · 25.08.2009, 20:28

Wie "was habe ich installiert?"

Den Phonostar Player hab ich mal installiert, den Audiograbber auch (keine SE)

Bin ich ansonsten "fertig" mit der Bereinigung?

Dann sag ich vielen Dank und pass in Zukunft bissel besser auf.

Umleitung auf windowsclick.com , Programme funktionieren nicht etc.

Plagegeister aller Art und deren Bekämpfung: Umleitung auf windowsclick.com , Programme funktionieren nicht etc.